www.MegaLab.it

da **lenz10** » mer set 12, 2012 8:11 pm

Salve, quando sono su firefox il mio computer si chiude all'improvviso e mi appare la seguente scritta: Mozilla crash reporter firefox ha riscontrato un problema inatteso e si è chiuso. lo riavvio, e subito dopo il problema si presenta nuovamente . chiedo gentilmente se qualcuno può darmi una mano d'aiuto, grazie. qui di seguito riporto quello che c'è nel computer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.24.11, on 12/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\Brother\ControlCenter3\brccMCtl.exe
C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Update\NASvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 1e8c782ab7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 50.23.193.194 download.gameclub.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Programmi\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programmi\DealPly\DealPlyIE.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\XP\DATIAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programmi\Yontoo\YontooIEClient.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmi\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NBAgent] "C:\Programmi\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-602162358-152049171-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Programmi\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: OfferBox.lnk = C:\Programmi\OfferBox\OfferBox.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2539706328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA58407-56DD-4C15-8E4D-CB42CCA530EB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4147A2-1FB0-43CB-B1CD-8A101FC748C1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{38548319-CD93-4D18-A366-A8C744EB817C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58B2F76-F0B1-4081-AB18-0C0EF06699EA}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BA58407-56DD-4C15-8E4D-CB42CCA530EB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.138,93.188.160.18
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
O23 - Service: Servizio di controllo CryptoStorage (CSObjectsSrv) - Infowatch - C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Servizio di Google Update (gupdate1c9ae3cbf85af50) (gupdate1c9ae3cbf85af50) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Programmi\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programmi\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O24 - Desktop Component 0: (no name) - http://static.ak.fbcdn.net/rsrc.php/v1/ ... l244wt.png

--
End of file - 14102 bytes

da **crazy.cat** » gio set 13, 2012 4:02 am

Inizia a rimuovere questo
http://www.MegaLab.it/8144/come-rimuove ... i-computer
disinstalla tutte le toolbar che trovi nella lista applicazioni installate, poi fai una scansione con malwarebytes perché ci sono alcune schifezzuole varie.
Alla fine posta un nuovo log di hijackthis e vediamo come va.

da **lenz10** » gio set 13, 2012 9:49 pm

grazie per le indicazioni che mi hai dato, non sono molto esperto con il computer, e hoprovato a seguire le tue indicazioni. il computer sembra che funziona come prima, inoltre non capisco perché ci impiega un sacco di tempo ad avviarsi.. Non sono riuscito ad eliminare questa riga: O23 - Service: Pos Service: - PowerOfferService:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PosService\Pos.exe -intanto ti invio la situazione dopo i ritocchi e ancora grazie per la disponibilità.

C -Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.39.16, on 13/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Brother\ControlCenter3\brccMCtl.exe
C:\Programmi\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Update\NASvc.exe
C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 1e8c782ab7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 50.23.193.194 download.gameclub.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Programmi\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programmi\DealPly\DealPlyIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programmi\Yontoo\YontooIEClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NBAgent] "C:\Programmi\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-602162358-152049171-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Programmi\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: OfferBox.lnk = C:\Programmi\OfferBox\OfferBox.exe
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2539706328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BA58407-56DD-4C15-8E4D-CB42CCA530EB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4147A2-1FB0-43CB-B1CD-8A101FC748C1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{38548319-CD93-4D18-A366-A8C744EB817C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58B2F76-F0B1-4081-AB18-0C0EF06699EA}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BA58407-56DD-4C15-8E4D-CB42CCA530EB}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
O23 - Service: Servizio di controllo CryptoStorage (CSObjectsSrv) - Infowatch - C:\Programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Servizio di Google Update (gupdate1c9ae3cbf85af50) (gupdate1c9ae3cbf85af50) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Programmi\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Programmi\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O24 - Desktop Component 0: (no name) - http://static.ak.fbcdn.net/rsrc.php/v1/ ... l244wt.png

--
End of file - 11862 bytes

da **crazy.cat** » ven set 14, 2012 4:44 am

La riga non puoi cancellarla con hijackthis, l'importante è che disattivi i servizi in modo da non farli avviare, dopo ti lascia anche eliminare i file.
O23 - Service: Pos Service: - PowerOfferService:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PosService\Pos.exe -

Quanta ram hai nel pc? Kaspersky pure non è proprio un campione di leggerezza.

rifai la scansione e selezioni le caselle di queste righe e premi fix checked per eliminarle.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 1e8c782ab7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Programmi\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: OfferBox.lnk = C:\Programmi\OfferBox\OfferBox.exe

Se hai kaspersky, windows defender è inutile e lo puoi disattivare senza problemi, come anche questi altri programmi che non ti servono poi molto in avvio automatico.
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll (questo non so cosa sia, fai analizzare il file sul sito www.virustotal.com e vedi di cosa si tratta).

Servizi che si possono disattivare:
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe

da **lenz10** » ven set 14, 2012 8:24 am

salve, ieri dopo che ho postato la scansione, mi sono accorto che il programma PowerOffer mi era sfuggito e lo elliminato subito.poi ho eliminato anche altri programmi che non mi servivano più, non so cosa sia successo, ma non riuscivo ad connettermi ad internet. ho provato ad entrare nella connessione di rete e ho visto che c'era solo una icona mentre prima erano due,non so proprio cosa sia successo.

da **lenz10** » ven set 14, 2012 8:25 pm

salve, ho risolto il problema della connessione ad internet, poi ho cancellato tramite hijackthis quello che mi è stato indicato, però il problema sussiste ancora. preciso che si verifica con mozilla, mentre con google chrome non si verifica. A proposito il computer ha una ram Di 3 GB. Posto la nuova situazione,grazie e a presto.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.06.50, on 14/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Vtune\TBPanel.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 50.23.193.194 download.gameclub.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Programmi\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programmi\DealPly\DealPlyIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [TBPanel] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-602162358-152049171-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2539706328
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4147A2-1FB0-43CB-B1CD-8A101FC748C1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58B2F76-F0B1-4081-AB18-0C0EF06699EA}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate1c9ae3cbf85af50) (gupdate1c9ae3cbf85af50) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O24 - Desktop Component 0: (no name) - http://static.ak.fbcdn.net/rsrc.php/v1/ ... l244wt.png

--
End of file - 8232 bytes

da **stevens** » sab set 15, 2012 12:13 am

ciao se hai ancora questa cartella nel pc segnata in grassetto rimuovila al piu' presto

C:\Programmi\DealPly\DealPlyIE.dll

poi apri hjt e fixa queste righe

Codice: Seleziona tutto: R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O1 - Hosts: 50.23.193.194 download.gameclub.com O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programmi\DealPly\DealPlyIE.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4147A2-1FB0-43CB-B1CD-8A101FC748C1}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{D58B2F76-F0B1-4081-AB18-0C0EF06699EA}: NameServer = 176.31.229.24,176.31.229.25

imposta Ottieni indirizzo server DNS automaticamente

scarica adwcleaner clicca su delete e posta il log

a mio avviso dovresti eseguire anche una scansione con OTL per vedere se e' rimasta qualche traccia del patatrac che hai in quella macchina, poi ascolta il parere di crazy chat

download OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
Clicca su RUN SCAN
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt) che dovrai allegare e postare

da **crazy.cat** » sab set 15, 2012 5:12 am

Hai fatto analizzare questo file come ti avevo detto in precedenza?
O20 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll

Firefox lo puoi sempre disinstallare e reinstallare da zero, magari si è danneggiato qualcosa nel tuo profilo o in qualche estensione, con tutte le toolbar e schifezzuole varie che sono passate nel pc è possibile che si partito qualcosa.

da **lenz10** » dom set 16, 2012 6:12 pm

Salve, l'altro giorno ho dimenticato di dirvi che il file ( 020 - AppInit_DLLs: c:\progra~1\sprote~1\sprote~1.dll) con quel programma che avevi indicato non sono riuscito a vedere cosa sia. Il file (01 - Hosts: 50.23.193.194 download.gameclub.com) risulta bloccato dall'antivirus. qui di seguito metto il resto: 1)#

