karnevil9
14-09-2007, 14:35
Ciao a tutti,
Spyware terminator mi dà la segnalazione di Trojan/Toosrrr.SRR. Strano perchè dagli ultimi giorni, grazie alla lettura del forum, mi sono "blindato" con una serie di strumenti: Avira AV, Spyware Terminator, AVG Antispyware, Comodo firewall, da ultimo (ieri) PeerGuardian...
Qui sotto il report di Spyware Term, subito dopo (se può servire) JHthis...
A proposito (anzi, un pò ot): è normale che quando il Mulo va, PeerGuardian praticamente non smetta di dare alerts? Ed è normale che tra le segnalazioni compaia la Nasa, Il social security institute inglese, il Postal Service USA, etc.?!?:confused:
Grazie anticipatamente:)
Logfile of Spyware Terminator v2.0.0.193 (db:1.0.928.688)
Scan Time: 14/09/2007 14.12.19 length: 304 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 26249 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Running Processes
InCDsrv.exe [Nero AG] : C:\Programmi\Ahead\InCD\InCDsrv.exe
EvtEng.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
S24EvMon.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
LVPrcSrv.exe [Logitech] : C:\Programmi\File comuni\logitech\lvmvfm\LVPrcSrv.exe
avguard.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
ICO.EXE [Primax Electronics Ltd.] : C:\WINDOWS\system32\ICO.EXE
FSRremoS.EXE : C:\WINDOWS\system32\FSRremoS.EXE
eDSloader.exe [HiTRUST] : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CameraAssistant.exe [Acer] : C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
Pelmiced.exe [Primax Electronics Ltd.] : C:\WINDOWS\system32\Pelmiced.exe
ElkCtrl.exe [Logitech Inc.] : C:\WINDOWS\system32\ElkCtrl.exe
HPWuSchd2.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
ePower_DMC.exe : C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
avgas.exe [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
avgnt.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PBDataSecure.exe [Packard Bell BV] : C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
privacymantra.exe [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
Acer.Empowering.Framework.Launcher.exe [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
hpqtra08.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
hpqimzone.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
MemCheck.exe [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
sched.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Programmi\File comuni\LightScribe\LSSrvc.exe
hpqSTE08.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
RegSrvc.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
ULCDRSvr.exe [Ulead Systems, Inc.] : C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
eLockServ.exe : C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.tiscali.it/search/
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
Toolbars
03 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - [HiTRUST] : C:\WINDOWS\system32\eDStoolbar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Packard Bell Data Secure : [Packard Bell BV] : C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Power2GoExpress : [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, com.codeode.privacymantra : [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SkyTel : [Realtek Semiconductor Corp.] : C:\WINDOWS\SkyTel.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Mouse Suite 98 Daemon : [Primax Electronics Ltd.] : C:\WINDOWS\system32\ICO.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eDataSecurity Loader : [HiTRUST] : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechCameraAssistant : [Acer] : C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechVideo[inspector] : [Acer] : C:\Programmi\ACER\ORBICAM\INSTALLHELPER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechCameraService(E) : [Logitech Inc.] : C:\WINDOWS\system32\ElkCtrl.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ePower_DMC : : C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Boot : : C:\Acer\Empowering Technology\ePower\Boot.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, !AVG Anti-Spyware : [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
04 - Startup: %START_PROGRAMS%\Esecuzione automatica\Registration Silent Hunter III.LNK : C:\Programmi\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Acer Empowering Technology.lnk [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Microsoft Office.lnk [Microsoft Corporation] : C:\Programmi\Microsoft Office\Office10\OSA.EXE
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\HP Digital Imaging Monitor.lnk [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk : C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe
Shell Extensions
- {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Programmi\Microsoft Office\Office10\msohev.dll
MCLiteShellExt Class - {73B24247-042E-4EF5-ADC2-42F62E6FD654} - : C:\Programmi\ICQLite\ICQLiteShell.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Programmi\Alcohol Soft\Alcohol 120\AXShlEx.dll
Shell Extension for CDRW - {950FF917-7A57-46BC-8017-59D9BF474000} - [Nero AG] : C:\Programmi\Ahead\InCD\incdshx.dll
Simple File Shredder Shell Context Menu - {3DE5DB7C-0EA5-4337-8A5C-D0AC6D154C1B} - [scar5 Software] : C:\Programmi\Simple File Shredder\sfsshell.dll
