|
| Precedente :: Successivo |
| Autore |
Messaggio |
matteosa
Comune mortale
Registrato: 05/02/10 20:19
Messaggi: 2
|
 Inviato: 05 Feb 2010 20:26 Oggetto: probabile bagle da mesi non se ne va |
 |
|
salve ho la cpu che ogni tanto skizza alta e mi impalla il pc probabilmente il bagle che avevo preso non è andato via del tutto mi aiutate a mandalo via? grazie...
sistema op Xp elibabla mi da tutto pulito vi allego questo log helpatemi grazieeee
COMBOFIX LOG
ComboFix 08-07-24.3 - Owner 2010-02-05 19.15.44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2272 [GMT 1:00]
Running from: C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.843\combofix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-04 14:28 . 2010-02-04 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AGeeksToy
2010-02-03 00:25 . 2010-02-05 18:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2010-01-22 15:31 . 2010-01-22 16:13 78 --a------ C:\WINDOWS\options.dat
2010-01-22 15:26 . 2010-01-22 16:22 <DIR> d-------- C:\Program Files\Evisoft
2010-01-18 12:56 . 2010-01-18 13:51 <DIR> d-------- C:\Program Files\PokerStars.IT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2010-01-21 22:50 --------- d-----w C:\Program Files\Java
2010-01-08 18:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2010-01-03 20:36 --------- d-----w C:\Program Files\Zuma's Revenge!
2010-01-03 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\SpinTop
2010-01-03 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-03 15:13 --------- d-----w C:\Program Files\PopCap Games
2010-01-01 14:57 --------- d-----w C:\Program Files\Azureus
2009-12-17 17:30 --------- d-----w C:\Program Files\Sacra
2009-12-17 17:25 74,752 -c--a-w C:\WINDOWS\ST6UNST.EXE
2009-12-17 17:25 253,952 -c----w C:\WINDOWS\Setup1.exe
2009-12-16 11:06 --------- d-----w C:\Program Files\Alwil Software
2009-12-16 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-16 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2009-12-15 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-04-20 19:38 12,998 -c--a-w C:\Documents and Settings\Custom Settings\IE Favorite Links.bat
2009-04-20 17:04 31,052 -c--a-w C:\Documents and Settings\Custom Settings\System Settings.reg
2009-04-20 11:46 30,813 -c--a-w C:\Documents and Settings\Custom Settings\User Settings.reg
2009-04-19 23:23 2,677 -c--a-w C:\Documents and Settings\Custom Settings\User Settings.bat
2009-04-19 14:39 4,466 -c--a-w C:\Documents and Settings\Custom Settings\Auto Config.bat
2009-04-18 12:18 2,419 -c--a-w C:\Documents and Settings\Custom Settings\System Settings.bat
2009-04-18 11:21 653 -c--a-w C:\Documents and Settings\Custom Settings\IExpress Shortcut Creator.vbs
2009-04-17 23:32 1,086 -c--a-w C:\Documents and Settings\Custom Settings\WMP Shortcut Creator.vbs
2009-01-24 14:15 898 -c--a-w C:\Documents and Settings\Custom Settings\Apply Theme.vbs
2006-03-03 10:15 9,216 -c--a-w C:\Documents and Settings\Custom Settings\TaskBarCmd v1.1.exe
2003-09-03 16:33 131,072 -c--a-w C:\Documents and Settings\Custom Settings\ToggleQL.exe
2009-08-04 17:34 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2009-08-04 17:34 245,760 -csha-w C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat
2009-08-04 17:34 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2009-08-04 17:34 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2009-04-20 19:25 361600 ba8c046d98345129723e6bcaa1e8ab99 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2009-01-14 17:49 92504 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 18:17 1068904 --a------ C:\Program Files\Windows Live\Toolbar\wltcore.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 18:17 1068904]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 18:17 1068904]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 16:44 3883856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-05-01 06:30 13750272]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 13:00 455168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 23:30 45632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-25 00:51 81000]
"nwiz"="nwiz.exe" [2009-05-01 06:31 1657376 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