AdwCleaner v2.001 - Logfile created 09/15/2012 at 21:27:01
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : XP - UTENTE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\XP\Documenti\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Programmi\Mozilla FireFox\Components\AskHPRFF.js
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Programmi\Mozilla FireFox\searchplugins\fast.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\Tasks\GboxUpdaterLogonTask.job
File Deleted : C:\WINDOWS\Tasks\GboxUpdaterRefreshTask.job
File Deleted : C:\WINDOWS\Tasks\OfferBoxUpdate.job
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\GboxUpdater
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Premium
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Tarma Installer
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\Babylon
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\FissaSearch
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\freeTVRadio
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\Iminent
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\Media Finder
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\OfferBox
Folder Deleted : C:\Documents and Settings\XP\Dati applicazioni\Toolbar4
Folder Deleted : C:\Programmi\AutocompletePro
Folder Deleted : C:\Programmi\Babylon
Folder Deleted : C:\Programmi\Conduit
Folder Deleted : C:\Programmi\Fast Browser Search
Folder Deleted : C:\Programmi\freeTVRadio
Folder Deleted : C:\Programmi\Search Guard Plus
Folder Deleted : C:\Programmi\SweetIM

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\FBSearch
Key Deleted : HKCU\Software\freeTVRadio
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Spointer
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\TBSB07183
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BHO.PSHelper
Key Deleted : HKLM\SOFTWARE\Classes\BHO.PSHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.Spointer
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerCtrl
Key Deleted : HKLM\SOFTWARE\Classes\Freetvradio.SpointerWebDisp
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2102507
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2207609
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2447704
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\FissaSearch
Key Deleted : HKLM\Software\freeTVRadio
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\64B074831FB9EA045A886FDAD6C1D224
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Offerbox
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freetvradio@spointer.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-602162358-152049171-839522115-1010\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555 ... 1e8c782ab7 -->

hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [20205 octets] - [15/09/2012 21:27:01]

########## EOF - C:\AdwCleaner[S1].txt - [20266 octets] ##########
2)OTL Extras logfile created on: 15/09/2012 21.58.08 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\XP\Documenti\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 80,83% Memory free
4,84 Gb Paging File | 4,31 Gb Available in Paging File | 89,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 698,63 Gb Total Space | 535,00 Gb Free Space | 76,58% Space Free | Partition Type: NTFS

Computer Name: UTENTE | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58269:TCP" = 58269:TCP:*:Enabled:Pando Media Booster
"58269:UDP" = 58269:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"58929:TCP" = 58929:TCP:*:Enabled:Pando Media Booster
"58929:UDP" = 58929:UDP:*:Enabled:Pando Media Booster
"58377:TCP" = 58377:TCP:*:Enabled:Pando Media Booster
"58377:UDP" = 58377:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58269:TCP" = 58269:TCP:*:Enabled:Pando Media Booster
"58269:UDP" = 58269:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\TVAnts\Tvants.exe" = C:\Programmi\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Programmi\SopCast\adv\SopAdver.exe" = C:\Programmi\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (http://www.sopcast.com)
"C:\Programmi\SopCast\SopCast.exe" = C:\Programmi\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (http://www.sopcast.com)
"C:\Programmi\TVUPlayer\TVUPlayer.exe" = C:\Programmi\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Condivis. App. RTC -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programmi\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Programmi\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Programmi\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Programmi\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Programmi\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Programmi\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Programmi\Xfire\xfire.exe" = C:\Programmi\Xfire\xfire.exe:*:Enabled:Xfire
"C:\Documents and Settings\All Users\Dati applicazioni\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dati applicazioni\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Programmi\PPMate\ppmate.exe" = C:\Programmi\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Programmi\PPMate\ppamnet.exe" = C:\Programmi\PPMate\ppamnet.exe:*:Enabled:PPMate -- (ppmate)
"C:\Documents and Settings\XP\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\XP\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Documents and Settings\All Users\Dati applicazioni\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dati applicazioni\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\NMService.exe" = C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Documents and Settings\XP\Desktop\TeamSpeak\teamspeak3-server_win32\ts3server_win32.exe" = C:\Documents and Settings\XP\Desktop\TeamSpeak\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server
"C:\Programmi\Teamspeak2_RC2\server_windows.exe" = C:\Programmi\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
"C:\Programmi\VALVe\Counter-Strike Source\hl2.exe" = C:\Programmi\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2
"C:\Programmi\EA Sports\FIFA Online\NFE.exe" = C:\Programmi\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Programmi\Google\Google Earth\client\googleearth.exe" = C:\Programmi\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\XP\Desktop\Fakelogin-Facebook-MSNSCAN.COM\xampp\apache\bin\httpd.exe" = C:\Documents and Settings\XP\Desktop\Fakelogin-Facebook-MSNSCAN.COM\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Documents and Settings\XP\Desktop\Fakelogin-Facebook-MSNSCAN.COM\xampp\mysql\bin\mysqld.exe" = C:\Documents and Settings\XP\Desktop\Fakelogin-Facebook-MSNSCAN.COM\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server
"C:\Programmi\Point Blank Italia\PointBlank.exe" = C:\Programmi\Point Blank Italia\PointBlank.exe:*:Enabled:PointBlank
"C:\Programmi\Z8Games\CrossFire\CF_G4box.exe" = C:\Programmi\Z8Games\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader -- (G4box Inc.)
"Z:\game\FF2Client.exe" = Z:\game\FF2Client.exe:*:Enabled:FIFA ONLINE
"C:\Programmi\TeamViewer\Version6\TeamViewer.exe" = C:\Programmi\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programmi\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programmi\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\XP\Documenti\Download\crossfire_downloader.exe" = C:\Documents and Settings\XP\Documenti\Download\crossfire_downloader.exe:*:Enabled:CF_DOWNLOADER -- (BuddiePay Inc)
"C:\Programmi\GameSpy Arcade\Aphex.exe" = C:\Programmi\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
"C:\Programmi\ooVoo\ooVoo.exe" = C:\Programmi\ooVoo\ooVoo.exe:*:Disabled:ooVoo
"C:\Programmi\TeamViewer\Version7\TeamViewer.exe" = C:\Programmi\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programmi\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programmi\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programmi\YourFileDownloader\Downloader.exe" = C:\Programmi\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader
"C:\Programmi\YourFileDownloader\YourFile.exe" = C:\Programmi\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader
"C:\Programmi\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programmi\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000410-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{42AA83D1-43C3-4478-AF77-6523D60D0A7B}_is1" = PhotoMagick versione 1.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{657E27C5-F4C2-48BE-A5B5-FBED9827A91B}" = Microsoft Antimalware Service IT-IT Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{913C4C4F-9E3E-41A6-A614-1BDC1352A225}" = Special Effects Voices
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A4467C16-B334-4473-AE7C-BD9229E632D9}" = Windows Live Family Safety
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9A4DF3-727C-4F69-807A-B82566A36714}" = Trust WB-3400T Webcam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{FAE25249-B396-4828-B115-B02C590CF3A5}" = PatenteOk2007
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat Reader 3.02" = Adobe Acrobat Reader 3.02
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Cross Fire_is1" = Cross Fire En
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eMule" = eMule
"FormatFactory" = FormatFactory 2.50
"Fraps" = Fraps (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{BD9A4DF3-727C-4F69-807A-B82566A36714}" = Trust WB-3400T Webcam
"LG Internet Kit" = LG Internet Kit
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Mozilla Firefox 15.0.1 (x86 it)" = Mozilla Firefox 15.0.1 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Origin" = Origin
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"ppmate" = PPMate Network TV 2.3.3.6
"PunkBusterSvc" = PunkBuster Services
"Q828026" = Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"SProtector" = SProtector
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TomTom HOME" = TomTom HOME 2.8.2.2264
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.9.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"Vtune_is1" = Vtune 6.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2012 11.21.58 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 14/09/2012 11.35.30 | Computer Name = UTENTE | Source = Application Hang | ID = 1002
Description = Applicazione in stallo firefox.exe, versione 15.0.1.4631, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 14/09/2012 15.04.04 | Computer Name = UTENTE | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 14/09/2012 15.04.12 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 15/09/2012 9.19.34 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 15/09/2012 10.13.11 | Computer Name = UTENTE | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 15/09/2012 10.13.20 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 15/09/2012 13.58.25 | Computer Name = UTENTE | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 15/09/2012 13.58.34 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

