VIRUS E MASTERIZZAZIONE

[GIORDANO]

Buon Giorno a tutti ,
volevo porre questo quesito relativo al disastro di un virus , da Me mai provato .
Praticamente Mi si e’ bloccato il P.C. mentre navigavo , e dopo 2 minuti Mi e’
Uscita la scritta : COMPUTER INFETTATO DA VIRUS (altra scritta che non ho mai visto ,
e di virus ne ho beccati parecchi!), e si e ‘spento tutto . Ha tentato di riavviarsi da solo , e dopo vari tentativi e’ rientrato.
Ho lanciato antivirus AVIRA , e mia ha beccato 7 virus tipo trojan tutti assieme.Poi e’ ributtato di nuovo
, quindi ho lanciato Spybot che pero’ ha meta’ scansione si blocca e non va’ piu’ avanti .
Allora rilancio Avira , e come parte tac si spegne tutto di nuovo!Ho ripetuto l’operazione per un paio di volte , ed e’ sempre finita cosi’ .
Apparentemente il computer comunque (se non lancio Avira) , sembra non rilevare danni .
Il problema grosso e’ che non riesco piu’ a masterizzare dvd , gia’ scritti .
In poche parole quando masterizzo con Nero (qualsiasi programma di Nero) , Mi cancella il dvd (precedentemente scritto) , arriva al 100% della cancellazione , ma poi si blocca e non riscrive i nuovi files sul disco . Se io interrompo questa procedura , con annulla , creo un’incongruenza , che mi rende poi inutilizzabile il dvd stesso (infatti se tento di copiargli sopra , mi dice che non lo riconosce come disco riscrivibile! ).

Ho qualche probabilita’ di risolvere il problema da solo (premetto che non sono un genio dell’informatica) oppure devo rivolgermi ad un laboratorio di riparazioni ?

IL resto apparentemente funziona tutto , ho istallato un altro antivirus e spywere terminator e la scansione ha dato esito negativo .

Grazie Mille
Giordano

[Steve_85]

Ciao Giordano, io ti consiglierei di fare una foramattazione totale del sistema operativo. Se non hai granchè da perderci è l'unico modo per risolvere la cosa, il tuo è un caso molto particolare, il fatto che ti abbia dato una schermata con scritto infezione da virus ecc. comunque la soluzione è un reset totale della macchina

Ciao a presto!

[Luke57]

@Steve85
Scusa, ma come hai capito che è una situazione disperata? Molte infezioni causano danni evidenti, altrimenti che infezioni sarebbero? Evitare il consiglio di formattare come primo suggerimento, grazie.
@Giordano
Scarica OTS.exe by OldTimer sul desktop
http://oldtimer.geekstogo.com/OTS.exe
chiudi tutti i programmi
avvia OTS, seleziona "scan all users"
clicca su "Run Scan"
salva il report ed allegalo nella tua risposta

[GIORDANO]

Grazie mille LUKE57 .
Faro' come Mi hai consigliato , e Ti faro' sapere .

Giordano

[Steve_85]

Era solo un consiglio... se non ci sono alternative è l'unico modo. Comunque come non detto. Mi scuso per la risposta a presto

[GIORDANO]

