Moderatori: m.paolo, kadosh, Luke57
ComboFix 12-04-26.01 - FRANCO 26/04/2012 22.37.18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3067.1852 [GMT 2:00]
Eseguito da: c:\users\FRANCO\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\FRANCO\AppData\Local\unins000.exe
c:\users\FRANCO\AppData\Roaming\.#
c:\users\FRANCO\AppData\Roaming\.#\MBX@20B8@13A2998.###
c:\users\FRANCO\AppData\Roaming\.#\MBX@20B8@13A29C8.###
c:\users\FRANCO\AppData\Roaming\.#\MBX@20B8@13A29F8.###
c:\users\FRANCO\AppData\Roaming\OfferBox
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SETCFD8.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-26 al 2012-04-26 )))))))))))))))))))))))))))))))))))
.
.
2012-04-26 20:51 . 2012-04-26 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-26 20:51 . 2012-04-26 20:51 -------- d-----w- c:\users\UpdatusUser.PC-FRANCO\AppData\Local\temp
2012-04-26 20:51 . 2012-04-26 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 18:53 . 2012-04-13 07:52 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-04-25 18:53 . 2012-04-13 07:52 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-25 16:25 . 2012-04-26 20:21 -------- d-----w- c:\program files\isposure
2012-04-25 16:25 . 2012-04-26 10:36 -------- d-----w- c:\programdata\Epitiro
2012-04-25 10:10 . 2012-04-25 15:42 -------- d-----w- c:\users\FRANCO\AppData\Local\ServUpdater
2012-04-25 10:10 . 2012-04-25 10:10 -------- d-----w- c:\users\FRANCO\AppData\Local\PowerOffer
2012-04-25 10:10 . 2012-04-26 19:47 -------- d-----w- c:\users\FRANCO\AppData\Local\PosService
2012-04-25 08:00 . 2012-04-25 08:00 -------- d-----w- c:\users\FRANCO\AppData\Roaming\EmoticoonsToolbar
2012-04-23 18:14 . 2010-02-25 15:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-04-23 11:01 . 2012-04-23 17:34 -------- d-----w- c:\program files\Opera
2012-04-18 18:07 . 2012-04-18 18:07 -------- d-----w- c:\programdata\Electronic Arts
2012-04-14 20:04 . 2012-04-14 20:04 -------- d-----w- c:\users\FRANCO\AppData\Local\APN
2012-04-14 15:41 . 2012-01-17 22:46 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-14 14:58 . 2012-04-24 18:21 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-14 14:58 . 2012-04-14 14:58 -------- d-----w- c:\program files\Norton Internet Security
2012-04-14 14:16 . 2012-04-14 14:16 -------- d-----w- c:\windows\system32\drivers\NSS
2012-04-14 14:16 . 2012-04-14 14:16 -------- d-----w- c:\program files\Norton Security Scan
2012-04-13 19:25 . 2012-04-13 19:25 -------- d-----w- c:\users\FRANCO\AppData\Local\Broadcom
2012-04-13 19:18 . 2012-02-20 00:34 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-04-13 19:18 . 2012-02-20 00:34 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-04-13 19:18 . 2012-02-20 00:34 175144 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-04-13 19:18 . 2012-02-20 00:34 152616 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-04-11 20:44 . 2012-04-11 20:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-10 19:58 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 19:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 19:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 19:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 19:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 19:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-08 21:00 . 2012-04-08 21:00 -------- d-----w- c:\users\FRANCO\AppData\Roaming\SUPERAntiSpyware.com
2012-04-08 21:00 . 2012-04-08 21:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-08 21:00 . 2012-04-08 21:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-08 07:58 . 2012-04-13 18:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 15:30 . 2011-09-10 13:48 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-13 18:48 . 2011-05-13 18:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:52 . 2011-11-10 11:43 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-04 13:56 . 2011-12-18 18:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 18:19 . 2010-08-29 09:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 18:43 . 2010-07-28 19:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-21 18:43 . 2010-07-28 19:12 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 15:44 . 2012-03-01 15:44 146704 ----a-w- c:\windows\system32\SynGlwPadShlExt.dll
2012-03-01 15:44 . 2012-03-01 15:44 320144 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-01 15:43 . 2012-03-01 15:43 122128 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-01 15:43 . 2012-03-01 15:43 175376 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-01 15:43 . 2012-03-01 15:43 224528 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-01 15:43 . 2009-07-09 14:59 392464 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-24 08:36 . 2011-11-28 21:39 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-20 00:34 . 2011-05-06 19:52 522280 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-02-17 13:08 . 2011-10-07 20:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-17 13:08 . 2011-10-07 20:23 2250704 ----a-w- c:\windows\PCTBDCore.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-02-17 13:08 . 2011-10-07 20:23 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-02-17 13:08 . 2011-10-07 20:23 767952 ----a-w- c:\windows\BDTSupport.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-17 05:34 . 2012-03-13 18:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:34 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-13 18:35 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 04:13 . 