Error - 15/09/2012 15.31.57 | Computer Name = UTENTE | Source = PowerOffer Upd Service | ID = 0
Description = Impossibile avviare il servizio. Handle non valido

[ System Events ]
Error - 15/09/2012 10.13.18 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7000
Description = Il servizio Cardex non è stato avviato per il seguente errore: %%183

Error - 15/09/2012 13.57.00 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio Driver Universal terminato con l'errore: %%126

Error - 15/09/2012 13.57.00 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio jmssdmyt terminato con l'errore: %%126

Error - 15/09/2012 13.57.00 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio Time Server terminato con l'errore: %%126

Error - 15/09/2012 13.58.24 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

Error - 15/09/2012 13.58.33 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7000
Description = Il servizio Cardex non è stato avviato per il seguente errore: %%183

Error - 15/09/2012 15.30.14 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio Driver Universal terminato con l'errore: %%126

Error - 15/09/2012 15.30.14 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio jmssdmyt terminato con l'errore: %%126

Error - 15/09/2012 15.30.14 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7023
Description = Servizio Time Server terminato con l'errore: %%126

Error - 15/09/2012 15.31.48 | Computer Name = UTENTE | Source = Service Control Manager | ID = 7022
Description = Servizio Serv Updater bloccato in partenza.

< End of report >
3)tion Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 80,83% Memory free
4,84 Gb Paging File | 4,31 Gb Available in Paging File | 89,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 698,63 Gb Total Space | 535,00 Gb Free Space | 76,58% Space Free | Partition Type: NTFS

Computer Name: UTENTE | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\XP\Documenti\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programmi\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avgu

spero di non aver dimenticato niete, grazie a presto.

da **Ale2695** » dom set 16, 2012 6:25 pm

Ricordo l'uso del tag MEMO per postare i log [^]

da **stevens** » dom set 16, 2012 7:25 pm

navighi su questo sito per caso? se non e' cosi' hai il virus Pando Media Booster

manca la prima parte di otl riesegui la scansione mi serve solo la prima parte > OTL non extras

da **lenz10** » dom set 16, 2012 10:33 pm

Salve, dimenticavo che il computer impiega un sacco di tempo ad avviarsi, presentando sullo schermo uno sfondo nero prima di essere pronto ad usarlo,. ecco la prima parte di olt.

OTL logfile created on: 16/09/2012 23.10.00 - Run 2
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\XP\Documenti\Download
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 76,99% Memory free
4,84 Gb Paging File | 4,23 Gb Available in Paging File | 87,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 698,63 Gb Total Space | 534,35 Gb Free Space | 76,49% Space Free | Partition Type: NTFS

Computer Name: UTENTE | User Name: XP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\XP\Documenti\Download\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Vtune\TBPANEL.exe ()

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Programmi\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA ()
MOD - C:\Programmi\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Programmi\Vtune\TBPANEL.exe ()
MOD - C:\Programmi\Vtune\TBMANAGE.DLL ()