-ra------ 2009-09-04 12:08 935288 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-10-03 04:08 35696 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2007-10-15 03:17 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a--c--- 2007-08-22 22:31 80896 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2008-04-14 13:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 15:07 2260480 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-10-11 04:17 149280 C:\Program Files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2009-05-26 23:31 85160 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule AdunanzA\\eMule_AdnzA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"C:\\WINDOWS\\system32\\javaws.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 iastor78;iastor78;C:\WINDOWS\system32\drivers\iastor78.sys [2009-04-20 19:32]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 00:50]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 00:50]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 22:48]
S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys []
S4 RsFx0102;RsFx0102 Driver;C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 01:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3f3e34c-a647-11de-957e-001e68679015}]
\Shell\AutoRun\command - E:\AutoRun.exe
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
BHO-{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}: NameServer = 208.67.220.220,208.67.222.222
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 19:15:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-02-05 19:16:53
ComboFix-quarantined-files.txt 2010-02-05 18:16:40
Pre-Run: 173,260,570,624 bytes free
Post-Run: 173,179,916,288 bytes free
172 |
|
| Top |
|
 |
JeanGrey
Eroe in grazia degli dei
Registrato: 21/12/08 22:00
Messaggi: 142
|
| Inviato: 05 Feb 2010 21:07 Oggetto: |
|
|
Ciao matteosa e benvenuto.
Combofix non va lanciato da cartelle temporanee.
Non mi pare di vedere infezioni, ma meglio fare un controllo completo.
1) Scarica ed installa CCleaner
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
* Impostazioni, e spunta la voce Cancellazione sicura (lenta) e nel menu a tendina seleziona la voce DOD 520.22-M (3 passaggi)
poi clicca su:
* Avanzate togli la spunta alla voce Cancella solo file più vecchi di 48 ore
* alla voce Pulizia nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
* nel menu a sinistra, clicca sulla voce Pulizia e clicca su tasto Avvia pulizia per eseguire la scansione
* finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce Estensioni file non usate
* clicca sul tasto Trova problemi ed avvia una scansione
* al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
2) Scarica ed installa Malwarebytes come descritto in questa discussione
Esegui una scansione completa ed allega il rapporto.
3) Scarica ed installa Hijackthis
* lancia Hijackthis e pulisci gli ADS (esclusivamente se la partizione e in NTFS):
* clicca sulla voce Open the misc tool section
* clicca su Open ads spy
* togli la spunta alla voce Quick scan (windows base folder only)
* clicca su Scan
* se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
* rilancia Hijackthis
* clicca su Do a system scan and save a logfile
* al termine della scansione verrà rilasciato un log: salvalo sul Desktop perché lo dovrai allegare.
4) Scarica OTS.exe by OldTimer sul desktop
chiudi tutti i programmi
avvia OTS, seleziona "scan all users"
clicca su "Run Scan"
salva il report ed allegalo nella tua risposta.
Segui le indicazioni di questa discussione per postare i rapporti. |
|
| Top |
|
|
matteosa
Comune mortale
Registrato: 05/02/10 20:19
Messaggi: 2
|
| Inviato: 05 Feb 2010 21:58 Oggetto: |
|
|
| JeanGrey ha scritto: | Ciao matteosa e benvenuto.
Combofix non va lanciato da cartelle temporanee.
Non mi pare di vedere infezioni, ma meglio fare un controllo completo.
1) Scarica ed installa CCleaner
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
* Impostazioni, e spunta la voce Cancellazione sicura (lenta) e nel menu a tendina seleziona la voce DOD 520.22-M (3 passaggi)
poi clicca su:
* Avanzate togli la spunta alla voce Cancella solo file più vecchi di 48 ore
* alla voce Pulizia nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
* nel menu a sinistra, clicca sulla voce Pulizia e clicca su tasto Avvia pulizia per eseguire la scansione
* finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce Estensioni file non usate
* clicca sul tasto Trova problemi ed avvia una scansione
* al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
2) Scarica ed installa Malwarebytes come descritto in questa discussione
Esegui una scansione completa ed allega il rapporto.