2012-02-21 19:19 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-21 19:19 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-21 19:19 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2012-02-21 19:19 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-21 19:19 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-02-21 19:19 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-21 19:19 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-21 19:19 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-21 19:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-21 19:19 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2012-02-21 19:19 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2012-02-21 19:19 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 03:02 . 2012-02-21 19:20 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2012-02-21 19:20 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2012-02-21 19:20 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2012-02-21 19:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2012-02-21 19:20 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2012-02-21 19:20 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-06 19:20 . 2012-02-06 19:20 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-05 13:40 . 2010-08-03 12:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-05 12:39 . 2010-08-03 12:19 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-03 03:54 . 2012-03-13 18:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 20:56 . 2011-12-29 21:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-24 18:22 . 2012-04-22 16:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-20 39408]
"MzCPUAccelerator"="c:\program files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe" [2010-12-18 272384]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-01 2333968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-18 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-11-18 206120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\FRANCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-12-27 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-1-21 663552]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-19 1102624]
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2010-4-15 1610880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^FRANCO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\FRANCO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R2 ServUpdater;Serv Updater;c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2009-07-27 554368]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-08-25 76328]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-20 33832]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-04 129976]
R3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSM\0203000.012\SymRdrS.SYS [2011-11-17 177272]
R3 Tcpz-x86;Tcpz-x86;c:\users\FRANCO\AppData\Local\Temp\Tcpz-x86.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VIEWMEM-X86;VIEWMEM-X86;c:\users\FRANCO\AppData\Local\Temp\Temp1_ReadyFor4GB_20090422.zip\ReadyFor4GB_20090422\viewmem-x86.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-09-29 123320]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-04-15 150616]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-04-27 26624]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS [2011-07-25 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-02 821880]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys [2011-11-29 132744]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOF\0203000.007\ccSetx86.sys [2011-11-04 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120425.001\IDSvix86.sys [2012-04-13 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS [2012-03-29 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307000.009\SYMNETS.SYS [2012-03-29 318584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
S2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [2010-04-15 647296]
S2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [2012-04-25 761856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2009-08-24 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-04-13 1529152]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-02-20 522280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-14 106104]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-03-31 350248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETwNs32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-10-31 7522304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-31 10064]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - PCTAppEvent
*Deregistered* - pctDS
*Deregistered* - pctEFA
*Deregistered* - pctgntdi
*Deregistered* - PCTSD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:48]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799568924-1534362706-3771050731-1000Core.job
- c:\users\FRANCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 18:03]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-799568924-1534362706-3771050731-1000UA.job
- c:\users\FRANCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 18:03]
.
2012-04-14 c:\windows\Tasks\Norton Security Scan for FRANCO.job
- c:\progra~1\Norton Security Scan\Engine\3.6.1.11\Nss.exe [2012-04-14 07:47]
.
2012-04-03 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-02-09 16:05]
.