========== Services (SafeList) ==========

SRV - (heksaey) -- C:\WINDOWS\system32\sfrmjcb.dll File not found
SRV - (fefnxwt) -- C:\WINDOWS\system32\sfrmjcb.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (acepkmvz) -- C:\WINDOWS\system32\sfrmjcb.dll File not found
SRV - (MozillaMaintenance) -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ServUpdater) -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe (ServiceUpd)
SRV - (nvUpdatusService) -- C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (McComponentHostService) -- C:\Programmi\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (XDva399) -- C:\WINDOWS\system32\XDva399.sys File not found
DRV - (XDva398) -- C:\WINDOWS\system32\XDva398.sys File not found
DRV - (XDva397) -- C:\WINDOWS\system32\XDva397.sys File not found
DRV - (XDva390) -- C:\WINDOWS\system32\XDva390.sys File not found
DRV - (XDva389) -- C:\WINDOWS\system32\XDva389.sys File not found
DRV - (XDva388) -- C:\WINDOWS\system32\XDva388.sys File not found
DRV - (XDva387) -- C:\WINDOWS\system32\XDva387.sys File not found
DRV - (XDva386) -- C:\WINDOWS\system32\XDva386.sys File not found
DRV - (XDva385) -- C:\WINDOWS\system32\XDva385.sys File not found
DRV - (XDva384) -- C:\WINDOWS\system32\XDva384.sys File not found
DRV - (XDva383) -- C:\WINDOWS\system32\XDva383.sys File not found
DRV - (XDva382) -- C:\WINDOWS\system32\XDva382.sys File not found
DRV - (XDva379) -- C:\WINDOWS\system32\XDva379.sys File not found
DRV - (XDva377) -- C:\WINDOWS\system32\XDva377.sys File not found
DRV - (XDva375) -- C:\WINDOWS\system32\XDva375.sys File not found
DRV - (XDva374) -- C:\WINDOWS\system32\XDva374.sys File not found
DRV - (XDva372) -- C:\WINDOWS\system32\XDva372.sys File not found
DRV - (XDva370) -- C:\WINDOWS\system32\XDva370.sys File not found
DRV - (XDva368) -- C:\WINDOWS\system32\XDva368.sys File not found
DRV - (XDva367) -- C:\WINDOWS\system32\XDva367.sys File not found
DRV - (XDva366) -- C:\WINDOWS\system32\XDva366.sys File not found
DRV - (XDva362) -- C:\WINDOWS\system32\XDva362.sys File not found
DRV - (XDva361) -- C:\WINDOWS\system32\XDva361.sys File not found
DRV - (XDva359) -- C:\WINDOWS\system32\XDva359.sys File not found
DRV - (XDva358) -- C:\WINDOWS\system32\XDva358.sys File not found
DRV - (XDva352) -- C:\WINDOWS\system32\XDva352.sys File not found
DRV - (XDva349) -- C:\WINDOWS\system32\XDva349.sys File not found
DRV - (XDva348) -- C:\WINDOWS\system32\XDva348.sys File not found
DRV - (XDva347) -- C:\WINDOWS\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\WINDOWS\system32\XDva346.sys File not found
DRV - (XDva345) -- C:\WINDOWS\system32\XDva345.sys File not found
DRV - (XDva344) -- C:\WINDOWS\system32\XDva344.sys File not found
DRV - (XDva343) -- C:\WINDOWS\system32\XDva343.sys File not found
DRV - (XDva342) -- C:\WINDOWS\system32\XDva342.sys File not found
DRV - (XDva341) -- C:\WINDOWS\system32\XDva341.sys File not found
DRV - (XDva337) -- C:\WINDOWS\system32\XDva337.sys File not found
DRV - (XDva336) -- C:\WINDOWS\system32\XDva336.sys File not found
DRV - (XDva332) -- C:\WINDOWS\system32\XDva332.sys File not found
DRV - (XDva327) -- C:\WINDOWS\system32\XDva327.sys File not found
DRV - (XDva326) -- C:\WINDOWS\system32\XDva326.sys File not found
DRV - (XDva323) -- C:\WINDOWS\system32\XDva323.sys File not found
DRV - (XDva321) -- C:\WINDOWS\system32\XDva321.sys File not found
DRV - (XDva317) -- C:\WINDOWS\system32\XDva317.sys File not found
DRV - (XDva315) -- C:\WINDOWS\system32\XDva315.sys File not found
DRV - (XDva310) -- C:\WINDOWS\system32\XDva310.sys File not found
DRV - (WDICA) -- File not found
DRV - (vproiah) -- system32\DRIVERS\vproiah.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (nielprt) -- system32\DRIVERS\nielprt.sys File not found
DRV - (NielGfx) -- system32\drivers\nielgfx.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (cpuz134) -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (USBSER34) -- C:\WINDOWS\system32\drivers\USBSER34.SYS (WCH)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (AtcL001) -- C:\WINDOWS\system32\drivers\atl01_xp.sys (Attansic Technology corporation.)
DRV - (PAC7311) -- C:\WINDOWS\system32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 2ab7%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 2ab7%7d&q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 2ab7%7d&q={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=kwtb&com ... 2ab7%7d&q={searchTerms}
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={19B89CF8-069D-4cad-8483-789D28B44721}
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{66EC6837-272F-4D7C-84D9-5249C4173085}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_it
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... rome_us&p={searchTerms}
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-152049171-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-602162358-152049171-839522115-1010\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programmi\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dati applicazioni\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Dati applicazioni\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Programmi\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmi\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Documents and Settings\XP\Desktop\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Documents and Settings\XP\Desktop\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Documents and Settings\XP\Desktop\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\toolbar@kiwee.com: C:\Programmi\Kiwee Toolbar\2.8.167\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\netsight@nielsen.com: C:\Programmi\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/14 21.48.24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2012/09/15 22.52.05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2012/09/14 21.48.40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/09/15 22.40.48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Extensions
[2009/05/20 21.13.01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2012/06/23 14.09.56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\extensions
[2012/09/13 23.26.48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\extensions\extensions
[2012/06/23 11.19.38 | 000,086,818 | ---- | M] () (No name found) -- C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012/09/15 22.52.05 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/09/09 19.05.23 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/09/09 19.05.23 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/09/09 19.05.23 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions\staged
[2012/09/06 03.26.03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2010/07/17 05.00.04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/14 21.48.01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programmi\mozilla firefox\plugins\nprpplugin.dll
[2012/09/06 06.44.22 | 000,001,393 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2012/09/06 06.44.22 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2012/09/06 06.44.22 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2009/11/19 22.34.12 | 000,003,700 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\fast.png
[2012/09/06 06.44.23 | 000,000,817 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2012/09/06 06.44.23 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/09/06 06.44.23 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://home.sweetim.com/?st=6&barid={8763788C-0B48-11DE-B3D5-001E8C782AB7}
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/02/22 21.58.23 | 000,000,862 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 50.23.193.194 download.gameclub.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Interest recogniser for Freetvradio (powered by Spointer)) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Programmi\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll File not found
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {55F58BEE-3FAD-46FE-BF11-887E3BB32A43} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {AAAA67A2-A41F-4C89-8810-92A916DC7996} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {55F58BEE-3FAD-46FE-BF11-887E3BB32A43} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {AAAA67A2-A41F-4C89-8810-92A916DC7996} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-152049171-839522115-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programmi\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TBPanel] C:\Programmi\Vtune\TBPanel.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-602162358-152049171-839522115-1004..\Run: [BitTorrent] "C:\Programmi\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-602162358-152049171-839522115-1004..\Run: [NexonEULauncher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-152049171-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-152049171-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 2539706328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E294BD-E037-4726-B64A-3CD53EB37C22}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - c:\Programmi\SProtector\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://static.ak.fbcdn.net/rsrc.php/v1/ ... l244wt.png
O24 - Desktop Components:1 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Firefox\Sfondo del desktop.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XP\Dati applicazioni\Mozilla\Firefox\Sfondo del desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 12.04.12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{71e81ecc-d2e8-11df-be4d-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{71e81ecc-d2e8-11df-be4d-005056c00008}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O33 - MountPoints2\{ca3fd5f8-4bba-11de-b591-001e8c782ab7}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3fd5f8-4bba-11de-b591-001e8c782ab7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{efbfee0c-bdc4-11e0-80fd-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{efbfee0c-bdc4-11e0-80fd-005056c00008}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012/09/16 23.05.59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\XP\Recent
[2012/09/15 22.52.05 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Maintenance Service
[2012/09/14 22.18.22 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/09/14 21.48.27 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\xing shared
[2012/09/14 17.38.00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dati applicazioni\Avira
[2012/09/14 17.32.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Avira
[2012/09/14 17.32.32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/09/14 17.32.30 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/09/14 17.32.30 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/09/14 17.32.29 | 000,000,000 | ---D | C] -- C:\Programmi\Avira
[2012/09/14 17.32.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Avira
[2012/09/14 17.16.02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\XP\Documenti\Passwords Database
[2012/09/14 17.05.40 | 000,038,656 | R--- | C] (Attansic Technology corporation.) -- C:\WINDOWS\System32\drivers\atl01_xp.sys
[2012/09/14 17.02.41 | 000,012,256 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys
[2012/09/14 17.02.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Vtune
[2012/09/14 17.02.40 | 000,000,000 | ---D | C] -- C:\Programmi\Vtune
[2012/09/13 23.59.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\PCHealth
[2012/09/13 21.59.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\CCleaner
[2012/09/13 21.59.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\cleaner
[2012/09/13 12.05.24 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\XP\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/13 12.05.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dati applicazioni\Malwarebytes
[2012/09/13 12.04.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2012/09/12 22.26.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dati applicazioni\Origin
[2012/09/12 22.26.09 | 000,000,000 | ---D | C] -- C:\Programmi\Origin Games
[2012/09/12 22.26.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Origin
[2012/09/12 22.22.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Origin
[2012/09/12 22.22.44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Origin
[2012/09/12 22.22.30 | 000,000,000 | ---D | C] -- C:\Programmi\Origin
[2012/09/12 20.22.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\copia computer
[2012/09/12 20.21.26 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2012/09/12 20.21.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Menu Avvio\Programmi\HiJackThis
[2012/09/10 21.18.23 | 000,000,000 | R--D | C] -- C:\Backup
[2012/09/10 21.17.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/09/10 21.16.53 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/09/10 21.16.52 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/09/10 21.16.09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
[2012/09/09 19.05.23 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2012/09/04 09.36.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\colore porta finestre
[2012/09/03 18.40.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\foto angela
[2012/08/19 21.55.54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\XP\Desktop\roberto
[2012/08/19 21.14.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\Nero
[2012/08/17 20.05.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\tunis
[2012/07/27 16.45.45 | 000,000,000 | ---D | C] -- C:\D
[2012/07/24 21.10.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\films
[2012/07/23 12.36.17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Dati applicazioni\YourFileDownloader
[2012/07/23 07.06.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Nuova cartella 4
[2012/07/22 21.06.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\Nuova cartella 3
[2012/07/22 20.59.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XP\Desktop\angela usb
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/09/16 23.08.35 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2012/09/16 23.04.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/16 22.44.00 | 000,001,230 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-152049171-839522115-1004UA.job
[2012/09/16 22.28.27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/16 22.13.13 | 000,533,484 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/09/16 22.13.13 | 000,485,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/16 22.13.13 | 000,095,326 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/09/16 22.13.13 | 000,081,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/16 21.27.00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/16 12.12.54 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Tag già presente.url
[2012/09/15 22.52.07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/15 21.15.04 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-152049171-839522115-1004.job
[2012/09/15 21.15.04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-152049171-839522115-1004.job
[2012/09/15 21.12.05 | 000,000,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2012/09/15 15.44.02 | 000,001,178 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-152049171-839522115-1004Core.job
[2012/09/14 21.48.36 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/09/14 21.48.16 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/09/14 21.47.59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/09/14 21.47.59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/09/14 21.47.56 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/09/14 21.35.01 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 19.41.46 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\HiJackThis.lnk
[2012/09/14 18.04.00 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 17.32.43 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\XP\Documenti\Avira Control Center.lnk
[2012/09/14 17.10.44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/14 17.04.33 | 000,015,121 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/09/13 21.59.43 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/13 21.56.31 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Search the Web.url
[2012/09/13 12.04.02 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\XP\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/12 22.22.44 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2012/09/12 10.13.44 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\XP\Documenti\HiJackThis.msi
[2012/09/10 21.19.03 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\WebpageIcons.db
[2012/09/10 21.13.30 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/04 21.46.31 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Google Chrome.lnk
[2012/08/29 15.09.20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/15 16.27.48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/15 16.27.47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/24 21.17.37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\XP\Desktop\Risorse del computer.lnk
[2012/07/23 16.01.33 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/16 13.50.57 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\IMG_0036.bmp
[2012/09/16 12.12.54 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Tag già presente.url
[2012/09/15 22.52.07 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Mozilla Firefox.lnk
[2012/09/15 22.52.07 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/14 22.16.37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/14 22.16.37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/14 21.48.36 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/09/14 21.11.30 | 000,002,327 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Google Chrome.lnk
[2012/09/14 17.32.43 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\XP\Documenti\Avira Control Center.lnk
[2012/09/14 17.12.51 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2012/09/14 17.04.32 | 000,015,121 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/09/13 21.59.43 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/13 21.56.31 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Search the Web.url
[2012/09/12 22.22.44 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk
[2012/09/12 20.21.26 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\HiJackThis.lnk
[2012/09/12 20.20.56 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\XP\Documenti\HiJackThis.msi
[2012/09/10 21.19.02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\WebpageIcons.db
[2012/07/24 21.17.37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\XP\Desktop\Risorse del computer.lnk
[2012/07/23 12.36.19 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\Your File Updater.job
[2012/06/23 20.01.13 | 000,270,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-602162358-152049171-839522115-1004-0.dat
[2012/06/23 16.11.23 | 000,270,094 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2012/06/17 18.02.21 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2011/08/29 14.28.02 | 000,001,017 | ---- | C] () -- C:\WINDOWS\FOE2.ini
[2011/07/22 19.52.08 | 000,000,058 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/21 07.01.00 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/10/12 12.44.34 | 000,285,712 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/12 12.44.31 | 000,285,712 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/12 12.44.31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/03 17.58.54 | 000,138,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/03 17.58.53 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\XP\Dati applicazioni\PnkBstrK.sys
[2010/10/03 17.58.34 | 000,214,592 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/10/03 17.58.34 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/10/03 17.58.32 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/04/25 13.39.59 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\XP\UnifiedToolbarCleanup.bat
[2010/03/30 22.09.10 | 000,231,065 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\faslmx_nav.dat
[2010/03/30 22.09.10 | 000,003,299 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\faslmx.dat
[2010/03/30 22.09.10 | 000,002,450 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\faslmx_navps.dat
[2009/01/23 21.23.27 | 000,198,656 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 22.14.17 | 000,284,850 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\yldjc_nav.dat
[2009/01/21 21.51.52 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\XP\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== LOP Check ==========