3) Scarica ed installa Hijackthis
* lancia Hijackthis e pulisci gli ADS (esclusivamente se la partizione e in NTFS):
* clicca sulla voce Open the misc tool section
* clicca su Open ads spy
* togli la spunta alla voce Quick scan (windows base folder only)
* clicca su Scan
* se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
* rilancia Hijackthis
* clicca su Do a system scan and save a logfile
* al termine della scansione verrà rilasciato un log: salvalo sul Desktop perché lo dovrai allegare.
4) Scarica OTS.exe by OldTimer sul desktop
chiudi tutti i programmi
avvia OTS, seleziona "scan all users"
clicca su "Run Scan"
salva il report ed allegalo nella tua risposta.
Segui le indicazioni di questa discussione per postare i rapporti. |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.53.11, on 05/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7857 bytes
[code:1:688adc3f68]
OTS logfile created on: 05/02/2010 20.54.56 - Run 1
OTS by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 286,08 Gb Total Space | 162,64 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/05 20.25.52 | 000,632,320 | ---- | M] (OldTimer Tools)
ashdisp.exe -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe -> [2009/11/25 00.51.40 | 000,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/11/25 00.51.35 | 000,138,680 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/11/25 00.51.21 | 000,254,040 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/11/25 00.48.48 | 000,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/11/25 00.43.56 | 000,018,752 | ---- | M] (ALWIL Software)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/11 04.17.36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04.17.35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
vcddaemon.exe -> C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> [2009/05/26 23.31.29 | 000,085,160 | ---- | M] (Elaborate Bytes AG)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2009/05/01 06.30.18 | 000,168,004 | ---- | M] (NVIDIA Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2009/04/20 19.17.01 | 001,033,728 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17.53.02 | 000,226,656 | ---- | M] (Microsoft Corp.)
sqlservr.exe -> c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -> [2008/07/11 01.29.04 | 040,999,448 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/07/10 01.49.44 | 000,098,840 | ---- | M] (Microsoft Corporation)
uphclean.exe -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 20.59.24 | 000,241,725 | ---- | M] (Microsoft Corporation)
taskswitch.exe -> C:\WINDOWS\system32\TaskSwitch.exe -> [2002/03/19 23.30.00 | 000,045,632 | ---- | M] ()
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/05 20.25.52 | 000,632,320 | ---- | M] (OldTimer Tools)
ahjsctns.dll -> C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll -> [2009/11/25 00.50.32 | 000,139,264 | ---- | M] (ALWIL Software)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll -> [2009/04/20 19.16.40 | 001,054,208 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009/11/25 00.51.35 | 000,138,680 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009/11/25 00.51.21 | 000,254,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009/11/25 00.48.48 | 000,352,920 | ---- | M] (ALWIL Software)
(aswUpdSv) avast! iAVS4 Control Service [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009/11/25 00.43.56 | 000,018,752 | ---- | M] (ALWIL Software)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/11 04.17.35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
(fsssvc) Servizio Windows Live Family Safety [On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 22.48.42 | 000,704,864 | ---- | M] (Microsoft Corporation)
(nvsvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2009/05/01 06.30.18 | 000,168,004 | ---- | M] (NVIDIA Corporation)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 17.53.02 | 000,226,656 | ---- | M] (Microsoft Corp.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/07/18 12.13.20 | 000,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/07/18 12.13.20 | 000,044,032 | ---- | M] (Hewlett-Packard)
(MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) [Auto | Running] -> c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -> [2008/07/11 01.29.04 | 040,999,448 | ---- | M] (Microsoft Corporation)
(SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) [Disabled | Stopped] -> c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -> [2008/07/11 01.29.04 | 000,369,688 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper100) SQL Active Directory Helper Service [Disabled | Stopped] -> c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -> [2008/07/11 01.28.58 | 000,047,128 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Auto | Running] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/07/10 01.49.44 | 000,098,840 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Disabled | Stopped] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/07/10 01.49.34 | 000,258,072 | ---- | M] (Microsoft Corporation)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 20.27.36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 19.38.24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.)
(UPHClean) User Profile Hive Cleanup [Auto | Running] -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 20.59.24 | 000,241,725 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/29 02.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2009/11/25 00.50.59 | 000,094,160 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2009/11/25 00.50.12 | 000,114,768 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2009/11/25 00.50.00 | 000,020,560 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2009/11/25 00.49.07 | 000,048,560 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2009/11/25 00.48.57 | 000,023,120 | ---- | M] (ALWIL Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2009/11/25 00.47.54 | 000,027,408 | ---- | M] (ALWIL Software)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/08/05 22.48.42 | 000,054,752 | ---- | M] (Microsoft Corporation)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/08/05 08.49.21 | 000,721,904 | ---- | M] ()
(VClone) VClone [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VClone.sys -> [2009/05/23 00.08.32 | 000,029,696 | ---- | M] (Elaborate Bytes AG)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2009/05/01 04.02.00 | 008,055,584 | ---- | M] (NVIDIA Corporation)
(iastor78) iastor78 [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iastor78.sys -> [2009/04/20 19.32.01 | 000,308,248 | ---- | M] (Intel Corporation)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ElbyCDIO.sys -> [2009/02/17 18.11.30 | 000,024,232 | ---- | M] (Elaborate Bytes AG)
(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\yk51x86.sys -> [2008/12/09 10.06.00 | 000,296,448 | ---- | M] (Marvell)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2008/09/12 18.32.56 | 000,327,192 | ---- | M] (Intel Corporation)
(RsFx0102) RsFx0102 Driver [File_System | Disabled | Stopped] -> C:\WINDOWS\system32\drivers\RsFx0102.sys -> [2008/07/10 01.49.14 | 000,242,712 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 13.00.00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/14 13.00.00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2008/04/14 13.00.00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2008/03/13 02.25.36 | 002,530,176 | ---- | M] (Intel Corporation)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CHDAud.sys -> [2007/12/18 18.18.10 | 000,732,160 | ---- | M] (Conexant Systems Inc.)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2007/10/29 10.25.55 | 000,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2007/10/29 10.25.54 | 000,016,496 | R--- | M] (HP)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2007/10/29 10.25.53 | 000,049,920 | R--- | M] (HP)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SONYPVU1.SYS -> [2001/08/17 17.56.16 | 000,007,552 | ---- | M] (Sony Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\] > -> ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\: "ProxyOverride" -> local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\y74gnwke.default\prefs.js ->
browser.search.defaultenginename -> "Fast Browser Search" ->
browser.search.defaultthis.engineName -> "betforum Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT1629507&SearchSource=3&q={searchTerms}" ->
browser.search.order.1 -> "Fast Browser Search" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://www.trovarapido.com/?t=Q0908171654&s=h" ->
keyword.URL -> "http://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/07 11.46.56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/01/06 14.01.55 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2009/08/05 00.00.09 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y74gnwke.default\extensions -> [2010/02/03 00.32.12 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
conduit.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y74gnwke.default\searchplugins\conduit.xml -> [2009/09/01 14.06.02 | 000,000,878 | ---- | M] ()
Trova Rapido.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\y74gnwke.default\searchplugins\Trova Rapido.xml -> [2009/08/17 16.52.25 | 000,002,371 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/02/05 18.46.29 | 000,000,000 | ---D | M]
< HOSTS File > (327693 bytes and 11256 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2007/11/06 07.50.44 | 000,322,880 | ---- | M] (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 13.07.26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14.31.02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009/01/14 17.49.24 | 000,092,504 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 04.17.29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18.17.46 | 001,068,904 | ---- | M] (Microsoft Corporation)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 04.17.12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2007/11/06 07.50.44 | 000,542,016 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18.17.46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18.17.46 | 001,068,904 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast!" -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2009/11/25 00.51.40 | 000,081,000 | ---- | M] (ALWIL Software)