Allego report OTS :
[Processes - Safe List]
aawservice.exe -> C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/02 20.04.15 | 00,611,664 | ---- | M] (Lavasoft)
ati2evxx.exe -> C:\WINDOWS\System32\Ati2evxx.exe -> [2006/05/03 18.43.46 | 00,413,696 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> C:\WINDOWS\System32\Ati2evxx.exe -> [2006/05/03 18.43.46 | 00,413,696 | ---- | M] (ATI Technologies Inc.)
awc.exe -> C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe -> [2009/06/25 15.19.54 | 02,328,712 | ---- | M] (IObit)
ctoolbar.exe -> C:\Programmi\Crawler\Toolbar\CToolbar.exe -> [2009/09/22 05.08.12 | 02,437,584 | ---- | M] (Crawler.com)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 04.14.07 | 01,036,288 | ---- | M] (Microsoft Corporation)
fcappdb.exe -> C:\Programmi\Fortinet\FortiClient\fcappdb.exe -> [2009/09/03 19.11.38 | 00,077,842 | ---- | M] (Fortinet Inc.)
fcdblog.exe -> C:\Programmi\Fortinet\FortiClient\FCDBLog.exe -> [2009/09/03 19.01.38 | 00,143,378 | ---- | M] (Fortinet Inc.)
fmon.exe -> C:\Programmi\Fortinet\FortiClient\fmon.exe -> [2009/09/03 18.57.06 | 00,061,458 | ---- | M] (Fortinet Inc.)
fortifw.exe -> C:\Programmi\Fortinet\FortiClient\fortifw.exe -> [2009/09/03 18.58.18 | 00,155,666 | ---- | M] (Fortinet Inc.)
fortiproxy.exe -> C:\Programmi\Fortinet\FortiClient\FortiProxy.exe -> [2009/09/03 19.05.38 | 00,331,794 | ---- | M] (Fortinet Inc.)
fortitray.exe -> C:\Programmi\Fortinet\FortiClient\FortiTray.exe -> [2009/09/03 19.12.50 | 02,722,432 | ---- | M] (Fortinet Inc.)
fortiwf.exe -> C:\Programmi\Fortinet\FortiClient\fortiwf.exe -> [2009/09/03 19.01.12 | 00,114,706 | ---- | M] (Fortinet Inc.)
iexplore.exe -> C:\Programmi\Internet Explorer\iexplore.exe -> [2009/06/29 10.35.10 | 00,634,632 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Programmi\Internet Explorer\iexplore.exe -> [2009/06/29 10.35.10 | 00,634,632 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Programmi\iPod\bin\iPodService.exe -> [2004/06/14 11.01.06 | 00,401,408 | ---- | M] (Apple Computer, Inc.)
ituneshelper.exe -> C:\Programmi\iTunes\iTunesHelper.exe -> [2004/06/14 11.01.06 | 00,286,720 | ---- | M] (Apple Computer, Inc.)
nmbgmonitor.exe -> C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe -> [2007/09/20 16.35.10 | 00,202,024 | ---- | M] (Nero AG)
nmindexingservice.exe -> C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -> [2007/09/20 16.35.38 | 00,382,248 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe -> [2007/09/20 16.35.40 | 01,410,344 | ---- | M] (Nero AG)
ots.exe -> C:\Documents and Settings\Utente\Desktop\OTS.exe -> [2009/09/24 07.41.56 | 00,514,560 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe -> [2003/10/31 20.42.40 | 00,032,768 | ---- | M] (Cyberlink Corp.)
qttask.exe -> C:\Programmi\QuickTime\qttask.exe -> [2008/04/06 10.47.10 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
reader_sl.exe -> C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006/10/23 02.48.20 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
realsched.exe -> C:\Programmi\File comuni\Real\Update_OB\realsched.exe -> [2008/03/29 16.05.49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
scheduler.exe -> C:\Programmi\Fortinet\FortiClient\scheduler.exe -> [2009/09/03 18.55.54 | 00,053,266 | ---- | M] (Fortinet Inc.)
smagent.exe -> C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -> [2002/09/20 17.50.10 | 00,045,056 | ---- | M] (Analog Devices, Inc.)
smtray.exe -> C:\Programmi\Analog Devices\SoundMAX\SMTray.exe -> [2003/05/05 09.57.30 | 00,143,360 | ---- | M] (Analog Devices, Inc.)
sp_rsser.exe -> C:\Programmi\Spyware Terminator\sp_rsser.exe -> [2009/09/22 18.07.45 | 00,487,424 | ---- | M] (Crawler.com)
spywareterminatorshield.exe -> C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe -> [2009/09/22 18.07.45 | 02,171,904 | ---- | M] (Crawler.com)
spywareterminatorupdate.exe -> C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe -> [2009/09/22 18.07.53 | 03,055,616 | ---- | M] (Crawler.com)
srvany.exe -> C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe -> [2003/04/18 19.06.26 | 00,008,192 | ---- | M] ()
sup_smartram.exe -> C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe -> [2009/02/19 14.23.24 | 00,202,064 | ---- | M] (IObit)
wanminiport1st_srv.exe -> C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe -> [2008/02/21 12.30.44 | 00,061,440 | ---- | M] ()
winword.exe -> C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE -> [2003/08/06 22.24.20 | 12,037,688 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 12.10.02 | 00,227,840 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/02 20.04.15 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11.16.40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\Ati2evxx.exe -> [2006/05/03 18.43.46 | 00,413,696 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\ati2sgag.exe -> [2006/05/03 12.57.00 | 00,520,192 | ---- | M] ()
(ClipSrvNetDDEdsdm) ClipBook ClipSrvNetDDEdsdm [Win32_Own | Auto | Stopped] -> -> File not found
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11.17.02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FA_Scheduler) FortiClient Service Scheduler [Win32_Own | Auto | Running] -> C:\Programmi\Fortinet\FortiClient\scheduler.exe -> [2009/09/03 18.55.54 | 00,053,266 | ---- | M] (Fortinet Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21.10.04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/03/29 16.05.08 | 00,138,168 | ---- | M] (Google)
(helpsvc) Guida in linea e supporto tecnico [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 04.13.49 | 00,038,400 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19.24.50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPodService) Servizio iPod [Win32_Own | On_Demand | Running] -> C:\Programmi\iPod\bin\iPodService.exe -> [2004/06/14 11.01.06 | 00,401,408 | ---- | M] (Apple Computer, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19.16.38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(Network WanMiniport First Position) Network WanMiniport First Position [Win32_Own | Auto | Running] -> C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe -> [2003/04/18 19.06.26 | 00,008,192 | ---- | M] ()
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -> [2007/09/20 16.35.38 | 00,382,248 | ---- | M] (Nero AG)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21.28.22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -> [2002/09/20 17.50.10 | 00,045,056 | ---- | M] (Analog Devices, Inc.)
(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> C:\Programmi\Spyware Terminator\sp_rsser.exe -> [2009/09/22 18.07.45 | 00,487,424 | ---- | M] (Crawler.com)
(WMPNetworkSvc) Servizio di condivisione in rete Windows Media Player [Win32_Own | On_Demand | Stopped] -> C:\Programmi\Windows Media Player\WMPNetwk.exe -> [2006/11/02 22.56.50 | 00,918,528 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aeaudio.sys -> [2002/04/01 15.15.00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -> [2006/05/03 18.50.42 | 01,540,608 | ---- | M] (ATI Technologies Inc.)