[2012/06/18 19.17.55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
[2012/09/13 23.31.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Electronic Arts
[2009/07/31 17.19.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2009/03/11 17.03.09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IM
[2009/03/11 17.02.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
[2010/02/17 21.10.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\IObit
[2010/06/29 21.20.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nexon
[2010/06/10 11.19.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NexonEU
[2009/10/25 21.00.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NexonUS
[2012/09/12 22.27.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Origin
[2009/08/17 17.19.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
[2009/08/17 17.21.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle VideoSpin
[2009/02/25 18.13.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
[2010/08/08 17.35.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Screaming Bee
[2010/04/28 15.47.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Sony
[2011/07/02 14.05.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2010/09/01 09.41.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Tencent
[2009/05/20 21.13.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
[2010/01/10 23.08.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
[2009/07/12 23.51.00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/01/10 23.08.17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/12 21.28.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\TuneUp Software
[2011/09/19 20.37.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\ts3overlay
[2012/04/05 22.38.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\BitTorrent
[2009/03/11 18.36.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\FunkyEmoticons
[2011/08/19 21.29.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\GetRightToGo
[2010/02/17 11.16.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\IObit
[2009/03/07 22.10.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\live-player
[2011/07/23 13.53.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Need for Speed World
[2012/06/30 19.02.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\ooVoo Details
[2012/09/12 22.27.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Origin
[2009/02/01 18.58.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\PC-FAX TX
[2011/05/06 20.10.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\PointBlank
[2010/01/06 15.53.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\PPMate
[2010/07/20 15.08.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Publish Providers
[2010/07/20 22.53.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\ScanSoft
[2010/08/08 17.29.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Screaming Bee
[2010/07/20 15.08.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Sony
[2010/04/28 15.35.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Sony Setup
[2012/07/17 21.38.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\TeamViewer
[2010/09/01 09.41.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\Tencent
[2009/05/20 21.13.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\TomTom
[2011/05/23 21.08.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\TS3Client
[2011/08/31 21.23.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\ts3overlay
[2009/07/12 17.23.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\TuneUp Software
[2012/04/05 21.11.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\uTorrent
[2009/08/16 17.14.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\WeGame
[2012/07/23 12.36.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\XP\Dati applicazioni\YourFileDownloader
[2004/08/19 14.00.00 | 000,000,004 | -HS- | M] () -- C:\WINDOWS\Tasks\FOLDER.TSX
[2012/07/23 16.01.33 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\Your File Updater.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/06/29 21.20.56 | 000,000,000 | ---D | M](C:\Documents and Settings\XP\Documenti\?? ???) -- C:\Documents and Settings\XP\Documenti\넥슨 플러그
[2010/06/29 21.20.56 | 000,000,000 | ---D | C](C:\Documents and Settings\XP\Documenti\?? ???) -- C:\Documents and Settings\XP\Documenti\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:8CE646EE

< End of report >

spero di non sbagliare ad usare la funzione memo, grazie ancora a presto

da **stevens** » lun set 17, 2012 12:34 am

ci sono delle cartelle che non mi azzardo a rimuovere vediamo cosa dice combofix oltretutto dovresti essere infetto da quel virus se non e' un sito a te conosciuto

scarica combofix

quando te lo chiede non installare la recovery console e lascia lavorare il programma senza interferire

Allega il rapporto C:\ComboFix.txt nella tua risposta.

da **lenz10** » lun set 17, 2012 8:12 pm

Salve, allego la scansione fatta con il programma combofix. preciso che firefox da ieri non si blocca più, rimane ripetto l'avvio molto lungo dove si vedono le icone con il sottofondo nero, una volta avviato compare sulla parte bassa del monitor una finestrella che dice che il computer è esposto a richio, nussun firewal attivato, a presto grazie-

ComboFix 12-09-16.01 - XP 17/09/2012 20.55.52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3071.2461 [GMT 2:00]
Eseguito da: c:\documents and settings\XP\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00200000-EE94-0012-94EE-120094EE1200}
AV: AntiVir Desktop *Enabled/Updated* {458BD2A0-D054-458B-0081-000090C58B45}
AV: Avira Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000000000000}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100715.txt
c:\cflog\CrashLog_20100717.txt
c:\cflog\CrashLog_20100720.txt
c:\cflog\CrashLog_20100721.txt
c:\cflog\CrashLog_20100723.txt
c:\cflog\CrashLog_20100724.txt
c:\cflog\CrashLog_20100725.txt
c:\cflog\CrashLog_20100730.txt
c:\cflog\CrashLog_20100802.txt
c:\cflog\CrashLog_20100803.txt
c:\cflog\CrashLog_20100804.txt
c:\cflog\CrashLog_20100805.txt
c:\cflog\CrashLog_20100806.txt
c:\cflog\CrashLog_20100808.txt
c:\cflog\CrashLog_20100809.txt
c:\cflog\CrashLog_20100810.txt
c:\cflog\CrashLog_20100812.txt
c:\cflog\CrashLog_20100813.txt
c:\cflog\CrashLog_20100814.txt
c:\cflog\CrashLog_20100815.txt
c:\cflog\CrashLog_20100816.txt
c:\cflog\CrashLog_20100818.txt
c:\cflog\CrashLog_20100819.txt
c:\cflog\CrashLog_20100821.txt
c:\cflog\CrashLog_20100822.txt
c:\cflog\CrashLog_20100823.txt
c:\cflog\CrashLog_20100824.txt
c:\cflog\CrashLog_20100825.txt
c:\cflog\CrashLog_20100826.txt
c:\cflog\CrashLog_20100828.txt
c:\cflog\CrashLog_20100831.txt
c:\cflog\CrashLog_20100901.txt
c:\cflog\CrashLog_20100902.txt
c:\cflog\CrashLog_20100903.txt
c:\cflog\CrashLog_20100905.txt
c:\cflog\CrashLog_20100906.txt
c:\cflog\CrashLog_20100907.txt
c:\cflog\CrashLog_20100908.txt
c:\cflog\CrashLog_20100909.txt
c:\cflog\CrashLog_20100910.txt
c:\cflog\CrashLog_20100911.txt
c:\cflog\CrashLog_20100913.txt
c:\cflog\CrashLog_20100914.txt
c:\cflog\CrashLog_20100915.txt
c:\cflog\CrashLog_20100916.txt
c:\cflog\CrashLog_20100917.txt
c:\cflog\CrashLog_20100918.txt
c:\cflog\CrashLog_20100929.txt
c:\cflog\CrashLog_20100930.txt
c:\cflog\CrashLog_20101002.txt
c:\cflog\CrashLog_20101003.txt
c:\cflog\CrashLog_20101005.txt
c:\cflog\CrashLog_20101007.txt
c:\cflog\CrashLog_20101012.txt
c:\cflog\CrashLog_20101014.txt
c:\cflog\CrashLog_20101015.txt
c:\cflog\CrashLog_20101018.txt
c:\cflog\CrashLog_20101022.txt
c:\cflog\CrashLog_20101024.txt
c:\cflog\CrashLog_20101025.txt
c:\cflog\CrashLog_20101026.txt
c:\cflog\CrashLog_20101027.txt
c:\cflog\CrashLog_20101028.txt
c:\cflog\CrashLog_20101029.txt
c:\cflog\CrashLog_20101101.txt
c:\cflog\CrashLog_20101102.txt
c:\cflog\CrashLog_20101103.txt
c:\cflog\CrashLog_20101104.txt
c:\cflog\CrashLog_20101105.txt
c:\cflog\CrashLog_20101106.txt
c:\cflog\CrashLog_20101107.txt
c:\cflog\CrashLog_20101109.txt
c:\cflog\CrashLog_20101111.txt
c:\cflog\CrashLog_20101112.txt
c:\cflog\CrashLog_20101114.txt
c:\cflog\CrashLog_20101115.txt
c:\cflog\CrashLog_20101117.txt
c:\cflog\CrashLog_20101118.txt
c:\cflog\CrashLog_20101119.txt
c:\cflog\CrashLog_20101120.txt
c:\cflog\CrashLog_20101121.txt
c:\cflog\CrashLog_20101122.txt
c:\cflog\CrashLog_20101123.txt
c:\cflog\CrashLog_20101125.txt
c:\cflog\CrashLog_20101127.txt
c:\cflog\CrashLog_20101130.txt
c:\cflog\CrashLog_20101201.txt
c:\cflog\CrashLog_20101202.txt
c:\cflog\CrashLog_20101203.txt
c:\cflog\CrashLog_20101204.txt
c:\cflog\CrashLog_20101205.txt
c:\cflog\CrashLog_20101207.txt
c:\cflog\CrashLog_20101209.txt
c:\cflog\CrashLog_20101214.txt
c:\cflog\CrashLog_20101217.txt
c:\cflog\CrashLog_20101220.txt
c:\cflog\CrashLog_20101221.txt
c:\cflog\CrashLog_20101222.txt
c:\cflog\CrashLog_20101225.txt
c:\cflog\CrashLog_20101226.txt
c:\cflog\CrashLog_20101227.txt
c:\cflog\CrashLog_20101230.txt
c:\cflog\CrashLog_20110103.txt
c:\cflog\CrashLog_20110105.txt
c:\cflog\CrashLog_20110106.txt
c:\cflog\CrashLog_20110119.txt
c:\cflog\CrashLog_20110120.txt
c:\cflog\CrashLog_20110123.txt
c:\cflog\CrashLog_20110206.txt
c:\cflog\CrashLog_20110207.txt
c:\cflog\CrashLog_20110211.txt
c:\cflog\CrashLog_20110212.txt
c:\cflog\CrashLog_20110213.txt
c:\cflog\CrashLog_20110214.txt
c:\cflog\CrashLog_20110216.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110219.txt
c:\cflog\CrashLog_20110220.txt
c:\cflog\CrashLog_20110222.txt
c:\cflog\CrashLog_20110223.txt
c:\cflog\CrashLog_20110224.txt
c:\cflog\CrashLog_20110225.txt
c:\cflog\CrashLog_20110227.txt
c:\cflog\CrashLog_20110304.txt
c:\cflog\CrashLog_20110306.txt
c:\cflog\CrashLog_20110307.txt
c:\cflog\CrashLog_20110308.txt
c:\cflog\CrashLog_20110313.txt
c:\cflog\CrashLog_20110316.txt
c:\cflog\CrashLog_20110317.txt
c:\cflog\CrashLog_20110321.txt
c:\cflog\CrashLog_20110322.txt
c:\cflog\CrashLog_20110324.txt
c:\cflog\CrashLog_20110327.txt
c:\cflog\CrashLog_20110329.txt
c:\cflog\CrashLog_20110331.txt
c:\cflog\CrashLog_20110402.txt
c:\cflog\CrashLog_20110403.txt
c:\cflog\CrashLog_20110409.txt
c:\cflog\CrashLog_20110410.txt
c:\cflog\CrashLog_20110411.txt
c:\cflog\CrashLog_20110413.txt
c:\cflog\CrashLog_20110415.txt
c:\cflog\CrashLog_20110417.txt
c:\cflog\CrashLog_20110419.txt
c:\cflog\CrashLog_20110422.txt
c:\cflog\CrashLog_20110425.txt
c:\cflog\CrashLog_20110426.txt
c:\cflog\CrashLog_20110427.txt
c:\cflog\CrashLog_20110428.txt
c:\cflog\CrashLog_20110429.txt
c:\cflog\CrashLog_20110430.txt
c:\cflog\CrashLog_20110501.txt
c:\cflog\CrashLog_20110503.txt
c:\cflog\CrashLog_20110506.txt
c:\cflog\CrashLog_20110507.txt
c:\cflog\CrashLog_20110508.txt
c:\cflog\CrashLog_20110509.txt
c:\cflog\CrashLog_20110526.txt
c:\cflog\CrashLog_20110527.txt
c:\cflog\CrashLog_20110601.txt
c:\cflog\CrashLog_20110608.txt
c:\cflog\CrashLog_20110611.txt
c:\cflog\CrashLog_20110613.txt
c:\cflog\CrashLog_20110614.txt
c:\cflog\CrashLog_20110617.txt
c:\cflog\CrashLog_20110620.txt
c:\cflog\CrashLog_20110622.txt
c:\cflog\CrashLog_20110623.txt
c:\cflog\CrashLog_20110624.txt
c:\cflog\CrashLog_20110625.txt
c:\cflog\CrashLog_20110627.txt
c:\cflog\CrashLog_20110628.txt
c:\cflog\CrashLog_20110629.txt
c:\cflog\CrashLog_20110701.txt
c:\cflog\CrashLog_20110702.txt
c:\cflog\CrashLog_20110707.txt
c:\cflog\CrashLog_20110708.txt
c:\cflog\CrashLog_20110709.txt
c:\cflog\CrashLog_20110712.txt
c:\cflog\CrashLog_20110713.txt
c:\cflog\CrashLog_20110714.txt
c:\cflog\CrashLog_20110720.txt
c:\cflog\CrashLog_20110721.txt
c:\cflog\CrashLog_20110722.txt
c:\cflog\CrashLog_20110723.txt
c:\cflog\CrashLog_20110724.txt
c:\cflog\CrashLog_20110725.txt
c:\cflog\CrashLog_20110727.txt
c:\cflog\CrashLog_20110728.txt
c:\cflog\CrashLog_20110730.txt
c:\cflog\CrashLog_20110731.txt
c:\cflog\CrashLog_20110802.txt
c:\cflog\CrashLog_20110803.txt
c:\cflog\CrashLog_20110804.txt
c:\cflog\CrashLog_20110805.txt
c:\cflog\CrashLog_20110807.txt
c:\cflog\CrashLog_20110808.txt
c:\cflog\CrashLog_20110812.txt
c:\cflog\CrashLog_20110813.txt
c:\cflog\CrashLog_20110816.txt
c:\cflog\CrashLog_20110822.txt
c:\cflog\CrashLog_20110825.txt
c:\cflog\CrashLog_20110828.txt
c:\cflog\CrashLog_20110829.txt
c:\cflog\CrashLog_20110830.txt
c:\cflog\CrashLog_20110905.txt
c:\cflog\CrashLog_20110906.txt
c:\cflog\CrashLog_20110907.txt
c:\cflog\CrashLog_20110910.txt
c:\cflog\CrashLog_20110921.txt
c:\cflog\CrashLog_20110923.txt
c:\cflog\CrashLog_20110925.txt
c:\cflog\CrashLog_20110926.txt
c:\cflog\CrashLog_20111011.txt
c:\cflog\CrashLog_20120622.txt
c:\cflog\CrashLog_20120623.txt
c:\cflog\CrashLog_20120624.txt
c:\cflog\CrashLog_20120625.txt
c:\cflog\CrashLog_20120629.txt
c:\cflog\CrashLog_20120630.txt
c:\cflog\CrashLog_20120702.txt
c:\cflog\CrashLog_20120703.txt
c:\cflog\CrashLog_20120704.txt
c:\cflog\CrashLog_20120705.txt
c:\cflog\CrashLog_20120706.txt
c:\cflog\CrashLog_20120709.txt
c:\cflog\CrashLog_20120710.txt
c:\cflog\CrashLog_20120714.txt
c:\cflog\CrashLog_20120716.txt
c:\cflog\CrashLog_20120717.txt
c:\cflog\CrashLog_20120723.txt
c:\cflog\CrashLog_20120725.txt
c:\cflog\CrashLog_20120727.txt
c:\cflog\CrashLog_20120806.txt
c:\cflog\CrashLog_20120812.txt
c:\cflog\CrashLog_20120816.txt
c:\cflog\CrashLog_20120818.txt
c:\cflog\CrashLog_20120820.txt
c:\cflog\CrashLog_20120822.txt
c:\cflog\CrashLog_20120824.txt
c:\cflog\CrashLog_20120903.txt
c:\cflog\CrashLog_20120904.txt
c:\cflog\CrashLog_20120910.txt
c:\cflog\EPLog.txt
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\XP\Documenti\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\faslmx.dat
c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\faslmx_nav.dat
c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\faslmx_navps.dat
c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\yldjc_nav.dat
c:\documents and settings\XP\WINDOWS
C:\install.exe
C:\mtwb.dat
c:\programmi\QUAD Utilities
c:\windows\IsUn0410.exe
c:\windows\kmed.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-17 al 2012-09-17 )))))))))))))))))))))))))))))))))))
.
.
2012-09-15 20:52 . 2012-09-15 20:52 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-09-14 20:18 . 2012-07-02 17:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-14 20:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-14 20:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-14 19:48 . 2012-09-14 19:48 -------- d-----w- c:\programmi\File comuni\xing shared
2012-09-14 15:38 . 2012-09-14 15:38 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Avira
2012-09-14 15:32 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-14 15:32 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-14 15:32 . 2012-09-14 15:32 -------- d-----w- c:\programmi\Avira
2012-09-14 15:32 . 2012-09-14 15:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-09-14 15:05 . 2007-03-15 14:12 38656 ----a-r- c:\windows\system32\drivers\atl01_xp.sys
2012-09-14 15:02 . 2007-03-16 08:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2012-09-14 15:02 . 2012-09-14 15:02 -------- d-----w- c:\programmi\Vtune
2012-09-13 21:59 . 2012-09-13 21:59 -------- d-----w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\PCHealth
2012-09-13 10:05 . 2012-09-13 10:05 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Malwarebytes
2012-09-13 10:04 . 2012-09-13 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-09-12 20:26 . 2012-09-12 20:27 -------- d-----w- c:\documents and settings\XP\Dati applicazioni\Origin
2012-09-12 20:26 . 2012-09-12 20:27 -------- d-----w- c:\programmi\Origin Games
2012-09-12 20:26 . 2012-09-12 20:26 -------- d-----w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\Origin
2012-09-12 20:22 . 2012-09-12 20:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Origin
2012-09-12 20:22 . 2012-09-12 20:26 -------- d-----w- c:\programmi\Origin
2012-09-12 18:21 . 2012-09-12 18:21 -------- d-----w- c:\programmi\Trend Micro
2012-09-10 19:18 . 2012-09-10 19:18 -------- d-----r- C:\Backup
2012-09-10 19:16 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-09-10 19:16 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-09-10 19:16 . 2012-09-14 15:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2012-08-19 19:14 . 2012-08-19 19:19 -------- d-----w- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\Nero
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 19:47 . 2009-01-21 20:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-15 14:27 . 2012-04-01 09:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:27 . 2011-05-26 16:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-01-21 10:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2004-08-19 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-19 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-25 09:23 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-23 10:02 . 2012-06-23 10:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-06 01:26 . 2012-09-15 20:52 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-13 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-13 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-13 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\i386\regedit.exe
[-] 2008-04-13 . AAA621C010DADDF653DB1854C8825D57 . 229376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-19 . 2452458A26C4DD00E68F060870317675 . 151552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\programmi\Vtune\TBPanel.exe" [2008-01-29 2150400]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-14 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"BrMfcWnd"=c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programmi\\PPMate\\ppamnet.exe"=
"c:\\Documents and Settings\\XP\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Z8Games\\CrossFire\\CF_G4box.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\XP\\Documenti\\Download\\crossfire_downloader.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58929:TCP"= 58929:TCP:Pando Media Booster
"58929:UDP"= 58929:UDP:Pando Media Booster
"58377:TCP"= 58377:TCP:Pando Media Booster
"58377:UDP"= 58377:UDP:Pando Media Booster
"58269:TCP"= 58269:TCP:Pando Media Booster
"58269:UDP"= 58269:UDP:Pando Media Booster
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14/09/2012 17.32.30 36000]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [14/09/2012 17.32.31 86224]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [21/08/2010 13.10.31 20328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/01/2012 13.32.47 2253120]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [14/09/2012 17.05.40 38656]
R3 PAC7311;Trust WB-3400T Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14/03/2007 11.57.56 449024]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys -->