"CoolSwitch" -> C:\WINDOWS\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [2002/03/19 23.30.00 | 000,045,632 | ---- | M] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/05/01 06.30.16 | 013,750,272 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe ["nwiz.exe" /installquiet] -> [2009/05/01 06.31.10 | 001,657,376 | ---- | M] ()
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE ["C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName] -> [2008/04/14 13.00.00 | 000,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE ["C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC] -> [2008/04/14 13.00.00 | 000,455,168 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010/01/07 16.07.10 | 000,429,392 | ---- | M] (Malwarebytes Corporation)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"_nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/04/20 19.16.43 | 000,128,512 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"_nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/04/20 19.16.43 | 000,128,512 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"_nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/04/20 19.16.43 | 000,128,512 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"_nltide_3" -> C:\WINDOWS\System32\advpack.dll [rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N] -> [2009/04/20 19.16.43 | 000,128,512 | ---- | M] (Microsoft Corporation)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDesktopCleanupWizard" -> [1] -> File not found
\\"NoSharedDocuments" -> [1] -> File not found
\\"MaxRecentDocs" -> [18] -> File not found
\\"NoSMConfigurePrograms" -> [1] -> File not found
\\"NoDriveTypeAutoRun" -> [255] -> File not found
\\"NoRecentDocsNetHood" -> [1] -> File not found
\\"MemCheckBoxInRunDlg" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"verbosestatus" -> [1] -> File not found
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Inserisci blog] -> [2009/07/26 20.17.14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: Inserisci &blog in Windows Live Writer] -> [2009/07/26 20.17.14 | 000,186,192 | ---- | M] (Microsoft Corporation)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2007/11/06 07.50.44 | 000,542,016 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14.31.02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5824 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5824 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5824 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5824 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1409082233-1284227242-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab [UnoCtrl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 62.101.93.101 83.103.25.250 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}\\DhcpNameServer -> 62.101.93.101 83.103.25.250 (Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) ->
{0A89D2C2-623F-464B-B26E-FE0FFFC17A4F}\\NameServer -> 208.67.220.220,208.67.222.222 (Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2009/04/20 19.17.01 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18.21.00 | 000,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12.05.30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2009/06/22 18.45.12 | 000,199,616 | ---- | M] (Vuze Inc.)
"C:\Program Files\eMule AdunanzA\eMule_AdnzA.exe" -> C:\Program Files\eMule AdunanzA\eMule_AdnzA.exe [C:\Program Files\eMule AdunanzA\eMule_AdnzA.exe:*:Enabled:eMule] -> [2008/12/14 18.35.00 | 005,459,968 | ---- | M] (http://www.emule-project.net)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2007/12/20 17.05.54 | 001,421,312 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2007/11/30 07.12.40 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2007/10/31 20.45.22 | 000,147,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 19.49.02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 19.40.42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Java\jre6\bin\javaws.exe" -> C:\Program Files\Java\jre6\bin\javaws.exe [C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher] -> [2009/10/11 04.17.33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/01/06 14.01.51 | 000,908,248 | ---- | M] (Mozilla Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" -> C:\Program Files\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> [2007/03/07 11.27.12 | 000,567,384 | ---- | M] (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> [2009/07/09 08.09.52 | 001,921,024 | ---- | M] (www.sopcast.com)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18.21.00 | 000,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 12.05.30 | 001,169,224 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\javaws.exe" -> C:\WINDOWS\System32\javaws.exe [C:\WINDOWS\system32\javaws.exe:*:Enabled:Java(TM) Web Start Launcher] -> [2009/10/11 04.17.33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/08/04 23.45.20 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{b3f3e34c-a647-11de-957e-001e68679015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f3e34c-a647-11de-957e-001e68679015}\Shell
\{b3f3e34c-a647-11de-957e-001e68679015}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f3e34c-a647-11de-957e-001e68679015}\Shell\AutoRun
\{b3f3e34c-a647-11de-957e-001e68679015}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f3e34c-a647-11de-957e-001e68679015}\Shell\AutoRun\command
\{b3f3e34c-a647-11de-957e-001e68679015}\Shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/02/05 20.26.37 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/02/05 20.26.31 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/05 20.26.31 | 000,000,000 | ---D | C]
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/05 20.25.45 | 000,632,320 | ---- | C] (OldTimer Tools)
Recent -> C:\Documents and Settings\Owner\Recent -> [2010/02/05 20.18.51 | 000,000,000 | RH-D | C]
FyK -> C:\FyK -> [2010/02/05 20.09.20 | 000,000,000 | ---D | C]
arch -> C:\Documents and Settings\Owner\Desktop\arch -> [2010/02/05 20.01.20 | 000,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2010/02/05 19.50.13 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/02/05 19.26.46 | 000,000,000 | -HSD | C]
erdnt -> C:\WINDOWS\erdnt -> [2010/02/05 19.15.32 | 000,000,000 | ---D | C]
QooBox -> C:\QooBox -> [2010/02/05 19.15.15 | 000,000,000 | ---D | C]
swxcacls.exe -> C:\WINDOWS\swxcacls.exe -> [2010/02/05 19.15.14 | 000,212,480 | ---- | C] (SteelWerX)
swreg.exe -> C:\WINDOWS\swreg.exe -> [2010/02/05 19.15.14 | 000,161,792 | ---- | C] (SteelWerX)
swsc.exe -> C:\WINDOWS\swsc.exe -> [2010/02/05 19.15.14 | 000,136,704 | ---- | C] (SteelWerX)
fdsv.exe -> C:\WINDOWS\fdsv.exe -> [2010/02/05 19.15.14 | 000,089,504 | ---- | C] (Smallfrogs Studio)
Nircmd.exe -> C:\WINDOWS\Nircmd.exe -> [2010/02/05 19.15.14 | 000,028,672 | ---- | C] (NirSoft)
ComboFix -> C:\ComboFix -> [2010/02/05 19.15.05 | 000,000,000 | ---D | C]
AGeeksToy -> C:\Documents and Settings\All Users\Application Data\AGeeksToy -> [2010/02/04 14.28.32 | 000,000,000 | ---D | C]
vlc -> C:\Documents and Settings\Owner\Application Data\vlc -> [2010/02/03 00.25.39 | 000,000,000 | ---D | C]
Evisoft -> C:\Program Files\Evisoft -> [2010/01/22 15.26.10 | 000,000,000 | ---D | C]
PokerStars.IT -> C:\Program Files\PokerStars.IT -> [2010/01/18 12.56.02 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/12/16 01.39.48 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/12/16 01.39.48 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/12/16 01.37.35 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/12/16 01.37.35 | 000,000,000 | --SD | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/09/04 17.13.00 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/09/04 17.08.11 | 000,000,000 | ---D | M]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files/Folders - Modified Within 30 Days]
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2010/02/05 20.50.59 | 000,001,734 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/05 20.26.39 | 000,000,696 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/02/05 20.25.52 | 000,632,320 | ---- | M] (OldTimer Tools)
NTUSER.DAT -> C:\Documents and Settings\Owner\NTUSER.DAT -> [2010/02/05 19.48.59 | 007,077,888 | -H-- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/02/05 19.15.54 | 000,000,227 | ---- | M] ()
NvApps.xml -> C:\WINDOWS\System32\NvApps.xml -> [2010/02/05 17.39.44 | 000,229,488 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/05 17.39.41 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/05 17.39.36 | 000,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/02/05 17.39.32 | 3211,186,176 | -HS- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/02/05 10.27.20 | 000,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/02/05 02.34.50 | 003,772,396 | -H-- | M] ()
PUTTY.RND -> C:\Documents and Settings\Owner\PUTTY.RND -> [2010/02/04 21.28.44 | 000,000,600 | ---- | M] ()