2012-04-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5a1e8d32-2127-4cf3-b15c-3d48a2dbbae4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-01 c:\windows\Tasks\WebReg .job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 18:40]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.virgilio.it/
mStart Page = hxxp://search.findeer.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{09F54451-697F-4C97-9199-9789DF48F2D8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{31AB7A5C-8E41-4729-8164-EC489778AD1A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{641C3640-B2D0-48AA-B772-81608F98BA5E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{840E4623-DEFE-4F37-A326-C5F64FFE446A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A8BD4204-D72A-40D3-8225-45E828E22E77}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\078696C6960737F596E6374716C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6642716E636F6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6F5135303: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C416023616371602469602479647479702: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C4160236163716024696024797474797: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970223: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970233: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C496265627F675966496: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C7DB716E-9D93-4CD8-8D3D-71530EF94EED}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\FRANCO\AppData\Roaming\Mozilla\Firefox\Profiles\5mne4rp5.default\
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{3707864c-611d-41ca-93b8-d719c4fd2237} - (no file)
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
URLSearchHooks-{da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{3707864C-611D-41CA-93B8-D719C4FD2237} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\FRANCO\AppData\Local\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-04-26 22:53:42
ComboFix-quarantined-files.txt 2012-04-26 20:53
.
Pre-Run: 363.083.485.184 byte disponibili
Post-Run: 363.128.877.056 byte disponibili
.
- - End Of File - - 9B6ED2A7ECA742C934D29EBBB61C770
<?xml version="1.0"?>
<Log filesProcessed="57951" timeSpentInSecs="659" date="2012-04-28T15:43:51" version="3.6.0.153" scan="Normal" computer="PC-FRANCO"/>
File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.exe
Folder::
c:\users\Public\Documents\AppData\PoApp
c:\users\FRANCO\AppData\Local\ServUpdater
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
Driver::
ServUpdater
ComboFix 12-04-28.01 - FRANCO 28/04/2012 19.29.19.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3067.1610 [GMT 2:00]
Eseguito da: c:\users\FRANCO\Desktop\ComboFix.exe
Opzioni usate :: c:\users\FRANCO\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.exe"
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FRANCO\AppData\Local\ServUpdater
c:\users\FRANCO\AppData\Local\ServUpdater\7z.dll
c:\users\FRANCO\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\FRANCO\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\FRANCO\AppData\Local\ServUpdater\settings.ini
c:\users\FRANCO\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-28 al 2012-04-28 )))))))))))))))))))))))))))))))))))
.
.
2012-04-28 17:44 . 2012-04-28 17:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-28 17:44 . 2012-04-28 17:44 -------- d-----w- c:\users\UpdatusUser.PC-FRANCO\AppData\Local\temp
2012-04-28 17:44 . 2012-04-28 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 13:39 . 2012-04-28 13:43 -------- d-----w- c:\programdata\HitmanPro
2012-04-27 18:37 . 2012-04-27 18:54 -------- d-----w- c:\users\FRANCO\AppData\Roaming\FreeFixer
2012-04-27 18:37 . 2012-04-27 18:54 -------- d-----w- c:\users\FRANCO\AppData\Local\FreeFixer
2012-04-25 18:53 . 2012-04-13 07:52 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-04-25 18:53 . 2012-04-13 07:52 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-25 10:10 . 2012-04-25 10:10 -------- d-----w- c:\users\FRANCO\AppData\Local\PowerOffer
2012-04-25 10:10 . 2012-04-26 19:47 -------- d-----w- c:\users\FRANCO\AppData\Local\PosService
2012-04-25 08:00 . 2012-04-25 08:00 -------- d-----w- c:\users\FRANCO\AppData\Roaming\EmoticoonsToolbar
2012-04-23 18:14 . 2010-02-25 15:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-04-23 11:01 . 2012-04-23 17:34 -------- d-----w- c:\program files\Opera
2012-04-18 18:07 . 2012-04-18 18:07 -------- d-----w- c:\programdata\Electronic Arts
2012-04-14 20:04 . 2012-04-14 20:04 -------- d-----w- c:\users\FRANCO\AppData\Local\APN
2012-04-14 15:41 . 2012-01-17 22:46 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-14 14:58 . 2012-04-24 18:21 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-14 14:58 . 2012-04-14 14:58 -------- d-----w- c:\program files\Norton Internet Security
2012-04-14 14:16 . 2012-04-14 14:16 -------- d-----w- c:\windows\system32\drivers\NSS
2012-04-14 14:16 . 2012-04-14 14:16 -------- d-----w- c:\program files\Norton Security Scan
2012-04-13 19:25 . 2012-04-13 19:25 -------- d-----w- c:\users\FRANCO\AppData\Local\Broadcom
2012-04-13 19:18 . 2012-02-20 00:34 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-04-13 19:18 . 2012-02-20 00:34 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-04-13 19:18 . 2012-02-20 00:34 175144 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-04-13 19:18 . 2012-02-20 00:34 152616 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-04-11 20:44 . 2012-04-11 20:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-10 19:58 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 19:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 19:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 19:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 19:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 19:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-08 21:00 . 2012-04-08 21:00 -------- d-----w- c:\users\FRANCO\AppData\Roaming\SUPERAntiSpyware.com
