Spero che così vada bene, ma dubito.
Non capisco perche si faccia riferimento a un certo hijack ecc., quando mi pare che questa sigla si riferisc a Spyboot.
Ecco quanto ho trovato vagando per i menù
a naso:
--- Search result list ---
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-04-27 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2005-04-27 Includes\Malware.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-04-27 Includes\Spybots.sbi
2005-04-27 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2004-11-29 Includes\LSP.sbi
2005-04-27 Includes\PUPS.sbi
--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX8.1 / SP1: Aggiornamento rapido di DirectX 8.1 - KB839643
/ DirectX: DirectX Update 819696
/ Internet Explorer 6 / SP1: Aggiornamento rapido per Windows 2000 - 834707 KB
/ Internet Explorer 6 / SP1: Aggiornamento rapido per Windows 2000 - KB867282
/ Internet Explorer 6 / SP1: Aggiornamento rapido per Windows 2000 - KB889293
/ Internet Explorer 6 / SP1: Aggiornamento rapido per Windows 2000 - KB890923
/ MSXML4: Patch Available For XMLHTTP Vulnerability
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB823182
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB823559
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB824105
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB825119
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB826232
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB828035
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB828741
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB828749
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB835732
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB837001
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB839645
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB840315
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB840987
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB841356
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB841533
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB841872
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB841873
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB842526
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB842773
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB871250
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB873333
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB873339
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB885250
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB885835
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB885836
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB888113
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB890047
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB890175
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB890859
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB891711
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB891781
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB893066
/ Windows 2000 / SP5: Aggiornamento rapido di Windows 2000 - KB893086
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows Media Player: Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
/ Windows Media Player / SP0: Aggiornamento rapido di Windows Media Player [Per ulteriori informazioni vedere Q828026]
/ Windows Media Player 9 / SP0: Aggiornamento rapido di Windows Media Player 9 [Per ulteriori informazioni, vedere KB885492]
--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
file: D:\Programmi\File comuni\Symantec Shared\ccApp.exe
size: 70760
MD5: dac4113d940f1ad75ab8a9e379bd802e
Located: HK_LM:Run, CloneCDElbyCDFL
command: "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
file: D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe
size: 45056
MD5: 56193bce4dfd8879aedeb26b71a0a583
Located: HK_LM:Run, FineReader6NewsReaderPro
command: D:\Programmi\ABBYY FineReader 6.0\AbbyyNewsReader.exe
file: D:\Programmi\ABBYY FineReader 6.0\AbbyyNewsReader.exe
size: 258048
MD5: c40e1a8ab2eece70b1cfcebacbc1db6b
Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: D:\WINNT\Logi_MwX.Exe
size: 19968
MD5: 35725dcd484543d71d8871482178be5f
Located: HK_LM:Run, LogitechVideoRepair
command: D:\Programmi\Logitech\Video\ISStart.exe
file: D:\Programmi\Logitech\Video\ISStart.exe
size: 188416
MD5: 3257a2a9e9943de93ee5438cb2e77359
Located: HK_LM:Run, LogitechVideoTray
command: D:\Programmi\Logitech\Video\LogiTray.exe
file: D:\Programmi\Logitech\Video\LogiTray.exe
size: 65536
MD5: 66fa2cc087dfa905c22a7f83ff59c7dc
Located: HK_LM:Run, NAV Agent
command: D:\PROGRA~1\NORTON~1\navapw32.exe
file: D:\PROGRA~1\NORTON~1\navapw32.exe
size: 75384
MD5: 4c6ee18f06a4b95697fd51fa5aa1745f
Located: HK_LM:Run, NeroCheck
command: D:\WINNT\system32\NeroCheck.exe
file: D:\WINNT\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: D:\WINNT\system32\RUNDLL32.EXE
size: 10000
MD5: fef164fc71fe934023beba34c8666c73
Located: HK_LM:Run, SSC_UserPrompt
command: D:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
file: D:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: 2d741e6e14887f073bf773fa4beff60d
Located: HK_LM:Run, Symantec NetDriver Monitor
command: D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: D:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: D:\WINNT\system32\mobsync.exe
size: 111376
MD5: fbe5cd4f730b331bfdabe729f4096611
Located: HK_LM:Run, TkBellExe
command: "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
file: D:\Programmi\File comuni\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06
Located: HK_CU:Run, ctfmon.exe
command: ctfmon.exe
file: D:\WINNT\system32\ctfmon.exe
size: 8192
MD5: d36a33c21eeed5a6c1daecb7c80a1909
Located: HK_CU:Run, LDM
command: \Program\BackWeb-8876480.exe
Located: Esecuzione automatica (comune), Logitech Desktop Messenger.lnk
command: D:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: D:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 169472
MD5: 91291ca1490f952d977618544d540b87
Located: Esecuzione automatica (comune), Microsoft Office.lnk
command: D:\Programmi\Microsoft Office\Office10\OSA.EXE
file: D:\Programmi\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
--- Browser helper object list ---
{01FB9C55-FC66-4476-A199-389241193188} ()
BHO name:
CLSID name:
{302A3240-4805-4a34-97D7-1645A0B08410} (BolgerObj Class)
BHO name:
CLSID name: BolgerObj Class
Path: D:\WINNT\
Long name: Bolger.dll
Short name: BOLGER.DLL
Date (created): 01/01/2003 1.38.04
Date (last access): 03/05/2005
Date (last write): 01/01/2003 1.38.04
Filesize: 172032
Attributes: archive
MD5: 67DA1E869864F3B17DBD66E58A3D29C5
CRC32: C8D089EF
Version: 0.0.0.12
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link:
http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 12/05/2004 1.03.00
Date (last access): 03/05/2005
Date (last write): 12/05/2004 1.03.00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Web assistant)
BHO name: Web assistant
CLSID name: CNisExtBho Class
Path: D:\Programmi\File comuni\Symantec Shared\AdBlocking\
Long name: NISShExt.dll
Short name: NISSHEXT.DLL
Date (created): 09/09/2003 21.12.44
Date (last access): 03/05/2005
Date (last write): 09/09/2003 21.12.44
Filesize: 131072
Attributes: archive
MD5: 8634C90313B0B36352F40710B818ABD8
CRC32: 95161696
Version: 0.7.0.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: Googletoolbar.dll
info link:
http://toolbar.google.com/
info source: TonyKlein
Path: d:\programmi\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 04/01/2005 0.04.08
Date (last access): 03/05/2005
Date (last write): 02/12/2004 13.59.32
Filesize: 720896
Attributes: readonly archive
MD5: D4E9B7B696E8C40A0E5CB76621A03EE4
CRC32: 019AF69C
Version: 0.2.0.0
{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link:
http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: D:\Programmi\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 12/06/2003 17.29.58
Date (last access): 03/05/2005
Date (last write): 08/03/2002 18.12.10
Filesize: 102400
Attributes: archive
MD5: 0BE15518DC60A3174050BC5E88E0FB82
CRC32: 88312F13
Version: 0.8.0.0
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
Yahoo! Checkers (Yahoo! Checkers)
DPF name: Yahoo! Checkers
