ciao, ho fatto il combo
ecco il report:
ComboFix 10-04-04.01 - utente 05/04/2010 11.14.01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.118 [GMT 2:00]
Eseguito da: C:\Documents and Settings\utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-2C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00200000-EE94-0012-94EE-120094EE1200}
AV: avast! antivirus 4.7.892 [VPS 0639-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleansweep.exe
C:\cleansweep.exe\cleansweep.exe
C:\cleansweep.exe\config.bin
C:\Documents and Settings\utente\Dati applicazioni\okefw.exe
C:\WINDOWS\iexplore.exe
C:\WINDOWS\system32\asr3232.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Files Creati Da 2010-03-05 al 2010-04-05 )))))))))))))))))))))))))))))))))))
.
2010-04-02 20:04:11 . 2010-04-02 20:50:16 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2010-04-02 20:04:11 . 2010-04-02 20:04:11 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Yahoo!
2010-04-02 20:03:46 . 2010-04-02 20:04:18 -------- d-----w- C:\Programmi\Yahoo!
2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 -c--a-w- C:\WINDOWS\system32\dllcache\atapi.sys
2010-04-02 19:06:26 . 2004-08-03 20:59:44 95360 ----a-w- C:\WINDOWS\system32\drivers\atapi.sys
2010-03-07 16:11:56 . 2009-11-25 10:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-03-07 16:11:56 . 2009-03-30 08:33:11 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2010-03-07 16:11:56 . 2009-02-13 10:29:15 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-03-07 16:11:56 . 2009-02-13 10:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Programmi\Avira
2010-03-07 16:11:49 . 2010-03-07 16:11:49 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Programmi\DNA
2010-04-05 09:28:00 . 2009-06-17 11:19:05 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\DNA
2010-04-05 09:26:21 . 2007-08-17 12:22:51 -------- d---a-w- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2010-04-05 09:03:59 . 2010-01-01 19:57:26 -------- d-----w- C:\Programmi\Spyware Doctor
2010-04-03 08:19:53 . 2007-01-20 10:39:24 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-02 20:02:04 . 2007-09-06 12:44:25 -------- d-----w- C:\Programmi\CCleaner
2010-04-02 19:05:43 . 2005-11-21 21:41:42 -------- d-----w- C:\Programmi\easycalendarmakereval
2010-04-02 17:39:22 . 2001-08-31 10:00:00 81314 ----a-w- C:\WINDOWS\system32\perfc010.dat
2010-04-02 17:39:22 . 2001-08-31 10:00:00 479922 ----a-w- C:\WINDOWS\system32\perfh010.dat
2010-03-13 21:27:00 . 2006-05-10 08:07:29 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\Skype
2010-03-13 20:47:37 . 2009-08-29 08:18:32 -------- d-----w- C:\Documents and Settings\utente\Dati applicazioni\skypePM
2010-03-07 18:14:45 . 2010-03-04 20:15:43 169936 ----a-w- C:\ff.exe
2010-03-07 16:24:17 . 2009-12-05 17:30:49 -------- d-sh--r- C:\Programmi\File comuni\tysarekb
2010-03-07 16:14:23 . 2010-03-19 19:27:14 479602 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aerdl.dll
2010-03-07 16:14:22 . 2010-03-19 19:27:11 426356 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aepack.dll
2010-03-07 16:14:21 . 2010-03-19 19:26:57 196987 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Avira\AntiVir Desktop\BACKUP\aeoffice.dll
2010-03-02 21:29:29 . 2010-03-01 20:59:09 169936 ----a-w- C:\be.exe
2010-02-12 20:50:18 . 2008-12-25 18:47:01 -------- d-----w- C:\Programmi\McAfee
2009-03-02 16:05:39 . 2009-03-02 16:05:39 869 ----a-w- C:\Programmi\AVS Video Converter 6.lnk
2004-03-11 12:27:22 . 2007-02-15 08:47:08 40960 ----a-w- C:\Programmi\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0x017"="0x017" [X]
"EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\HOMERunner.exe" [2008-12-09 10:12:30 234856]
"BitTorrent DNA"="C:\Programmi\DNA\btdna.exe" [2009-11-16 22:08:00 323392]
"Google Update"="C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-08 20:44:58 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 07:47:18 67072]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 10:52:00 339968]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]
"EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 03:00:00 98304]
"Norman ZANDA"="C:\VIRUSfighter\Bin\ZLH.EXE" [2005-05-25 12:11:16 135168]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2004-04-06 17:36:14 1298542]
"LifeCam"="C:\Programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 21:45:32 279912]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2009-01-05 14:18:48 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2009-04-02 14:11:02 342312]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
"Adobe ARM"="C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 13:39:36 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NkbMonitor.exe.lnk - C:\Programmi\Nikon\PictureProject\NkbMonitor.exe [2007-9-2 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Programmi\\VirtualDJ\\virtualdj.exe"=
"C:\\Programmi\\eMule3\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\SightSpeed\\SightSpeed.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\eMule3bis\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"iexplore.exe"= C:\windows\iexplore.exe
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [01/01/2010 21.58.19 207792]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [23/09/2009 15.11.22 722416]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [07/09/2007 9.16.17 45312]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 22.24.04 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programmi\McAfee\SiteAdvisor\McSACore.exe [25/12/2008 20.47.47 93320]
S2 7aasht6rf;ncvbads;"C:\Programmi\File comuni\tysarekb\zamsdyg.exe" --> C:\Programmi\File comuni\tysarekb\zamsdyg.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Programmi\Spyware Doctor\pctsAuxs.exe [01/01/2010 21.57.28 359624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57:52 . 2008-07-30 11:34:12]
2010-03-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003Core.job
- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58]
2010-04-03 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-113007714-725345543-1003UA.job
- C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-08 20:45:07 . 2010-01-08 20:44:58]
2010-04-05 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00]
2007-09-07 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Programmi\XoftSpySE\XoftSpy.exe [2007-03-30 09:17:00 . 2007-03-30 09:17:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-PowerBar - (no file)
HKCU-Run-Creative WebCam Tray - C:\Programmi\Creative\Shared Files\CamTray.exe
HKCU-Run-y478hjdjkdkge - C:\Documents and Settings\utente\Dati applicazioni\zzangohj.exe
HKCU-Run-iexplore.exe - C:\windows\iexplore.exe
HKU-Default-Run-Nokia.PCSync - C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
AddRemove-Macromedia Shockwave Player - C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - C:\Programmi\EA GAMES\The Sims 2\EAUninstall.exe
AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
AddRemove-Octoshape add-in for Adobe Flash Player - C:\Documents and Settings\utente\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 11:27:18
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX3600 Series (Copia 1) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"??????????????????????????????p???g??w0??w????*??w???w????O??w?????????????????VZ????w????????????????????T???????????g??w???w???????w???w?VZ????????????w???????????????????????????????|?????????VZ?????????????O??ws??w???w'??w?????????????? ?????????"????i??????|???????4????a?w????????????????P???????????????T????b?w????P????????S??????????????h??w????P???????z??wP???????8???????????`??
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x84F8A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74e2fc3
\Driver\ACPI -> ACPI.sys @ 0xf732ccb8
\Driver\atapi -> 0x84f8a1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7181bc3
PacketIndicateHandler -> NDIS.sys @ 0xf716fa0b
SendHandler -> NDIS.sys @ 0xf7183b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2128)
c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\IEFRAME.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\btncopy.dll
C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
- - - - - - - > 'explorer.exe'(2912)
c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\browselc.dll
C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
C:\Programmi\WinRAR\rarext.dll
C:\Programmi\Avira\AntiVir Desktop\shlext.dll
C:\Programmi\Spyware Doctor\SDContextExt32.dll
C:\Programmi\Scintilla Text Editor\wscitecm.dll
C:\Programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
C:\Programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
C:\Programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
C:\Programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
C:\WINDOWS\system32\wpdshext.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\Audiodev.dll
C:\WINDOWS\system32\WMVCore.DLL
C:\WINDOWS\system32\WMASF.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-05 11:41:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-05 09:41:09
Pre-Run: 13.436.190.720 byte disponibili
Post-Run: 13.289.390.080 byte disponibili
- - End Of File - - 142812CE8FAE722220263191D02A8A83
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.42.03, on 05/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\utente\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programmi\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copia 1)" /M "Stylus CX3600" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [0x017] 0x017
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ncvbads (7aasht6rf) - Unknown owner - C:\Programmi\File comuni\tysarekb\zamsdyg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programmi\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmi\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10105 bytes