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -> [2005/05/03 17.34.02 | 00,027,392 | ---- | M] (SlySoft, Inc.)
(ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -> [2005/04/21 13.40.36 | 00,010,624 | ---- | M] (Elaborate Bytes AG)
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\ElbyDelay.sys -> [2005/04/12 10.41.20 | 00,004,608 | ---- | M] (Elaborate Bytes AG)
(FAFileMon) FAFileMon [File_System | System | Running] -> C:\WINDOWS\System32\drivers\fortimon2.sys -> [2009/09/03 19.17.06 | 00,042,088 | ---- | M] (Fortinet Inc)
(FARegMon) FARegMon [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\FortiRmon.sys -> [2009/09/03 19.17.16 | 00,046,184 | ---- | M] (Fortinet Inc)
(fortiapd) fortiapd [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\fortiapd.sys -> [2009/09/03 19.17.00 | 00,013,416 | ---- | M] (Fortinet Inc)
(Fortidrv2) Fortinet Packet Filter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\fortidrv.sys -> [2009/04/06 14.20.08 | 00,022,432 | ---- | M] (Fortinet Inc)
(FortiPFW) FortiPFW [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\FortiPFW.sys -> [2009/09/03 19.17.12 | 00,118,632 | ---- | M] (Fortinet Inc)
(Fortips) Fortips [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\fortips.sys -> [2009/09/03 19.17.12 | 00,098,024 | ---- | M] (Fortinet Inc)
(FortiRdr) FortiRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\FortiRdr.sys -> [2009/09/03 19.17.14 | 00,029,928 | ---- | M] (Fortinet Inc)
(FortiShield) FortiShield [File_System | System | Running] -> C:\WINDOWS\System32\drivers\FortiShield.sys -> [2009/09/03 19.17.16 | 00,036,968 | ---- | M] (Fortinet Inc)
(ft_vnic) Fortinet network virtual adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ftvnic.sys -> [2009/02/16 15.23.26 | 00,014,496 | ---- | M] (Fortinet Inc.)
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2004/04/05 17.42.36 | 00,013,872 | ---- | M] (GEAR Software Inc.)
(Ptilink) Driver Direct Parallel Link [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2006/03/02 14.00.00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/11/30 22.53.53 | 00,036,624 | ---- | M] (Sonic Solutions)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 12.25.54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisidex) sisidex [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\sisidex.sys -> [2003/08/08 19.00.28 | 00,032,640 | ---- | M] (Windows (R) 2000 DDK provider)
(SISNIC) Driver per scheda Fast Ethernet PCI SiS [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\sisnic.sys -> [2004/08/04 00.31.36 | 00,032,768 | ---- | M] (SiS Corporation)
(SiSRaid) SiSRaid [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -> [2003/12/09 16.43.36 | 00,045,568 | R--- | M] (Silicon Integrated Systems)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2003/08/29 16.09.00 | 00,578,304 | ---- | M] (Analog Devices, Inc.)
(sp_rsdrv2) Spyware Terminator Driver 2 [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -> [2009/09/22 18.07.45 | 00,142,592 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://dnl.crawler.com/support/sa_custo ... TbId=60429 ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.crawler.com/search/ie.aspx?tb_id=60429 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\: Main\\"Start Page" -> http://www.google.it/ ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/09/03 08.28.02 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > (331739 bytes and 11407 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Programmi\Crawler\Toolbar\ctbr.dll [] -> [2009/09/22 05.08.12 | 01,219,072 | ---- | M] (Crawler.com)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2008/03/29 16.06.02 | 00,308,856 | ---- | M] (RealPlayer)
{34718d11-3039-4a7f-a440-c878e7facd04} [HKLM] -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\programmi\google\googletoolbar1.dll [Google Toolbar Helper] -> [2008/03/29 16.05.08 | 02,423,872 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/09/02 19.47.14 | 00,737,776 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\programmi\google\googletoolbar1.dll [&Google] -> [2008/03/29 16.05.08 | 02,423,872 | R--- | M] (Google Inc.)
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Programmi\Crawler\Toolbar\ctbr.dll [Toolbar &Crawler] -> [2009/09/22 05.08.12 | 01,219,072 | ---- | M] (Crawler.com)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\programmi\google\googletoolbar1.dll [&Google] -> [2008/03/29 16.05.08 | 02,423,872 | R--- | M] (Google Inc.)
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Programmi\Crawler\Toolbar\ctbr.dll [Toolbar &Crawler] -> [2009/09/22 05.08.12 | 01,219,072 | ---- | M] (Crawler.com)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/14 04.14.25 | 00,110,592 | ---- | M] (Microsoft Corporation)
"CloneCDTray" -> C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe ["C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s] -> [2005/05/19 15.47.36 | 00,057,344 | ---- | M] (SlySoft, Inc.)
"iTunesHelper" -> C:\Programmi\iTunes\iTunesHelper.exe [C:\Programmi\iTunes\iTunesHelper.exe] -> [2004/06/14 11.01.06 | 00,286,720 | ---- | M] (Apple Computer, Inc.)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"Motive SmartBridge" -> C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe [C:\PROGRA~1\ALICET~1\SmartBridge\MotiveSB.exe] -> [2006/04/21 16.41.20 | 00,438,359 | ---- | M] (Motive Communications, Inc.)
"NeroFilterCheck" -> C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe [C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe] -> [2007/03/01 16.57.24 | 00,153,136 | ---- | M] (Nero AG)
"QuickTime Task" -> C:\Programmi\QuickTime\qttask.exe ["C:\Programmi\QuickTime\qttask.exe" -atboottime] -> [2008/04/06 10.47.10 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"RemoteControl" -> C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe [C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe] -> [2003/10/31 20.42.40 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"Smapp" -> C:\Programmi\Analog Devices\SoundMAX\SMTray.exe [C:\Programmi\Analog Devices\SoundMAX\SMTray.exe] -> [2003/05/05 09.57.30 | 00,143,360 | ---- | M] (Analog Devices, Inc.)
"SpywareTerminator" -> C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe ["C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"] -> [2009/09/22 18.07.45 | 02,171,904 | ---- | M] (Crawler.com)
"TkBellExe" -> C:\Programmi\File comuni\Real\Update_OB\realsched.exe ["C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot] -> [2008/03/29 16.05.49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Advanced SystemCare 3" -> C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe ["C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup] -> [2009/06/25 15.19.54 | 02,328,712 | ---- | M] (IObit)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe ["C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"] -> [2007/09/20 16.35.10 | 00,202,024 | ---- | M] (Nero AG)