CLSID name:
Yahoo! Chess (Yahoo! Chess)
DPF name: Yahoo! Chess
CLSID name:
Yahoo! Pool 2 (Yahoo! Pool 2)
DPF name: Yahoo! Pool 2
CLSID name:
{0191ABF4-9421-435E-9FFD-CD827A2A82D8} ()
DPF name:
CLSID name:
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: D:\WINNT\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 03/06/2004 11.19.12
Date (last access): 03/05/2005
Date (last write): 03/06/2004 11.19.12
Filesize: 197760
Attributes: archive
MD5: 022A51548912CDC16403BFD74C2B5185
CRC32: 5C5E85AC
Version: 7.212.0.5
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Path: D:\WINNT\Downloaded Program Files\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 26/01/2004 18.40.04
Date (last access): 03/05/2005
Date (last write): 26/01/2004 18.40.04
Filesize: 133120
Attributes: archive
MD5: E1FBF33D995C89583A36F461EC2879FF
CRC32: 1592E04B
Version: 7.212.0.1
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: D:\WINNT\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 4.10.30
Date (last access): 03/05/2005
Date (last write): 27/08/2003 4.10.30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0
{560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class)
DPF name:
CLSID name: PhotosCtrlIT Class
Path: D:\WINNT\Downloaded Program Files\
Long name: YPhotoIT.dll
Short name: YPHOTOIT.DLL
Date (created): 19/12/2002 16.06.58
Date (last access): 03/05/2005
Date (last write): 19/12/2002 16.06.58
Filesize: 455840
Attributes: archive
MD5: 7BC1711AA69E6BB9B88F5C3BAC77A451
CRC32: 19B51926
Version: 7.210.0.12
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
DPF name:
CLSID name: RdxIE Class
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
Path: D:\WINNT\Downloaded Program Files\
Long name: RdxIE.dll
Short name: RDXIE.DLL
Date (created): 28/01/2004 13.54.34
Date (last access): 03/05/2005
Date (last write): 28/01/2004 13.54.34
Filesize: 524445
Attributes: archive
MD5: 2478F04ABDEFA6FB21E076AF60BEC231
CRC32: 207BC312
Version: 0.6.0.0
{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class)
DPF name:
CLSID name: DASWebDownload Class
Path: D:\WINNT\
Long name: DASAct.dll
Short name: DASACT.DLL
Date (created): 23/09/2003 10.50.32
Date (last access): 03/05/2005
Date (last write): 23/09/2003 10.50.32
Filesize: 154320
Attributes: archive
MD5: 9585A0BF0765C4748287D8577547559C
CRC32: 3A5C8F45
Version: 0.2.0.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: D:\Programmi\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 09/04/2005 19.53.04
Date (last access): 02/05/2005
Date (last write): 09/04/2005 19.53.04
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 0.1.0.4
{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: D:\WINNT\System32\
Long name: iuctl.dll
Short name:
Date (created): 25/08/2003 18.06.50
Date (last access): 03/05/2005
Date (last write): 09/02/2004 21.08.38
Filesize: 115480
Attributes: archive
MD5: 3AEF2B6F0E16F232676392DB0C106DA4
CRC32: 0A50A657
Version: 0.5.0.4
{AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class)
DPF name:
CLSID name: WebHandler Class
Path: D:\WINNT\Downloaded Program Files\
Long name: dlhelper.dll
Short name:
Date (created): 28/03/2003 14.28.14
Date (last access): 03/05/2005
Date (last write): 28/03/2003 14.28.14
Filesize: 245760
Attributes: archive
MD5: 489B3DE5BB5E02648782027342B01D99
CRC32: 4C690816
Version: 0.7.0.0
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class)
DPF name:
CLSID name: Symantec RuFSI Registry Information Class
description: Symantec RuFSI Registry Information Class
classification: Legitimate
known filename: RUFSI.DLL
info link:
info source: Patrick M. Kolla
Path: D:\WINNT\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 03/06/2004 11.19.22
Date (last access): 03/05/2005
Date (last write): 03/06/2004 11.19.22
Filesize: 160928
Attributes: archive
MD5: 12D9D01A82190E56CAB50B8232388282
CRC32: 862514A3
Version: 7.212.0.5
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Path: D:\Programmi\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 09/04/2005 19.53.04
Date (last access): 03/05/2005
Date (last write): 09/04/2005 19.53.04