c:\windows\system32\DRIVERS\nielprt.sys [?]

S2 acepkmvz;Driver Universal;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 fefnxwt;jmssdmyt;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 gupdate1c9ae3cbf85af50;Servizio di Google Update (gupdate1c9ae3cbf85af50);c:\programmi\Google\Update\GoogleUpdate.exe [26/03/2009 20.00.28 133104]
S2 heksaey;Time Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S2 ServUpdater;Serv Updater;c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [16/07/2012 18.40.32 156160]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [21/01/2009 22.01.21 2831232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 11.57.44 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys -->

c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [26/03/2009 20.00.28 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\3.0.207\McCHSvc.exe [17/06/2011 19.33.04 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [15/09/2012 22.52.05 114144]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys -->

c:\windows\system32\drivers\nielgfx.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service -->

c:\windows\system32\GameMon.des -service [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [22/01/2009 19.42.05 272128]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/07/2010 14.21.14 34896]
S3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [03/11/2009 23.39.19 37456]
S3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys -->

c:\windows\system32\DRIVERS\vproiah.sys [?]

S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys -->

c:\windows\system32\XDva310.sys [?]

S3 XDva315;XDva315;\??\c:\windows\system32\XDva315.sys -->

c:\windows\system32\XDva315.sys [?]

S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys -->

c:\windows\system32\XDva317.sys [?]

S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys -->

c:\windows\system32\XDva321.sys [?]

S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys -->

c:\windows\system32\XDva323.sys [?]

S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys -->

c:\windows\system32\XDva326.sys [?]

S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys -->

c:\windows\system32\XDva327.sys [?]

S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys -->

c:\windows\system32\XDva332.sys [?]

S3 XDva336;XDva336;\??\c:\windows\system32\XDva336.sys -->

c:\windows\system32\XDva336.sys [?]

S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys -->

c:\windows\system32\XDva337.sys [?]

S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys -->

c:\windows\system32\XDva341.sys [?]

S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys -->

c:\windows\system32\XDva342.sys [?]

S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys -->

c:\windows\system32\XDva343.sys [?]

S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys -->

c:\windows\system32\XDva344.sys [?]

S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys -->

c:\windows\system32\XDva345.sys [?]

S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys -->

c:\windows\system32\XDva346.sys [?]

S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys -->

c:\windows\system32\XDva347.sys [?]

S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys -->

c:\windows\system32\XDva348.sys [?]

S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys -->

c:\windows\system32\XDva349.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys -->

c:\windows\system32\XDva352.sys [?]

S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys -->

c:\windows\system32\XDva358.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys -->

c:\windows\system32\XDva359.sys [?]

S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys -->

c:\windows\system32\XDva361.sys [?]

S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys -->

c:\windows\system32\XDva362.sys [?]

S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys -->

c:\windows\system32\XDva366.sys [?]

S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys -->

c:\windows\system32\XDva367.sys [?]

S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys -->

c:\windows\system32\XDva368.sys [?]

S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys -->

c:\windows\system32\XDva370.sys [?]

S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys -->

c:\windows\system32\XDva372.sys [?]

S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys -->

c:\windows\system32\XDva374.sys [?]

S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys -->

c:\windows\system32\XDva375.sys [?]

S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys -->

c:\windows\system32\XDva377.sys [?]

S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys -->

c:\windows\system32\XDva379.sys [?]

S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys -->

c:\windows\system32\XDva382.sys [?]

S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys -->

c:\windows\system32\XDva383.sys [?]

S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys -->

c:\windows\system32\XDva384.sys [?]

S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys -->

c:\windows\system32\XDva385.sys [?]

S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys -->

c:\windows\system32\XDva386.sys [?]

S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys -->

c:\windows\system32\XDva387.sys [?]

S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys -->

c:\windows\system32\XDva388.sys [?]

S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys -->

c:\windows\system32\XDva389.sys [?]

S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys -->

c:\windows\system32\XDva390.sys [?]

S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys -->

c:\windows\system32\XDva397.sys [?]

S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys -->

c:\windows\system32\XDva398.sys [?]

S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys -->

c:\windows\system32\XDva399.sys [?]

.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fefnxwt
acepkmvz
heksaey
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 14:27]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-26 18:00]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-26 18:00]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-152049171-839522115-1004Core.job
- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-12-16 10:19]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-152049171-839522115-1004UA.job
- c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-12-16 10:19]
.
2010-08-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-09-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-152049171-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-09-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-152049171-839522115-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\XP\Dati applicazioni\Mozilla\Firefox\Profiles\d7jp5i3j.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-NexonEULauncher - (no file)
HKCU-Run-BitTorrent - c:\programmi\BitTorrent\BitTorrent.exe
AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0410.EXE
AddRemove-TomTom HOME - c:\documents and settings\XP\Desktop\tomtom\TomTom HOME 2\Uninstall TomTom HOME.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 20:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2012-09-17 21:00:42
ComboFix-quarantined-files.txt 2012-09-17 19:00
.
Pre-Run: 573.504.638.976 byte disponibili
Post-Run: 574.462.455.808 byte disponibili
.
- - End Of File - - F2B040F0169E8E56C711A53C8316B449

da **stevens** » lun set 17, 2012 8:26 pm

sei pieno di infezioni, ora devo prepararti una procedura di eliminazione tramite uno script che dopo dovrai eseguire

nel frattempo fai questa scansione

scarica TDSSKiller sul desktop ed estrai il contenuto

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo

da **stevens** » lun set 17, 2012 9:19 pm

quella scansione falla dopo adesso apri il Blocco Note copia e incolla questa righe

Codice: Seleziona tutto: File:: c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe c:\windows\system32\DRIVERS\vproiah.sys c:\windows\system32\XDva310.sys c:\windows\system32\XDva315.sys c:\windows\system32\XDva317.sys c:\windows\system32\XDva321.sys c:\windows\system32\XDva323.sys c:\windows\system32\XDva326.sys c:\windows\system32\XDva327.sys c:\windows\system32\XDva332.sys c:\windows\system32\XDva336.sys c:\windows\system32\XDva337.sys c:\windows\system32\XDva341.sys c:\windows\system32\XDva342.sys c:\windows\system32\XDva343.sys c:\windows\system32\XDva344.sys c:\windows\system32\XDva345.sys c:\windows\system32\XDva346.sys c:\windows\system32\XDva347.sys c:\windows\system32\XDva348.sys c:\windows\system32\XDva349.sys c:\windows\system32\XDva352.sys c:\windows\system32\XDva358.sys c:\windows\system32\XDva359.sys c:\windows\system32\XDva361.sys c:\windows\system32\XDva362.sys c:\windows\system32\XDva366.sys c:\windows\system32\XDva367.sys c:\windows\system32\XDva368.sys c:\windows\system32\XDva370.sys c:\windows\system32\XDva372.sys c:\windows\system32\XDva374.sys c:\windows\system32\XDva375.sys c:\windows\system32\XDva377.sys c:\windows\system32\XDva379.sys c:\windows\system32\XDva382.sys c:\windows\system32\XDva383.sys c:\windows\system32\XDva384.sys c:\windows\system32\XDva385.sys c:\windows\system32\XDva386.sys c:\windows\system32\XDva387.sys c:\windows\system32\XDva388.sys c:\windows\system32\XDva389.sys c:\windows\system32\XDva390.sys c:\windows\system32\XDva397.sys c:\windows\system32\XDva398.sys c:\windows\system32\XDva399.sys folder:: c:\documents and settings\XP\Impostazioni locali\Dati applicazioni\ServUpdater driver:: fefnxwt acepkmvz heksaey ServUpdater vproiah XDva310 XDva315 XDva317 XDva321 XDva323 XDva326 XDva327 XDva332 XDva336 XDva337 XDva341 XDva342 XDva343 XDva344 XDva345 XDva346 XDva347 XDva348 XDva349 XDva352 XDva358 XDva359 XDva361 XDva362 XDva366 XDva367 XDva368 XDva370 XDva372 XDva374 XDva375 XDva377 XDva379 XDva382 XDva383 XDva384 XDva385 XDva386 XDva387 XDva388 XDva389 XDva390 XDva397 XDva398 XDva399 NetSvcs:: fefnxwt acepkmvz heksaey Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58929:TCP"=- "58929:UDP"=- "58377:TCP"=- "58377:UDP"= "58269:TCP"=- "58269:UDP"=-

Salva il file sul Desktop come CFScript.txt

Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt

da GERONIMO* » lun set 17, 2012 9:31 pm

in OTL ci sono parecchie cose da rimuovere
esegui prima lo script per combofix,come detto da stevens
poi fai la scansione con Tdsskiller

e rifai un altro scan con OTL e posti il report [^]

da **killjoy** » lun set 17, 2012 10:07 pm

OT
Ragazzi cosa fa quello script? Va bene per tutti o pc con windows ? O è solo x xp ?
Se va bene c tutti i Windows va bene anche per i 64bit?
Grazie delle info e scusate
OT

da GERONIMO* » lun set 17, 2012 10:15 pm

va bene per il problema di lenz10
non per tutti i pc
non eseguirlo che dopo devi formattare [:D]

da **stevens** » lun set 17, 2012 10:15 pm

ciao killjoy

quello script elimina le infezioni che sono su quel pc, e' da usare solo per quel pc non per tutti

www.MegaLab.it

computer impazzito

computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

Re: computer impazzito

computer impazzito

Re: computer impazzito

Re: computer impazzito

Chi c’è in linea