"SmartRAM" -> C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe ["C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m] -> [2009/02/19 14.23.24 | 00,202,064 | ---- | M] (IObit)
"SpywareTerminatorUpdate" -> C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe ["C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe"] -> [2009/09/22 18.07.53 | 03,055,616 | ---- | M] (Crawler.com)
"swg" -> C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/05/04 10.09.34 | 00,068,856 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica ->
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk -> C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [2006/10/23 01.01.50 | 00,734,872 | ---- | M] ()
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk -> C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006/10/23 02.48.20 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Avvio\Programmi\Esecuzione automatica ->
< ospite Startup Folder > -> C:\Documents and Settings\ospite\Menu Avvio\Programmi\Esecuzione automatica ->
< Utente Startup Folder > -> C:\Documents and Settings\Utente\Menu Avvio\Programmi\Esecuzione automatica ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\\"NoResolveSearch" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" -> [0] -> File not found
\\"EnableProfileQuota" -> [1] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Crawler Search -> [tbr:iemenu] -> File not found
E&sporta in Microsoft Excel -> C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2003/08/13 11.34.38 | 10,073,144 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Ricerche] -> [2003/07/15 07.57.08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 20.53.32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Programmi\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 04.14.13 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Programmi\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 04.14.13 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Programmi\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 04.14.13 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Programmi\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 04.14.13 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL [Ricerche] -> [2003/07/15 07.57.08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Programmi\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 04.14.13 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5901 domain(s) found. ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5905 domain(s) found. ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5905 domain(s) found. ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4266 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4266 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7459 domain(s) found. ->
65 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-839522115-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/ ... vc1dmo.cab [Reg Error: Value error.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{9724A9A5-B3EB-40D7-A23D-ED442E78561D}\\DhcpNameServer -> 192.168.1.1 (Scheda Fast Ethernet PCI SiS basata su 900) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
pcsazt.dll -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04.14.07 | 01,036,288 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\twext.exe -> C:\WINDOWS\System32\twext.exe -> File not found
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/05/03 18.44.54 | 00,061,440 | ---- | M] (ATI Technologies Inc.)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\opnkLDww -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20.53.32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04.14.19 | 00,142,336 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20.53.32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04.14.19 | 00,142,336 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\RecordingManager.exe" -> C:\Program Files\Real\RealPlayer\RecordingManager.exe [C:\Program Files\Real\RealPlayer\RecordingManager.exe:*:Enabled:ENABLE] -> [2008/03/29 16.06.03 | 00,153,176 | ---- | M] (RealNetworks, Inc.)
"C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe" -> C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe [C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe:*:Enabled:ENABLE] -> [2006/04/21 16.41.20 | 00,438,359 | ---- | M] (Motive Communications, Inc.)
"C:\Programmi\Analog Devices\SoundMAX\SMTray.exe" -> C:\Programmi\Analog Devices\SoundMAX\SMTray.exe [C:\Programmi\Analog Devices\SoundMAX\SMTray.exe:*:Enabled:ENABLE] -> [2003/05/05 09.57.30 | 00,143,360 | ---- | M] (Analog Devices, Inc.)
"C:\Programmi\Any Video Converter\mencoder.exe" -> C:\Programmi\Any Video Converter\mencoder.exe [C:\Programmi\Any Video Converter\mencoder.exe:*:Enabled:ENABLE] -> [2008/10/23 06.30.06 | 12,220,928 | ---- | M] ()
"C:\Programmi\Any Video Converter\VideoConverter.exe" -> C:\Programmi\Any Video Converter\VideoConverter.exe [C:\Programmi\Any Video Converter\VideoConverter.exe:*:Enabled:ENABLE] -> [2008/03/26 16.46.30 | 01,343,488 | ---- | M] (Any-Video-Converter.com)
"C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" -> C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe [C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe:*:Enabled:ENABLE] -> [2003/10/31 20.42.40 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"C:\Programmi\eMule\emule.exe" -> C:\Programmi\eMule\emule.exe [C:\Programmi\eMule\emule.exe:*:Enabled:eMule] -> [2007/05/13 16.57.46 | 05,308,416 | ---- | M] (http://www.emule-project.net)
"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" -> C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe [C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe:*:Enabled:ENABLE] -> [2007/09/20 16.35.10 | 00,202,024 | ---- | M] (Nero AG)
"C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" -> C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe [C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe:*:Enabled:ENABLE] -> [2007/09/20 16.35.40 | 01,410,344 | ---- | M] (Nero AG)
"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -> C:\Programmi\File comuni\Real\Update_OB\realsched.exe [C:\Programmi\File comuni\Real\Update_OB\realsched.exe:*:Enabled:ENABLE] -> [2008/03/29 16.05.49 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"C:\Programmi\Fortinet\FortiClient\FortiProxy.exe" -> C:\Programmi\Fortinet\FortiClient\FortiProxy.exe [C:\Programmi\Fortinet\FortiClient\FortiProxy.exe:*:Enabled:FortiClient Proxy Service] -> [2009/09/03 19.05.38 | 00,331,794 | ---- | M] (Fortinet Inc.)
"C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" -> C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe [C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe:*:Enabled:ENABLE] -> [2009/06/25 15.19.54 | 02,328,712 | ---- | M] (IObit)
"C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" -> C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe:*:Enabled:ENABLE] -> [2009/02/19 14.23.24 | 00,202,064 | ---- | M] (IObit)
"C:\Programmi\iTunes\iTunes.exe" -> C:\Programmi\iTunes\iTunes.exe [C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2004/06/15 09.56.40 | 14,888,960 | ---- | M] (Apple Computer, Inc.)
"C:\Programmi\iTunes\iTunesHelper.exe" -> C:\Programmi\iTunes\iTunesHelper.exe [C:\Programmi\iTunes\iTunesHelper.exe:*:Enabled:ENABLE] -> [2004/06/14 11.01.06 | 00,286,720 | ---- | M] (Apple Computer, Inc.)
"C:\Programmi\QuickTime\qttask.exe" -> C:\Programmi\QuickTime\qttask.exe [C:\Programmi\QuickTime\qttask.exe:*:Enabled:ENABLE] -> [2008/04/06 10.47.10 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"C:\Programmi\QuickTime\QuickTimePlayer.exe" -> C:\Programmi\QuickTime\QuickTimePlayer.exe [C:\Programmi\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> [2004/04/19 17.11.44 | 01,057,280 | ---- | M] (Apple Computer, Inc.)
"C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" -> C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe [C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe:*:Enabled:ENABLE] -> [2009/03/05 17.07.20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.)
"C:\Programmi\uTorrent\uTorrent.exe" -> C:\Programmi\uTorrent\uTorrent.exe [C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/08/24 20.01.47 | 00,288,048 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\ati2evxx.exe" -> C:\WINDOWS\System32\ati2evxx.exe [C:\WINDOWS\system32\ati2evxx.exe:*:Enabled:ENABLE] -> [2006/05/03 18.43.46 | 00,413,696 | ---- | M] (ATI Technologies Inc.)
"C:\WINDOWS\system32\cmd.exe" -> C:\WINDOWS\System32\cmd.exe [C:\WINDOWS\system32\cmd.exe:*:Enabled:ENABLE] -> [2008/04/14 04.14.02 | 00,398,336 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\ctfmon.exe" -> C:\WINDOWS\System32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ENABLE] -> [2008/04/14 04.14.03 | 00,015,360 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\notepad.exe" -> C:\WINDOWS\System32\notepad.exe [C:\WINDOWS\system32\notepad.exe:*:Enabled:ENABLE] -> [2008/04/14 04.14.14 | 00,070,144 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\System32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:ENABLE] -> [2008/04/14 04.14.18 | 00,033,280 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\wuauclt.exe" -> C:\WINDOWS\System32\wuauclt.exe [C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ENABLE] -> [2008/10/16 15.09.44 | 00,051,224 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Driver del CD-ROM ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/01/03 03.12.03 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTS.exe -> C:\Documents and Settings\Utente\Desktop\OTS.exe -> [2009/09/24 07.41.56 | 00,514,560 | ---- | C] (OldTimer Tools)
~$STERIZZA2.doc -> C:\Documents and Settings\Utente\Desktop\~$STERIZZA2.doc -> [2009/09/24 07.41.29 | 00,000,162 | -H-- | C] ()
MASTERIZZA2.doc -> C:\Documents and Settings\Utente\Desktop\MASTERIZZA2.doc -> [2009/09/24 07.41.17 | 00,019,456 | ---- | C] ()
FinalBurner.lnk -> C:\Documents and Settings\Utente\Desktop\FinalBurner.lnk -> [2009/09/22 21.50.57 | 00,000,627 | ---- | C] ()
it -> C:\WINDOWS\System32\it -> [2009/09/22 21.17.27 | 00,000,000 | ---D | C]
bits -> C:\WINDOWS\System32\bits -> [2009/09/22 21.17.27 | 00,000,000 | ---D | C]
$NtServicePackUninstall$ -> C:\WINDOWS\$NtServicePackUninstall$ -> [2009/09/22 21.10.31 | 00,000,000 | -H-D | C]
FinalBurner Video DVD -> C:\Documents and Settings\Utente\Dati applicazioni\FinalBurner Video DVD -> [2009/09/22 20.47.25 | 00,000,000 | ---D | C]
finalburner -> C:\finalburner -> [2009/09/22 20.47.25 | 00,000,000 | ---D | C]
FinalBurner -> C:\Programmi\FinalBurner -> [2009/09/22 20.45.45 | 00,000,000 | ---D | C]
fb_free.exe -> C:\Documents and Settings\Utente\Documenti\fb_free.exe -> [2009/09/22 20.45.23 | 10,107,026 | ---- | C] ()
Image.nrg -> C:\Documents and Settings\Utente\Documenti\Image.nrg -> [2009/09/22 20.06.15 | 28,547,4972 | ---- | C] ()
Spyware Terminator.lnk -> C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk -> [2009/09/22 18.11.32 | 00,000,787 | ---- | C] ()
Crawler -> C:\Programmi\Crawler -> [2009/09/22 18.07.59 | 00,000,000 | ---D | C]
sp_rsdrv2.sys -> C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -> [2009/09/22 18.07.45 | 00,142,592 | ---- | C] ()
Spyware Terminator -> C:\Documents and Settings\Utente\Dati applicazioni\Spyware Terminator -> [2009/09/22 18.07.38 | 00,000,000 | ---D | C]
Spyware Terminator -> C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator -> [2009/09/22 18.07.29 | 00,000,000 | ---D | C]
QUAD Utilities -> C:\Programmi\QUAD Utilities -> [2009/09/22 17.41.38 | 00,000,000 | ---D | C]
FortiClient.lnk -> C:\Documents and Settings\All Users\Desktop\FortiClient.lnk -> [2009/09/22 17.19.37 | 00,001,799 | ---- | C] ()
ftvnic.sys -> C:\WINDOWS\System32\drivers\ftvnic.sys -> [2009/09/22 17.19.26 | 00,014,496 | ---- | C] (Fortinet Inc.)
DRVSTORE -> C:\WINDOWS\System32\DRVSTORE -> [2009/09/22 17.19.17 | 00,000,000 | ---D | C]
Fortinet -> C:\Programmi\Fortinet -> [2009/09/22 17.19.10 | 00,000,000 | ---D | C]
Applications -> C:\Documents and Settings\All Users\Dati applicazioni\Applications -> [2009/09/22 17.18.39 | 00,000,000 | ---D | C]
FortiClientSetup_4.1.0.exe -> C:\Documents and Settings\Utente\Documenti\FortiClientSetup_4.1.0.exe -> [2009/09/22 17.18.26 | 10,926,696 | ---- | C] (Fortinet Inc.)
rotscxnstmyocj.sys -> C:\WINDOWS\System32\drivers\rotscxnstmyocj.sys -> [2009/09/21 18.56.17 | 00,070,656 | ---- | C] ()
rotscxxynxvcpx.dll -> C:\WINDOWS\System32\rotscxxynxvcpx.dll -> [2009/09/21 18.56.17 | 00,044,544 | ---- | C] ()
Collegamento a Documenti.lnk -> C:\Documents and Settings\Utente\Desktop\Collegamento a Documenti.lnk -> [2009/09/19 09.24.50 | 00,000,803 | ---- | C] ()
FortiRmon.sys -> C:\WINDOWS\System32\drivers\FortiRmon.sys -> [2009/09/03 19.17.16 | 00,046,184 | ---- | C] (Fortinet Inc)
FortiShield.sys -> C:\WINDOWS\System32\drivers\FortiShield.sys -> [2009/09/03 19.17.16 | 00,036,968 | ---- | C] (Fortinet Inc)
FortiRdr.sys -> C:\WINDOWS\System32\drivers\FortiRdr.sys -> [2009/09/03 19.17.14 | 00,029,928 | ---- | C] (Fortinet Inc)
fortipfw.sys -> C:\WINDOWS\System32\drivers\fortipfw.sys -> [2009/09/03 19.17.12 | 00,118,632 | ---- | C] (Fortinet Inc)
fortips.sys -> C:\WINDOWS\System32\drivers\fortips.sys -> [2009/09/03 19.17.12 | 00,098,024 | ---- | C] (Fortinet Inc)
fortimon2.sys -> C:\WINDOWS\System32\drivers\fortimon2.sys -> [2009/09/03 19.17.06 | 00,042,088 | ---- | C] (Fortinet Inc)
fortiapd.sys -> C:\WINDOWS\System32\drivers\fortiapd.sys -> [2009/09/03 19.17.00 | 00,013,416 | ---- | C] (Fortinet Inc)
HFILES.doc -> C:\Documents and Settings\Utente\Desktop\HFILES.doc -> [2009/08/27 08.27.12 | 00,026,624 | ---- | C] ()
HFILES.doc -> C:\Documents and Settings\Utente\Documenti\HFILES.doc -> [2009/08/27 08.27.00 | 00,026,624 | ---- | C] ()
AVERM.dll -> C:\WINDOWS\System32\AVERM.dll -> [2009/04/12 21.47.16 | 00,129,024 | ---- | C] ()
AVEQT.dll -> C:\WINDOWS\System32\AVEQT.dll -> [2009/04/12 21.47.16 | 00,028,672 | ---- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2008/09/11 08.12.49 | 00,000,127 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2008/08/28 14.06.52 | 01,559,040 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/08/28 14.06.52 | 00,585,728 | ---- | C] ()
Smab.dll -> C:\WINDOWS\System32\Smab.dll -> [2008/03/29 12.23.07 | 00,399,360 | ---- | C] ()
AVSredirect.dll -> C:\WINDOWS\System32\AVSredirect.dll -> [2008/03/29 12.23.06 | 00,027,648 | ---- | C] ()
property.dll -> C:\WINDOWS\System32\property.dll -> [2008/01/10 12.27.33 | 00,135,168 | R--- | C] ()
msssc.dll -> C:\WINDOWS\System32\msssc.dll -> [2008/01/10 12.24.51 | 00,000,044 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/04/01 12.49.16 | 00,005,360 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
qmgr1.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/24 07.42.51 | 00,004,646 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/24 07.42.51 | 00,004,232 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/09/24 07.42.50 | 01,071,770 | ---- | M] ()
perfh010.dat -> C:\WINDOWS\System32\perfh010.dat -> [2009/09/24 07.42.50 | 00,478,808 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/09/24 07.42.50 | 00,432,356 | ---- | M] ()
perfc010.dat -> C:\WINDOWS\System32\perfc010.dat -> [2009/09/24 07.42.50 | 00,079,292 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/09/24 07.42.50 | 00,067,312 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\Utente\Desktop\OTS.exe -> [2009/09/24 07.41.56 | 00,514,560 | ---- | M] (OldTimer Tools)
~$STERIZZA2.doc -> C:\Documents and Settings\Utente\Desktop\~$STERIZZA2.doc -> [2009/09/24 07.41.29 | 00,000,162 | -H-- | M] ()
MASTERIZZA2.doc -> C:\Documents and Settings\Utente\Desktop\MASTERIZZA2.doc -> [2009/09/24 07.41.18 | 00,019,456 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/24 07.39.01 | 00,013,646 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT -> [2009/09/24 07.38.48 | 00,043,336 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/24 07.38.35 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/09/24 07.37.48 | 53,561,3440 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Utente\NTUSER.DAT -> [2009/09/22 22.01.14 | 08,912,896 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Utente\ntuser.ini -> [2009/09/22 22.01.02 | 00,000,194 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\IconCache.db -> [2009/09/22 22.00.50 | 05,377,600 | -H-- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/09/22 21.46.05 | 00,194,568 | ---- | M] ()
ntldr -> C:\ntldr -> [2009/09/22 21.14.02 | 00,251,600 | RHS- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/09/22 21.01.54 | 00,048,640 | ---- | M] ()
FinalBurner.lnk -> C:\Documents and Settings\Utente\Desktop\FinalBurner.lnk -> [2009/09/22 20.45.55 | 00,000,627 | ---- | M] ()
fb_free.exe -> C:\Documents and Settings\Utente\Documenti\fb_free.exe -> [2009/09/22 20.45.23 | 10,107,026 | ---- | M] ()
Image.nrg -> C:\Documents and Settings\Utente\Documenti\Image.nrg -> [2009/09/22 20.07.12 | 28,547,4972 | ---- | M] ()
Spyware Terminator.lnk -> C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk -> [2009/09/22 18.11.32 | 00,000,787 | ---- | M] ()
sp_rsdrv2.sys -> C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -> [2009/09/22 18.07.45 | 00,142,592 | ---- | M] ()
QRC.exe -> C:\Documents and Settings\Utente\Impostazioni locali\Temp\QRC.exe -> [2009/09/22 17.41.24 | 02,805,496 | ---- | M] (Interactive Brands Inc.)
FortiClient.lnk -> C:\Documents and Settings\All Users\Desktop\FortiClient.lnk -> [2009/09/22 17.19.37 | 00,001,799 | ---- | M] ()
FortiClientSetup_4.1.0.exe -> C:\Documents and Settings\Utente\Documenti\FortiClientSetup_4.1.0.exe -> [2009/09/22 17.18.26 | 10,926,696 | ---- | M] (Fortinet Inc.)
spybotsd162.exe -> C:\Documents and Settings\Utente\Documenti\spybotsd162.exe -> [2009/09/22 16.57.27 | 16,409,960 | ---- | M] (Safer Networking Limited )
rotscxnstmyocj.sys -> C:\WINDOWS\System32\drivers\rotscxnstmyocj.sys -> [2009/09/21 18.56.17 | 00,070,656 | ---- | M] ()
rotscxxynxvcpx.dll -> C:\WINDOWS\System32\rotscxxynxvcpx.dll -> [2009/09/21 18.56.17 | 00,044,544 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/09/20 17.45.04 | 00,331,739 | R--- | M] ()
Collegamento a Documenti.lnk -> C:\Documents and Settings\Utente\Desktop\Collegamento a Documenti.lnk -> [2009/09/19 09.24.50 | 00,000,803 | ---- | M] ()
rapidshare.doc -> C:\Documents and Settings\Utente\Desktop\rapidshare.doc -> [2009/09/17 18.01.38 | 00,026,624 | ---- | M] ()
temp_0000_85-21.aok -> C:\WINDOWS\System32\temp_0000_85-21.aok -> [2009/09/14 20.02.38 | 00,000,136 | ---- | M] ()
test.aok -> C:\WINDOWS\System32\test.aok -> [2009/09/14 20.02.11 | 00,000,137 | ---- | M] ()
FortiRmon.sys -> C:\WINDOWS\System32\drivers\FortiRmon.sys -> [2009/09/03 19.17.16 | 00,046,184 | ---- | M] (Fortinet Inc)
FortiShield.sys -> C:\WINDOWS\System32\drivers\FortiShield.sys -> [2009/09/03 19.17.16 | 00,036,968 | ---- | M] (Fortinet Inc)
FortiRdr.sys -> C:\WINDOWS\System32\drivers\FortiRdr.sys -> [2009/09/03 19.17.14 | 00,029,928 | ---- | M] (Fortinet Inc)
fortipfw.sys -> C:\WINDOWS\System32\drivers\fortipfw.sys -> [2009/09/03 19.17.12 | 00,118,632 | ---- | M] (Fortinet Inc)
fortips.sys -> C:\WINDOWS\System32\drivers\fortips.sys -> [2009/09/03 19.17.12 | 00,098,024 | ---- | M] (Fortinet Inc)
fortimon2.sys -> C:\WINDOWS\System32\drivers\fortimon2.sys -> [2009/09/03 19.17.06 | 00,042,088 | ---- | M] (Fortinet Inc)
fortiapd.sys -> C:\WINDOWS\System32\drivers\fortiapd.sys -> [2009/09/03 19.17.00 | 00,013,416 | ---- | M] (Fortinet Inc)
hosts.20090920-174504.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20090920-174504.backup -> [2009/08/31 18.52.03 | 00,326,495 | R--- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/08/28 14.38.22 | 24,689,600 | ---- | M] (Microsoft Corporation)
HFILES.doc -> C:\Documents and Settings\Utente\Desktop\HFILES.doc -> [2009/08/27 08.27.12 | 00,026,624 | ---- | M] ()
HFILES.doc -> C:\Documents and Settings\Utente\Documenti\HFILES.doc -> [2009/08/27 08.27.00 | 00,026,624 | ---- | M] ()
Microsoft Office Word 2003.lnk -> C:\Documents and Settings\Utente\Desktop\Microsoft Office Word 2003.lnk -> [2009/08/27 08.25.48 | 00,002,531 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/08/13 08.05.58 | 00,049,152 | -HS- | M] ()
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/08/13 08.05.58 | 00,032,768 | -HS- | M] ()
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/08/13 08.05.58 | 00,032,768 | -HS- | M] ()
index.dat -> C:\Documents and Settings\Utente\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/05/21 15.27.49 | 00,229,376 | -HS- | M] ()
index.dat -> C:\Documents and Settings\Utente\Impostazioni locali\Temp\History\History.IE5\index.dat -> [2008/05/21 15.27.49 | 00,049,152 | -HS- | M] ()
index.dat -> C:\Documents and Settings\Utente\Impostazioni locali\Temp\Cookies\index.dat -> [2008/05/21 15.27.49 | 00,032,768 | -HS- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\opa11.dat -> [2008/04/03 13.46.22 | 00,008,206 | ---- | M] ()
< End of report >
[/code]