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 0.1.0.4
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: D:\WINNT\system32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 08/04/2004 17.51.02
Date (last access): 02/05/2005
Date (last write): 08/04/2004 17.51.02
Filesize: 939368
Attributes: archive
MD5: 2FB1D6FAB135CEE391AB3D70E1C26347
CRC32: 488FA4EC
Version: 0.7.0.0
{FFD1E45F-2B11-4742-BF47-3822FE02EE0F} (Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class)
DPF name:
CLSID name: Yahoo! Foto - salva e condividi le tue foto su Yahoo! E' facile!l Class
Path: D:\WINNT\Downloaded Program Files\
Long name: YDropperIT.dll
Short name: YDROPP~1.DLL
Date (created): 01/12/2003 11.33.20
Date (last access): 03/05/2005
Date (last write): 01/12/2003 11.33.20
Filesize: 259040
Attributes: archive
MD5: FF8F09ED2CEDDB05D93CC43AC8AE40F0
CRC32: 1AD0B84B
Version: 7.211.0.12
--- Process list ---
Spybot - Search && Destroy process list report, 03/05/2005 9.55.29
PID: 0 ( 0) [System]
PID: 8 ( 0) System
PID: 192 (
\SystemRoot\System32\smss.exe
PID: 216 ( 192) \??\D:\WINNT\system32\winlogon.exe
PID: 220 ( 192) csrss.exe
PID: 268 ( 216) D:\WINNT\system32\services.exe
PID: 280 ( 216) D:\WINNT\system32\lsass.exe
PID: 444 ( 268) D:\WINNT\system32\svchost.exe
PID: 464 ( 268) D:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
PID: 484 (1404) D:\Programmi\File comuni\Symantec Shared\ccApp.exe
PID: 500 ( 268) D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
PID: 504 (1404) D:\WINNT\system32\ctfmon.exe
PID: 564 ( 268) D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
PID: 668 ( 268) D:\WINNT\system32\spoolsv.exe
PID: 700 ( 268) D:\Programmi\File comuni\Symantec Shared\ccProxy.exe
PID: 720 ( 444) D:\Programmi\Microsoft Office\Office10\WINWORD.EXE
PID: 732 ( 268) D:\WINNT\System32\svchost.exe
PID: 776 ( 268) D:\WINNT\downlo~1\5whzo\womve1.exe
PID: 808 ( 268) D:\Programmi\Norton AntiVirus\navapsvc.exe
PID: 884 ( 268) D:\WINNT\system32\regsvc.exe
PID: 924 ( 268) D:\WINNT\system32\MSTask.exe
PID: 944 ( 268) D:\WINNT\system32\stisvc.exe
PID: 1048 ( 268) D:\WINNT\System32\WBEM\WinMgmt.exe
PID: 1072 ( 268) D:\WINNT\System32\mspmspsv.exe
PID: 1112 (1404) D:\Programmi\Spybot - Search & Destroy\spybotsd.exe
PID: 1156 ( 268) D:\WINNT\system32\svchost.exe
PID: 1368 (1532) D:\Programmi\Logitech\Video\LowLight.exe
PID: 1372 (1404) D:\Programmi\File comuni\Real\Update_OB\realsched.exe
PID: 1404 (1380) D:\WINNT\Explorer.exe
PID: 1472 (1404) D:\PROGRA~1\NORTON~1\navapw32.exe
PID: 1496 (1404) D:\WINNT\system32\NOTEPAD.EXE
PID: 1504 (1404) D:\Programmi\ABBYY FineReader 6.0\AbbyyNewsReader.exe
PID: 1532 (1404) D:\Programmi\Logitech\Video\LogiTray.exe
PID: 1552 (1488) D:\Programmi\Logitech\MouseWare\system\em_exec.exe
PID: 1632 (1800) D:\Programmi\Internet Explorer\iexplore.exe
PID: 1656 ( 444) D:\WINNT\system32\LVComS.exe
PID: 1672 ( 268) D:\WINNT\System32\svchost.exe
PID: 1736 (1404) D:\WINNT\system32\ntvdm.exe
PID: 1800 (1404) D:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 03/05/2005 9.55.29
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.libero.it/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F68E0837-31B9-41B1-AF15-E802271135FF}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F68E0837-31B9-41B1-AF15-E802271135FF}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6826DB25-9B37-4342-BAE4-809CE83756F0}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6826DB25-9B37-4342-BAE4-809CE83756F0}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2F23EDE-F82F-4277-B256-37CD9C25C85A}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2F23EDE-F82F-4277-B256-37CD9C25C85A}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{667AF40E-E74E-43D5-A4B8-8FAF5070EE2C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{667AF40E-E74E-43D5-A4B8-8FAF5070EE2C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2106D438-C672-4C62-9435-069DCC73B093}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2106D438-C672-4C62-9435-069DCC73B093}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\rnr20.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS