Discussione: Audio che gracchia
View Single Post
Old 25-09-2012, 10:45   #7
folante
Junior Member
 
Iscritto dal: Jul 2005
Messaggi: 26
tallines,

grazie mille per la dettagliata delucidazione che mi riservo di rileggere meglio per "metabolizzarla".
Ci tenevo a farti sapere che ieri ho provato a scaricare i programmi ed effettuare quanto da te suggerito. I risultati li puoi trovare più in basso.

Queste 2 voci (O23) non sono riuscito ad eliminarle, anche perchè mi dice che servono al sistema operativo:
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe

-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.32.39, on 24/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
E:\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\Ashampoo WinOptimizer 9\LiveTuner.exe
E:\Advanced SystemCare 5\ASCTray.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Ashampoo WinOptimizer 9\LiveTunerService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OutpostMonitor] "E:\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "E:\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [Ashampoo WinOptimizer Live-Tuner] "E:\Ashampoo WinOptimizer 9\LiveTuner.exe" -TRAY
O4 - HKCU\..\Run: [Advanced SystemCare 5] "E:\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-1202660629-1454471165-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Rilevamento dispositivi) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/Select/asusTek_sys_ctrl3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: e:\OUTPOS~1\wl_hook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - E:\OUTPOS~1\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - E:\Advanced SystemCare 5\ASCService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Ashampoo WinOptimizer 9\DfsdkS.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - E:\Ashampoo WinOptimizer 9\LiveTunerService.exe

--
End of file - 6936 bytes

-------------------------------------------------------------------------

ComboFix 12-09-24.02 - mauro 24/09/2012 19.06.31.1.2 - x86 NETWORK
Eseguito da: c:\documents and settings\mauro.MAURO70\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mauro.MAURO70\Dati applicazioni\wuild.dll
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\L\00000004.@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\U\00000004.@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\U\00000008.@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\U\000000cb.@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\U\80000000.@
c:\recycler\S-1-5-21-1202660629-1454471165-725345543-1003\$b3c319f51aa808bd80e601e01af297a5\U\80000032.@
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\URTTemp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-24 al 2012-09-24 )))))))))))))))))))))))))))))))))))
.
.
2012-09-24 16:56 . 2012-09-24 16:56 -------- d-----w- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\MFAData
2012-09-24 16:56 . 2012-09-24 16:56 -------- d-----w- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\Avg2013
2012-09-24 16:51 . 2012-07-23 13:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-23 21:13 . 2012-09-23 21:13 388096 ----a-r- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-22 22:30 . 2012-09-22 22:30 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-09-22 16:59 . 2007-04-13 20:25 69664 ----a-w- c:\windows\system32\drivers\Protec.sys
2012-09-22 16:59 . 2007-04-13 20:25 113440 ----a-w- c:\windows\system32\AsioPTec.dll
2012-09-22 15:28 . 2012-09-23 21:57 -------- d-----w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\vlc
2012-09-18 21:36 . 2012-09-18 21:36 -------- d-----w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\hellomoto
2012-09-18 20:10 . 2012-09-18 20:10 -------- d-----w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Iminent
2012-09-18 20:10 . 2012-09-18 20:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Iminent
2012-09-16 14:59 . 2012-09-16 21:08 -------- d-----w- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\AskToolbar
2012-09-16 14:59 . 2012-09-16 14:59 -------- d-----w- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\APN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 16:52 . 2012-04-25 06:29 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 16:52 . 2011-06-23 06:28 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\mauro.MAURO70\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-30 17:01 468128 ----a-w- e:\outpost security suite free\op_shell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="e:\advanced systemcare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"OutpostMonitor"="e:\outpos~1\op_mon.exe" [2011-04-04 3107736]
"OutpostFeedBack"="e:\outpost security suite free\feedback.exe" [2011-03-30 517056]
"Ashampoo WinOptimizer Live-Tuner"="e:\ashampoo winoptimizer 9\LiveTuner.exe" [2012-05-14 2883456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\outpos~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Color Calibration.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Color Calibration.lnk
backup=c:\windows\pss\Color Calibration.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^MagicTune3.5.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\MagicTune3.5.lnk
backup=c:\windows\pss\MagicTune3.5.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^NaturalColorLoad.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\NaturalColorLoad.lnk
backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mauro.MAURO70^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\mauro.MAURO70\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mauro.MAURO70^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
path=c:\documents and settings\mauro.MAURO70\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk
backup=c:\windows\pss\Logitech . Registrazione prodotti.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverFinder
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 11:53 77824 -c--a-w- c:\programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 -c--a-w- c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- e:\daemon tools lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40 1387288 -c--a-w- c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-30 19:51 116648 -c--atw- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-05-15 09:40 15504192 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-05-15 10:18 1634112 ----a-w- c:\programmi\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase28Panel]
2007-03-21 15:23 266240 -c--a-w- c:\programmi\TerraTec\PHASE 22 & 28 ControlPanel\ProtecMixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 ------w- e:\spybot - search & destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 14:10 153672 -c--a-w- c:\programmi\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48 74752 ----a-w- e:\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"SharedAccess"=2 (0x2)
"SCardSvr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LBTServ"=3 (0x3)
"helpsvc"=2 (0x2)
"Eventlog"=2 (0x2)
"clr_optimization_v4.0.30319_32"=2 (0x2)
"BITS"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\uTorrent\\uTorrent.exe"=
.
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [x]
R2 acssrv;Agnitum Client Security Service;e:\outpos~1\acs.exe [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;e:\advanced systemcare 5\ASCService.exe [x]
R2 gupdate;Servizio Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [x]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [x]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;e:\ashampoo winoptimizer 9\LiveTunerProcessMonitor32.sys [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 RVIEGVST;VSC VST Engine;c:\programmi\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [x]
R2 ServUpdater;Serv Updater;c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [x]
R2 SoftwareUpd;Software Upd;c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 WO_LiveService;Ashampoo LiveTuner Service;e:\ashampoo winoptimizer 9\LiveTunerService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [x]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [x]
R3 DfSdkS;Defragmentation-Service;e:\ashampoo winoptimizer 9\DfsdkS.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [x]
R3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 musbehco;musbehco;c:\docume~1\MAURO~2.MAU\IMPOST~1\Temp\musbehco.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [x]
R3 Protec;PHASE WDM Audio;c:\windows\system32\drivers\Protec.sys [x]
R3 RDID1100;JS-8;c:\windows\system32\Drivers\rdwm1100.sys [x]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [x]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;f:\game booster 3\Driver\WinRing0.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - LBEEPKE
*NewlyCreated* - PXHELP20
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 16:52]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd91c7b3fcab94.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-07-06 19:51]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1454471165-725345543-1003Core.job
- c:\documents and settings\mauro.MAURO70\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-03-30 19:51]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://search.findeer.com
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1C51A1C1-F33D-4F12-9FB8-89C9DF330641}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3D93C930-BBB6-4D50-899D-A9C360F85006}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{AF2C7482-7E89-467F-ABE2-07A4AC3CA5C1}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\mauro.MAURO70\Dati applicazioni\Mozilla\Firefox\Profiles\rr5m3k12.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ISW - c:\programmi\CheckPoint\ZAForceField\ForceField.exe
MSConfigStartUp-NokiaOviSuite2 - c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PosService - c:\documents and settings\All Users.WINDOWS\Documenti\AppData\PoApp\PLauncher.exe
MSConfigStartUp-Sweetpacks Communicator - c:\programmi\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSConfigStartUp-VirtualCloneDrive - e:\virtualclonedrive\VCDDaemon.exe
MSConfigStartUp-ZoneAlarm Installer - c:\programmi\CheckPoint\Install\Launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-24 19:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\MAURO~2.MAU\IMPOST~1\Temp\ASFWHide"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1454471165-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,89,74,7e,38,51,06,d0,a4,6f,8b,a0,36,81,3a,03,ee,e8,f9,a4,b2,b3,e4,
8a,19,9f,cd,a2,9f,cd,6e,9e,5a,f7,bf,9d,68,23,2c,be,e9,70,35,21,ec,94,16,d2,\
"??"=hex:ec,9e,51,ce,c4,0e,61,ca,97,84,6e,8b,d6,7f,95,11
.
[HKEY_USERS\S-1-5-21-1202660629-1454471165-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b5,d2,82,57,d3,a0,9a,c2,24,97,de,bb,22,7b,13,e6,52,c4,9f,98,c2,
27,9a,d6,67,fa,68,ed,a5,9f,8a,46,3c,c8,60,05,05,1a,48,19,03,8c,0c,dc,ce,88,\
"rkeysecu"=hex:eb,1d,d6,e8,6d,63,e5,61,57,e4,e2,29,fe,34,62,96
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
e:\outpos~1\wl_hook.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(804)
e:\outpos~1\wl_hook.dll
.
Ora fine scansione: 2012-09-24 19:14:08
ComboFix-quarantined-files.txt 2012-09-24 17:14
.
Pre-Run: 6.607.966.208 byte disponibili
Post-Run: 6.680.211.456 byte disponibili
.
- - End Of File - - 008CB1BAD180DD9EF420BFFF02C12033
folante è offline