[GIORDANO]

Volevo aggiungere che spesso mi esce questa scritta su vari .EXE : IL FILE O LA DIRECTORY "C:\$Mft " E' DANNEGGIATO E NON LEGGIBILE !

Grazie per la pazienza.
Giordano

[Luke57]

Ciao, Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disconnettiti da internet e disattiva l'antivirus
Lascia lavorare il programma senza interferire (non installare la recovery console)
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[GIORDANO]

Grazie LUKE....
appena posso eseguo ed allego .
Giordano

[GIORDANO]

Eccomi :
ComboFix 09-09-25.01 -
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\CrucialSoft Ltd
c:\documents and settings\Utente\Dati applicazioni\wiaserva.log
c:\documents and settings\Utente\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\programmi\QUAD Utilities
c:\windows\cookies.ini
c:\windows\Installer\1659d4.msi
c:\windows\Installer\1659d9.msi
c:\windows\Installer\1659de.msi
c:\windows\Installer\1659e3.msi
c:\windows\Installer\1659e8.msi
c:\windows\Installer\1659ed.msi
c:\windows\Installer\8330f.msi
c:\windows\run.log
c:\windows\system32\699913.dat
c:\windows\system32\drivers\rotscxnstmyocj.sys
c:\windows\system32\drivers\UAClvmlrqmhwu.sys
c:\windows\system32\dz1.txt
c:\windows\system32\inform.dat
c:\windows\system32\kjs
c:\windows\system32\p1.txt
c:\windows\system32\r24.txt
c:\windows\system32\rotscxxynxvcpx.dll
c:\windows\system32\twain_32
c:\windows\system32\UACtfqhhbmudo.dll
c:\windows\system32\UACxducbqbrpi.dat
c:\windows\system32\xa.tmp

c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_ATI64SI
-------\Legacy_CLIPSRVNETDDEDSDM
-------\Legacy_FIPS32CUP
-------\Legacy_SYSTEMNTMI
-------\Service_ati64si
-------\Service_ClipSrvNetDDEdsdm
-------\Service_fips32cup
-------\Service_systemntmi


((((((((((((((((((((((((( Files Creati Da 2009-08-26 al 2009-09-26 )))))))))))))))))))))))))))))))))))
.