dsContextMenu - {CB6C13AE-D1BD-4EA5-81FC-A1AC20942B6A} - : C:\Programmi\Packard Bell Data Secure\DSRClick.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programmi\WinRAR\rarext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programmi\Real\RealPlayer\rpshell.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
EPM-PO Shell Extensions - {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} - [Acer Labs USA] : C:\WINDOWS\system32\epm-po.dll
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
Protocol Handler
Microsoft PKM KnowledgePluggable Class - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - [Microsoft Corporation] : C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL
Services
23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys
23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys
23 - [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
23 - [Meetinghouse Data Communications] : C:\WINDOWS\system32\DRIVERS\AegisP.sys
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23 - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
23 - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
23 - [Advanced System Products, Inc.] : C:\WINDOWS\system32\DRIVERS\asc.sys
23 - [Advanced System Products, Inc.] : C:\WINDOWS\system32\DRIVERS\asc3550.sys
23 - : C:\WINDOWS\system32\DRIVERS\atksgt.sys
23 - : C:\Programmi\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [Avira GmbH] : C:\Programmi\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGIO.SYS
23 - [Avira GmbH] : C:\Programmi\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNTFLT.SYS
23 - [AVIRA GmbH] : C:\WINDOWS\system32\DRIVERS\avipbb.sys
23 - [COMODO] : C:\Programmi\Comodo\Firewall\cmdagent.exe
23 - [Comodo Research Lab., Inc.] : C:\WINDOWS\system32\DRIVERS\cmdmon.sys
23 - [Mylex Corporation] : C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23 - : C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23 - [Acer Value Labs, USA] : C:\WINDOWS\system32\DRIVERS\EPM-PSD.SYS
23 - [Acer Value Labs, USA] : C:\WINDOWS\system32\DRIVERS\EPM-SHD.SYS
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23 - [Nero AG] : C:\WINDOWS\system32\DRIVERS\InCDPass.sys
23 - [Nero AG] : C:\Programmi\Ahead\InCD\InCDsrv.exe
23 - [COMODO] : C:\WINDOWS\system32\DRIVERS\inspect.sys
23 - : C:\WINDOWS\system32\DRIVERS\INT15.SYS
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Hewlett-Packard Company] : C:\Programmi\File comuni\LightScribe\LSSrvc.exe
23 - : C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\lv321av.sys
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\LVMVDRV.SYS
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\LVPRCMON.SYS
23 - [Logitech] : C:\Programmi\File comuni\logitech\lvmvfm\LVPrcSrv.exe
23 - [Logitech] : C:\WINDOWS\system32\drivers\lvusbsta.sys
23 - [NewTech Infosystems, Inc.] : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23 - [Primax Electronics Ltd.] : C:\WINDOWS\system32\DRIVERS\pelmouse.sys
23 - [Primax Electronics Ltd.] : C:\WINDOWS\system32\DRIVERS\pelusblf.sys
23 - [HiTRUST] : C:\WINDOWS\system32\DRIVERS\PSDFILTER.SYS
23 - [HiTRUST] : C:\WINDOWS\system32\DRIVERS\PSDVDISK.SYS
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql1080.sys
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql12160.sys
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql1280.sys
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\s24trans.sys
23 - [Adaptec, Inc.] : C:\WINDOWS\system32\DRIVERS\sparrow.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23 - [Symbios Logic Inc.] : C:\WINDOWS\system32\DRIVERS\symc810.sys
23 - [Synaptics, Inc.] : C:\WINDOWS\system32\DRIVERS\SynTP.sys
23 - [Texas Instruments] : C:\WINDOWS\system32\drivers\tifm21.sys
23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS
23 - [Ulead Systems, Inc.] : C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
23 - [Promise Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\ultra.sys
23 - [Intel® Corporation] : C:\WINDOWS\system32\DRIVERS\w39n51.sys
23 - [Zeal SoftStudio] : C:\WINDOWS\system32\DRIVERS\ZNTPORT.SYS
23 - : C:\Programmi\PEERGUARDIAN2\PGFILTER.SYS
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.18.28, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\Sergio\Desktop\Hthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programmi\Privacy Mantra 2.02\privacymantra.exe" -minimized
O4 - HKCU\..\Run: [com.codeode.privacymantra] "C:\Programmi\Privacy Mantra 2.02\privacymantra.exe" -minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Silent Hunter III.LNK = C:\Programmi\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.elwahavillage.com/VT/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166116545369
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 14562 bytes
Spyware terminator mi dà la segnalazione di Trojan/Toosrrr.SRR. Strano perchè dagli ultimi giorni, grazie alla lettura del forum, mi sono "blindato" con una serie di strumenti: Avira AV, Spyware Terminator, AVG Antispyware, Comodo firewall, da ultimo (ieri) PeerGuardian...
Qui sotto il report di Spyware Term, subito dopo (se può servire) JHthis...