tarmina berlusconi.doc -> C:\Documents and Settings\Owner\Desktop\tarmina berlusconi.doc -> [2010/02/04 14.52.18 | 000,031,744 | ---- | M] ()
A Geeks Toy.lnk -> C:\Documents and Settings\All Users\Desktop\A Geeks Toy.lnk -> [2010/02/04 14.28.32 | 000,002,361 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/02/04 00.32.11 | 000,244,224 | ---- | M] ()
VLC media player.lnk -> C:\Documents and Settings\All Users\Desktop\VLC media player.lnk -> [2010/02/03 00.24.33 | 000,000,719 | ---- | M] ()
popcinfo.dat -> C:\WINDOWS\popcinfo.dat -> [2010/01/29 18.26.19 | 000,000,010 | ---- | M] ()
Shoddy Battle.lnk -> C:\Documents and Settings\Owner\Desktop\Shoddy Battle.lnk -> [2010/01/29 17.00.29 | 000,001,898 | ---- | M] ()
options.dat -> C:\WINDOWS\options.dat -> [2010/01/22 16.13.49 | 000,000,078 | ---- | M] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010/01/22 13.27.20 | 000,002,626 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/12 12.17.20 | 000,002,206 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16.07.14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16.07.04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
u992.exe -> C:\Documents and Settings\Owner\Desktop\u992.exe -> [2010/01/07 01.20.42 | 000,433,664 | ---- | M] ()
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files - No Company Name]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/05 20.26.39 | 000,000,696 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\Owner\Desktop\HijackThis.lnk -> [2010/02/05 19.50.14 | 000,001,734 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/02/05 19.15.14 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/02/05 19.15.14 | 000,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/02/05 19.15.14 | 000,068,096 | ---- | C] ()
VFind.exe -> C:\WINDOWS\VFind.exe -> [2010/02/05 19.15.14 | 000,049,152 | ---- | C] ()
tarmina berlusconi.doc -> C:\Documents and Settings\Owner\Desktop\tarmina berlusconi.doc -> [2010/02/04 14.52.18 | 000,031,744 | ---- | C] ()
A Geeks Toy.lnk -> C:\Documents and Settings\All Users\Desktop\A Geeks Toy.lnk -> [2010/02/04 14.28.16 | 000,002,361 | ---- | C] ()
VLC |
|
| Top |
|
|
JeanGrey
Eroe in grazia degli dei
Registrato: 21/12/08 22:00
Messaggi: 142
|
| Inviato: 05 Feb 2010 22:55 Oggetto: |
 |
|
Anche da questi rapporti non si vedono infezioni.
Ti avevo suggerito il modo corretto di allegare i file, mentre tu hai fatto un copia/incolla, inoltre manca il rapporto di Malwarebytes (suppongo sia pulito).
1) Chiudi tutti i programmi
avvia OTS, incolla questo script nel box bianco a destra, dove dice "Paste fix here"
| Codice: | [Kill All Processes]
[resethosts]
[emptytemp]
[Empty Temp Folders]
[start explorer]
[Alternate Data Streams]
sed.exe -> C:\WINDOWS\sed.exe
grep.exe -> C:\WINDOWS\grep.exe
zip.exe -> C:\WINDOWS\zip.exe
VFind.exe -> C:\WINDOWS\VFind.exe
[Reboot] |
Clicca su "Run Fix" in alto a destra
lascia lavorare il programma
al temine allega il rapporto.
2) Con tutte le applicazioni chiuse e disconnesso da internet
Avvia Hijackthis e clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"
| Codice: | O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background |
3) Scarica sul desktop GMER
scopatta, sempre sul desktop il file gmer.zip.
Esegui gmer.exe
Clicca sul Tab "Rootkit"
Clicca su "Scan"
finita la scansione clicca su "Copy"
Apri il Blocco Note salva il file ed allegalo.
Per correggere piccoli errori e velocizzare il Sistema è utile eseguire una Defremmentazione ed uno Scandisk
4) La deframmentazione è un'operazione informatica che consiste nel ristrutturare l'allocazione dei files presenti su un hard disk facendo in modo che ciascun file risulti memorizzato in zone contigue dal punto di vista fisico;
questo diminuisce drasticamente i tempi di accesso ai file.
Ci sono molti software che effettuano la deframmentazione dell'hard-disk, i migliori sono JkDefrag, Auslogics Disk Defrag e IObit SmartDefrag.
Tutti i sistemi operativi Windows hanno comunque una utility interna per deframmentare il disco rigido, per accedervi bisogna seguire il percorso:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.
5) Lo Scandisk è un programma che controlla e ripara file system e cluster danneggiati nell'hard disk.
Tutti i sistemi operati Windows hanno questa utility che permette di controllare ed eventualmente riparare la presenza di errori contenuti nel disco fisso, per accedervi bisogna seguire il percorso:
Aprite Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Selezionate entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Cliccate su "SI" per pianificare l'operazione al prossimo avvio. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