2009-09-26 07:14 . 2009-09-26 07:14 -------- d-----w- C:\found.000
2009-09-26 07:06 . 2009-09-26 07:06 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ESET
2009-09-24 16:03 . 2009-09-24 16:03 -------- d-----w- c:\programmi\BurnWorld
2009-09-24 15:59 . 2009-09-24 15:59 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2009-09-24 14:59 . 2009-09-24 14:59 -------- d-----w- c:\programmi\AskTBar
2009-09-24 06:23 . 2009-09-24 06:23 -------- d-----w- c:\programmi\ESET
2009-09-24 06:23 . 2009-09-24 06:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-09-24 05:54 . 2009-09-24 05:56 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-09-22 19:17 . 2009-09-22 19:17 -------- d-----w- c:\windows\l2schemas
2009-09-22 19:17 . 2009-09-22 19:17 -------- d-----w- c:\windows\system32\it
2009-09-22 19:17 . 2009-09-22 19:17 -------- d-----w- c:\windows\system32\bits
2009-09-22 18:47 . 2009-09-22 18:51 -------- dc----w- C:\finalburner
2009-09-22 18:47 . 2009-09-22 18:47 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FinalBurner Video DVD
2009-09-22 16:07 . 2009-09-22 16:08 -------- d-----w- c:\programmi\Crawler
2009-09-22 16:07 . 2009-09-22 16:07 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-22 16:07 . 2009-09-22 19:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Spyware Terminator
2009-09-22 16:07 . 2009-09-24 16:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-09-22 15:19 . 2009-02-16 13:23 14496 ----a-w- c:\windows\system32\drivers\ftvnic.sys
2009-09-22 15:19 . 2009-09-24 06:31 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-22 15:19 . 2009-09-24 14:32 -------- d-----w- c:\programmi\Fortinet
2009-09-22 15:18 . 2009-09-22 15:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 18:16 . 2009-02-24 08:23 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-09-24 18:02 . 2008-03-30 08:36 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-09-24 18:02 . 2008-03-30 08:36 -------- d-----w- c:\programmi\AVS4YOU
2009-09-24 15:52 . 2008-02-18 21:06 43336 -c--a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-24 15:39 . 2008-03-26 20:35 -------- d-----w- c:\programmi\File comuni\Nero
2009-09-24 15:39 . 2008-03-26 18:19 -------- d-----w- c:\programmi\Nero
2009-09-24 15:15 . 2008-04-10 11:58 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Any Video Converter
2009-09-24 15:15 . 2008-04-01 17:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\uTorrent
2009-09-24 15:01 . 2008-03-26 20:43 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-09-24 14:58 . 2008-03-26 20:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-09-24 06:31 . 2008-04-08 16:09 -------- d-----w- c:\programmi\Common Files
2009-09-24 05:42 . 2006-03-02 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2009-09-24 05:42 . 2006-03-02 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2009-09-22 19:46 . 2008-01-10 10:23 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-22 19:44 . 2008-01-10 10:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-09-22 19:44 . 2009-05-18 16:40 -------- d-----w- c:\programmi\Yahoo!
2009-09-22 19:35 . 2009-04-17 07:34 -------- d-----w- c:\programmi\Spyware Terminator
2009-09-22 18:33 . 2008-03-30 08:37 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVS4YOU
2009-08-19 19:34 . 2009-04-30 06:15 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 10:43 . 2009-08-18 10:43 -------- d-----w- c:\documents and settings\ospite\Dati applicazioni\Yahoo!
2009-08-16 09:32 . 2009-08-16 09:32 -------- d-----w- c:\programmi\MSBuild
2009-08-16 09:31 . 2009-08-16 09:31 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-16 09:27 . 2009-08-16 09:27 -------- d-----w- c:\programmi\MSXML 6.0
2009-08-14 09:25 . 2009-02-24 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-08-05 18:15 . 2009-08-05 18:15 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FFSJ
2009-08-05 08:59 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:01 . 2008-04-08 16:09 -------- d-----w- c:\programmi\Alice ti aiuta
2009-07-17 19:01 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:55 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-04 68856]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-25 2328712]
"SpywareTerminatorUpdate"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-22 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-06-14 286720]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-04-06 98304]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SmartBridge\MotiveSB.exe" [2006-04-21 438359]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-09-22 2171904]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\Programmi\\Analog Devices\\SoundMAX\\SMTray.exe"=
"c:\\Programmi\\File comuni\\Real\\Update_OB\\realsched.exe"=
"c:\\Programmi\\iTunes\\iTunesHelper.exe"=
"c:\\Programmi\\QuickTime\\qttask.exe"=
"c:\\Programmi\\Alice ti aiuta\\SmartBridge\\MotiveSB.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Programmi\\File comuni\\Nero\\Lib\\NMBgMonitor.exe"=
"c:\\Programmi\\IObit\\Advanced SystemCare 3\\Sup_SmartRAM.exe"=
"c:\\Programmi\\IObit\\Advanced SystemCare 3\\AWC.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Programmi\\File comuni\\Nero\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Programmi\\Any Video Converter\\VideoConverter.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RecordingManager.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\Programmi\\Any Video Converter\\mencoder.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15.47.14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15.49.32 94360]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [22/09/2009 18.07.45 142592]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15.47.54 731840]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [24/02/2009 17.53.05 8192]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{34718d11-3039-4a7f-a440-c878e7facd04} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 09:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-26 9.22.23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-26 07:22

Pre-Run: 75.234.979.840 byte disponibili
Post-Run: 75.164.729.344 byte disponibili

226 --- E O F --- 2009-09-24 06:05

[GIORDANO]

Caro amico Mio......
nel frattempo mi e' ripartito il masterizzatore!!!!!!!!!!! Cosi' per incanto!

Sei un grande !!! LUKE57 ,
Devo eseguire altre "manovre?
Attendo Tue...

Grazie grazie grazie ancora...
Giordano

[Luke57]

Ciao, sembra a posto.

[GIORDANO]

Luke57 , sei stato grande .

Ciao
Giordano