A proposito (anzi, un pò ot): è normale che quando il Mulo va, PeerGuardian praticamente non smetta di dare alerts? Ed è normale che tra le segnalazioni compaia la Nasa, Il social security institute inglese, il Postal Service USA, etc.?!?:confused:
Grazie anticipatamente:)
Logfile of Spyware Terminator v2.0.0.193 (db:1.0.928.688)
Scan Time: 14/09/2007 14.12.19 length: 304 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 26249 (Critical:1)
Filter: No System items, No Safe items, No Invalid items
Running Processes
InCDsrv.exe [Nero AG] : C:\Programmi\Ahead\InCD\InCDsrv.exe
EvtEng.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
S24EvMon.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
LVPrcSrv.exe [Logitech] : C:\Programmi\File comuni\logitech\lvmvfm\LVPrcSrv.exe
avguard.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
ICO.EXE [Primax Electronics Ltd.] : C:\WINDOWS\system32\ICO.EXE
FSRremoS.EXE : C:\WINDOWS\system32\FSRremoS.EXE
eDSloader.exe [HiTRUST] : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
CameraAssistant.exe [Acer] : C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
Pelmiced.exe [Primax Electronics Ltd.] : C:\WINDOWS\system32\Pelmiced.exe
ElkCtrl.exe [Logitech Inc.] : C:\WINDOWS\system32\ElkCtrl.exe
HPWuSchd2.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
ePower_DMC.exe : C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
avgas.exe [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
avgnt.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PBDataSecure.exe [Packard Bell BV] : C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
privacymantra.exe [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
Acer.Empowering.Framework.Launcher.exe [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
hpqtra08.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
hpqimzone.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
MemCheck.exe [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
sched.exe [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Programmi\File comuni\LightScribe\LSSrvc.exe
hpqSTE08.exe [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
RegSrvc.exe [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
ULCDRSvr.exe [Ulead Systems, Inc.] : C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
eLockServ.exe : C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.tiscali.it/search/
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.google.com/ie
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
Toolbars
03 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - [HiTRUST] : C:\WINDOWS\system32\eDStoolbar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Packard Bell Data Secure : [Packard Bell BV] : C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Power2GoExpress : [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, com.codeode.privacymantra : [Codeode] : C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SkyTel : [Realtek Semiconductor Corp.] : C:\WINDOWS\SkyTel.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Mouse Suite 98 Daemon : [Primax Electronics Ltd.] : C:\WINDOWS\system32\ICO.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eDataSecurity Loader : [HiTRUST] : C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechCameraAssistant : [Acer] : C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechVideo[inspector] : [Acer] : C:\Programmi\ACER\ORBICAM\INSTALLHELPER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LogitechCameraService(E) : [Logitech Inc.] : C:\WINDOWS\system32\ElkCtrl.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ePower_DMC : : C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Boot : : C:\Acer\Empowering Technology\ePower\Boot.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, !AVG Anti-Spyware : [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgnt : [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
04 - Startup: %START_PROGRAMS%\Esecuzione automatica\Registration Silent Hunter III.LNK : C:\Programmi\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Acer Empowering Technology.lnk [Acer Inc.] : C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Microsoft Office.lnk [Microsoft Corporation] : C:\Programmi\Microsoft Office\Office10\OSA.EXE
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\HP Digital Imaging Monitor.lnk [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk [Hewlett-Packard Development Company, L.P.] : C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
04 - Startup: %START_PROGRAMSALL%\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk : C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe
Shell Extensions
- {2F603045-309F-11CF-9774-0020AFD0CFF6} - [Synaptics, Inc.] : C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Programmi\Microsoft Office\Office10\msohev.dll
MCLiteShellExt Class - {73B24247-042E-4EF5-ADC2-42F62E6FD654} - : C:\Programmi\ICQLite\ICQLiteShell.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Programmi\Alcohol Soft\Alcohol 120\AXShlEx.dll
Shell Extension for CDRW - {950FF917-7A57-46BC-8017-59D9BF474000} - [Nero AG] : C:\Programmi\Ahead\InCD\incdshx.dll
Simple File Shredder Shell Context Menu - {3DE5DB7C-0EA5-4337-8A5C-D0AC6D154C1B} - [scar5 Software] : C:\Programmi\Simple File Shredder\sfsshell.dll
dsContextMenu - {CB6C13AE-D1BD-4EA5-81FC-A1AC20942B6A} - : C:\Programmi\Packard Bell Data Secure\DSRClick.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programmi\WinRAR\rarext.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programmi\Real\RealPlayer\rpshell.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Programmi\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Programmi\WinZip\wzshlstb.dll
EPM-PO Shell Extensions - {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} - [Acer Labs USA] : C:\WINDOWS\system32\epm-po.dll
Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\shlext.dll
Protocol Handler
Microsoft PKM KnowledgePluggable Class - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - [Microsoft Corporation] : C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL
Services
23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys
23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys
23 - [Acer Inc.] : C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
23 - [Meetinghouse Data Communications] : C:\WINDOWS\system32\DRIVERS\AegisP.sys
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23 - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
23 - [Avira GmbH] : C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
23 - [Advanced System Products, Inc.] : C:\WINDOWS\system32\DRIVERS\asc.sys
23 - [Advanced System Products, Inc.] : C:\WINDOWS\system32\DRIVERS\asc3550.sys
23 - : C:\WINDOWS\system32\DRIVERS\atksgt.sys
23 - : C:\Programmi\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS
23 - [GRISOFT s.r.o.] : C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [Avira GmbH] : C:\Programmi\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGIO.SYS
23 - [Avira GmbH] : C:\Programmi\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNTFLT.SYS
23 - [AVIRA GmbH] : C:\WINDOWS\system32\DRIVERS\avipbb.sys
23 - [COMODO] : C:\Programmi\Comodo\Firewall\cmdagent.exe
23 - [Comodo Research Lab., Inc.] : C:\WINDOWS\system32\DRIVERS\cmdmon.sys
23 - [Mylex Corporation] : C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23 - : C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23 - [Acer Value Labs, USA] : C:\WINDOWS\system32\DRIVERS\EPM-PSD.SYS
23 - [Acer Value Labs, USA] : C:\WINDOWS\system32\DRIVERS\EPM-SHD.SYS
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23 - [Nero AG] : C:\WINDOWS\system32\DRIVERS\InCDPass.sys
23 - [Nero AG] : C:\Programmi\Ahead\InCD\InCDsrv.exe
23 - [COMODO] : C:\WINDOWS\system32\DRIVERS\inspect.sys
23 - : C:\WINDOWS\system32\DRIVERS\INT15.SYS
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Hewlett-Packard Company] : C:\Programmi\File comuni\LightScribe\LSSrvc.exe
23 - : C:\WINDOWS\system32\DRIVERS\lirsgt.sys
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\lv321av.sys
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\LVMVDRV.SYS
23 - [Logitech] : C:\WINDOWS\system32\DRIVERS\LVPRCMON.SYS
23 - [Logitech] : C:\Programmi\File comuni\logitech\lvmvfm\LVPrcSrv.exe
23 - [Logitech] : C:\WINDOWS\system32\drivers\lvusbsta.sys
23 - [NewTech Infosystems, Inc.] : C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
23 - [Primax Electronics Ltd.] : C:\WINDOWS\system32\DRIVERS\pelmouse.sys
23 - [Primax Electronics Ltd.] : C:\WINDOWS\system32\DRIVERS\pelusblf.sys
23 - [HiTRUST] : C:\WINDOWS\system32\DRIVERS\PSDFILTER.SYS
23 - [HiTRUST] : C:\WINDOWS\system32\DRIVERS\PSDVDISK.SYS
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql1080.sys
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql12160.sys
23 - [QLogic Corporation] : C:\WINDOWS\system32\DRIVERS\ql1280.sys
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23 - [Intel Corporation] : C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\s24trans.sys
23 - [Adaptec, Inc.] : C:\WINDOWS\system32\DRIVERS\sparrow.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [Avira GmbH] : C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23 - [Symbios Logic Inc.] : C:\WINDOWS\system32\DRIVERS\symc810.sys
23 - [Synaptics, Inc.] : C:\WINDOWS\system32\DRIVERS\SynTP.sys
23 - [Texas Instruments] : C:\WINDOWS\system32\drivers\tifm21.sys
23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS
23 - [Ulead Systems, Inc.] : C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
23 - [Promise Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\ultra.sys
23 - [Intel® Corporation] : C:\WINDOWS\system32\DRIVERS\w39n51.sys
23 - [Zeal SoftStudio] : C:\WINDOWS\system32\DRIVERS\ZNTPORT.SYS
23 - : C:\Programmi\PEERGUARDIAN2\PGFILTER.SYS
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.18.28, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
C:\Programmi\Privacy Mantra 2.02\privacymantra.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Documents and Settings\Sergio\Desktop\Hthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programmi\Privacy Mantra 2.02\privacymantra.exe" -minimized
O4 - HKCU\..\Run: [com.codeode.privacymantra] "C:\Programmi\Privacy Mantra 2.02\privacymantra.exe" -minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Silent Hunter III.LNK = C:\Programmi\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.elwahavillage.com/VT/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166116545369
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs:
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 14562 bytes