supermarco81

Utenti
  • Numero contenuti

    2
  • Iscritto

  • Ultima visita

Su supermarco81

  • Livello
    Iniziato
  1. ciao, ho fatto il combo ecco il report: ComboFix 10-04-04.01 - utente 05/04/2010 11.14.01.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.118 [GMT 2:00] Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-2C24-9E7C08000A00} AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200} AV: avast! antivirus 4.7.892 [VPS 0639-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleansweep.exe C:\cleansweep.exe\cleansweep.exe C:\cleansweep.exe\config.bin C:\Documents and Settings\utente\Dati applicazioni\okefw.exe C:\WINDOWS\iexplore.exe C:\WINDOWS\system32\asr3232.dll C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Creati Da 2010-03-05 al 2010-04-05 ))))))))))))))))))))))))))))))))))) . 2010-04-02 20:04:11 . 2010-04-02 20:50:16 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion 2010-04-02 20:04:11 . 2010-04-02 20:04:11 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Yahoo! 2010-04-02 20:03:46 . 2010-04-02 20:04:18 -------- d-----w- C:\Programmi\Yahoo! 2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 -c--a-w- C:\WINDOWS\system32\dllcache\atapi.sys 2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 ----a-w- C:\WINDOWS\system32\drivers\atapi.sys 2010-03-07 16:11:56 . 2009-11-25 10:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-03-07 16:11:56 . 2009-03-30 08:33:11 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys 2010-03-07 16:11:56 . 2009-02-13 10:29:15 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-03-07 16:11:56 . 2009-02-13 10:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Programmi\Avira 2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Programmi\DNA 2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\DNA 2010-04-05 09:26:21 . 2007-08-17 12:22:51 -------- d---a-w- C:\Documents and Settings\All Users\Dati applicazioni\TEMP 2010-04-05 09:03:59 . 2010-01-01 19:57:26 -------- d-----w- C:\Programmi\Spyware Doctor 2010-04-03 08:19:53 . 2007-01-20 10:39:24 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy 2010-04-02 20:02:04 . 2007-09-06 12:44:25 -------- d-----w- C:\Programmi\CCleaner 2010-04-02 19:05:43 . 2005-11-21 21:41:42 -------- d-----w- C:\Programmi\easycalendarmakereval 2010-04-02 17:39:22 . 2001-08-31 10:00:00 81314 ----a-w- C:\WINDOWS\system32\perfc010.dat 2010-04-02 17:39:22 . 2001-08-31 10:00:00 479922 ----a-w- C:\WINDOWS\system32\perfh010.dat 2010-03-13 21:27:00 . 2006-05-10 08:07:29 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Skype 2010-03-13 20:47:37 . 2009-08-29 08:18:32 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\skypePM 2010-03-07 18:14:45 . 2010-03-04 20:15:43 169936 ----a-w- C:\ff.exe 2010-03-07 16:24:17 . 2009-12-05 17:30:49 -------- d-sh--r- C:\Programmi\File comuni\tysarekb 2010-03-07 16:14:23 . 2010-03-19 19:27:14 479602 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aerdl.dll 2010-03-07 16:14:22 . 2010-03-19 19:27:11 426356 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aepack.dll 2010-03-07 16:14:21 . 2010-03-19 19:26:57 196987 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aeoffice.dll 2010-03-02 21:29:29 . 2010-03-01 20:59:09 169936 ----a-w- C:\be.exe 2010-02-12 20:50:18 . 2008-12-25 18:47:01 -------- d-----w- C:\Programmi\McAfee 2009-03-02 16:05:39 . 2009-03-02 16:05:39 869 ----a-w- C:\Programmi\AVS Video Converter 6.lnk 2004-03-11 12:27:22 . 2007-02-15 08:47:08 40960 ----a-w- C:\Programmi\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "0x017"="0x017" [X] "EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304] "TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-12-09 10:12:30 234856] "BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2009-11-16 22:08:00 323392] "Google Update"="C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-08 20:44:58 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-05-14 07:47:18 67072] "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 10:52:00 339968] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304] "EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304] "Norman ZANDA"="C:\VIRUSfighter\Bin\ZLH.EXE" [2005-05-25 12:11:16 135168] "InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2004-04-06 17:36:14 1298542] "LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 21:45:32 279912] "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2009-01-05 14:18:48 413696] "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2009-04-02 14:11:02 342312] "Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696] "Adobe ARM"="C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288] "avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:39:36 15360] C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2007-9-2 118784] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Programmi\\Messenger\\msmsgs.exe"= "C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"= "C:\\Programmi\\VirtualDJ\\virtualdj.exe"= "C:\\Programmi\\eMule3\\emule.exe"= "C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Programmi\\Bonjour\\mDNSResponder.exe"= "C:\\Programmi\\iTunes\\iTunes.exe"= "C:\\Programmi\\SightSpeed\\SightSpeed.exe"= "C:\\Programmi\\BitTorrent\\bittorrent.exe"= "C:\\Programmi\\DNA\\btdna.exe"= "C:\\Programmi\\eMule3bis\\emule.exe"= "C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"= "iexplore.exe"= C:\windows\iexplore.exe "C:\\Programmi\\Skype\\Phone\\Skype.exe"= R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [01/01/2010 21.58.19 207792] R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [23/09/2009 15.11.22 722416] R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [07/09/2007 9.16.17 45312] R2 Browser Defender Update Service;Browser Defender Update Service;C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 22.24.04 112592] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programmi\McAfee\SiteAdvisor\McSACore.exe [25/12/2008 20.47.47 93320] S2 7aasht6rf;ncvbads;"C:\Programmi\File comuni\tysarekb\zamsdyg.exe" --> C:\Programmi\File comuni\tysarekb\zamsdyg.exe [?] S3 sdAuxService;PC Tools Auxiliary Service;C:\Programmi\Spyware Doctor\pctsAuxs.exe [01/01/2010 21.57.28 359624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenuto della cartella 'Scheduled Tasks' 2009-01-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57:52 . 2008-07-30 11:34:12] 2010-03-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003Core.job - C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58] 2010-04-03 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003UA.job - C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58] 2010-04-05 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00] 2007-09-07 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00] . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ IE: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab . - - - - CHIAVI ORFANE RIMOSSE - - - - HKCU-Run-PowerBar - (no file) HKCU-Run-Creative WebCam Tray - C:\Programmi\Creative\Shared Files\CamTray.exe HKCU-Run-y478hjdjkdkge - C:\Documents and Settings\utente\Dati applicazioni\zzangohj.exe HKCU-Run-iexplore.exe - C:\windows\iexplore.exe HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe AddRemove-Macromedia Shockwave Player - C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - C:\Programmi\EA GAMES\The Sims 2\EAUninstall.exe AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe AddRemove-Octoshape add-in for Adobe Flash Player - C:\Documents and Settings\utente\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-05 11:27:18 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus CX3600 Series (Copia 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"??????????????????????????????p???g??w0??w????*??w???w????O??w?????????????????VZ????w????????????????????T???????????g??w???w???????w???w?VZ????????????w???????????????????????????????|?????????VZ?????????????O??ws??w???w'??w?????????????? ?????????"????i??????|???????4????a?w????????????????P???????????????T????b?w????P????????S??????????????h??w????P???????z??wP???????8???????????`?? Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x84F8A1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf74e2fc3 \Driver\ACPI -> ACPI.sys @ 0xf732ccb8 \Driver\atapi -> 0x84f8a1f8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094 ParseProcedure -> ntoskrnl.exe @ 0x8056f08e \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094 ParseProcedure -> ntoskrnl.exe @ 0x8056f08e NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7181bc3 PacketIndicateHandler -> NDIS.sys @ 0xf716fa0b SendHandler -> NDIS.sys @ 0xf7183b31 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'explorer.exe'(2128) c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll C:\WINDOWS\system32\webcheck.dll C:\WINDOWS\system32\IEFRAME.dll C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\btncopy.dll C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr C:\WINDOWS\system32\PortableDeviceTypes.dll C:\WINDOWS\system32\PortableDeviceApi.dll - - - - - - - > 'explorer.exe'(2912) c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll C:\WINDOWS\system32\ieframe.dll C:\WINDOWS\system32\browselc.dll C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA C:\Programmi\WinRAR\rarext.dll C:\Programmi\Avira\AntiVir Desktop\shlext.dll C:\Programmi\Spyware Doctor\SDContextExt32.dll C:\Programmi\Scintilla Text Editor\wscitecm.dll C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr C:\WINDOWS\system32\wpdshext.dll C:\WINDOWS\system32\PortableDeviceApi.dll C:\WINDOWS\system32\ODBC32.dll C:\WINDOWS\system32\Audiodev.dll C:\WINDOWS\system32\WMVCore.DLL C:\WINDOWS\system32\WMASF.DLL . ------------------------ Altri processi in esecuzione ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\Microsoft LifeCam\MSCamS32.exe C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\iPod\bin\iPodService.exe . ************************************************************************** . Ora fine scansione: 2010-04-05 11:41:28 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-04-05 09:41:09 Pre-Run: 13.436.190.720 byte disponibili Post-Run: 13.289.390.080 byte disponibili - - End Of File - - 142812CE8FAE722220263191D02A8A83 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11.42.03, on 05/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\McAfee\SiteAdvisor\McSACore.exe C:\Programmi\Microsoft LifeCam\MSCamS32.exe C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Programmi\Ahead\InCD\InCD.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\TomTom HOME 2\HOMERunner.exe C:\Programmi\DNA\btdna.exe C:\Programmi\Nikon\PictureProject\NkbMonitor.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\utente\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [0x017] 0x017 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: ncvbads (7aasht6rf) - Unknown owner - C:\Programmi\File comuni\tysarekb\zamsdyg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10105 bytes
  2. ciao ragazzi, mi accade una cosa strana da qualche giorno. accendo il pc, dopo 3-5 min in cui ha caricato tutto inizia a andare lentissimo. non riesco a fare nemmeno l'antivirus..uso avira..che tra l'altro spesso all'accensione mi trova 2 virus, li elimino ma forse non basta..poi durante la scansione rallenta e si blocca, sono bloccato..che faccio? tra le varie cose mi mette questo file:fdcf6nfcok.txt nella casella temp come virus..che sarà?? ecco hijackthis grazie Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21.20.28, on 03/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\VIRUSfighter\Bin\ZLH.EXE C:\Programmi\Ahead\InCD\InCD.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Spyware Doctor\pctsTray.exe C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe C:\Programmi\TomTom HOME 2\HOMERunner.exe C:\Programmi\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\Nikon\PictureProject\NkbMonitor.exe C:\Programmi\McAfee\SiteAdvisor\McSACore.exe C:\Programmi\Microsoft LifeCam\MSCamS32.exe C:\Programmi\Spyware Doctor\pctsAuxs.exe C:\windows\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Spyware Doctor\pctsSvc.exe C:\Documents and Settings\utente\Desktop\HijackThis.exe C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iexplore.exe] C:\windows\iexplore.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iSTray] "C:\Programmi\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU" O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [y478hjdjkdkge] C:\Documents and Settings\utente\Dati applicazioni\zzangohj.exe O4 - HKCU\..\Run: [iexplore.exe] C:\windows\iexplore.exe O4 - HKCU\..\Run: [0x017] 0x017 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: ncvbads (7aasht6rf) - Unknown owner - C:\Programmi\File comuni\tysarekb\zamsdyg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11062 bytes