2012-04-08 21:00 . 2012-04-28 06:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-08 21:00 . 2012-04-08 21:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-08 07:58 . 2012-04-13 18:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 15:30 . 2011-09-10 13:48 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-13 18:48 . 2011-05-13 18:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:52 . 2011-11-10 11:43 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-04 13:56 . 2011-12-18 18:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 18:19 . 2010-08-29 09:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 18:43 . 2010-07-28 19:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-21 18:43 . 2010-07-28 19:12 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 15:44 . 2012-03-01 15:44 146704 ----a-w- c:\windows\system32\SynGlwPadShlExt.dll
2012-03-01 15:44 . 2012-03-01 15:44 320144 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-03-01 15:43 . 2012-03-01 15:43 122128 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-03-01 15:43 . 2012-03-01 15:43 175376 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-03-01 15:43 . 2012-03-01 15:43 224528 ----a-w- c:\windows\system32\SynCtrl.dll
2012-03-01 15:43 . 2009-07-09 14:59 392464 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-24 08:36 . 2011-11-28 21:39 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-20 00:34 . 2011-05-06 19:52 522280 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-02-17 13:08 . 2011-10-07 20:23 149456 ----a-w- c:\windows\SGDetectionTool.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-17 13:08 . 2011-10-07 20:23 2250704 ----a-w- c:\windows\PCTBDCore.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-02-17 13:08 . 2011-10-07 20:23 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-02-17 13:08 . 2011-10-07 20:23 767952 ----a-w- c:\windows\BDTSupport.dll0321.old
2012-02-17 13:08 . 2011-10-07 20:23 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-17 05:34 . 2012-03-13 18:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:34 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-13 18:35 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 04:13 . 2012-02-21 19:19 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-21 19:19 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-21 19:19 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2012-02-21 19:19 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-10 04:13 . 2012-02-21 19:19 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-02-21 19:19 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-21 19:19 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-21 19:19 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-21 19:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 04:13 . 2012-02-21 19:19 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2012-02-21 19:19 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2012-02-21 19:19 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 03:02 . 2012-02-21 19:20 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2012-02-21 19:20 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2012-02-21 19:20 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2012-02-21 19:20 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2012-02-21 19:20 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2012-02-21 19:20 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-06 19:20 . 2012-02-06 19:20 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-05 13:40 . 2010-08-03 12:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-05 12:39 . 2010-08-03 12:19 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-03 03:54 . 2012-03-13 18:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 20:56 . 2011-12-29 21:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-24 18:22 . 2012-04-22 16:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-20 39408]
"MzCPUAccelerator"="c:\program files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe" [2010-12-18 272384]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-01 2333968]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-18 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-11-18 206120]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
.
c:\users\FRANCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-12-27 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-1-21 663552]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-19 1102624]
eBoostr Control Panel.lnk - c:\program files\eBoostr\eBoostrCP.exe [2010-4-15 1610880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^FRANCO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\FRANCO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2009-07-27 554368]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-08-25 76328]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-20 33832]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-04 129976]
R3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSM\0203000.012\SymRdrS.SYS [2011-11-17 177272]
R3 Tcpz-x86;Tcpz-x86;c:\users\FRANCO\AppData\Local\Temp\Tcpz-x86.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VIEWMEM-X86;VIEWMEM-X86;c:\users\FRANCO\AppData\Local\Temp\Temp1_ReadyFor4GB_20090422.zip\ReadyFor4GB_20090422\viewmem-x86.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-30 1343400]
R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-09-29 123320]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-04-15 150616]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-04-27 26624]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\SYMDS.SYS [2011-07-25 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [2012-04-02 821880]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccSetx86.sys [2011-11-29 132744]
S1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOF\0203000.007\ccSetx86.sys [2011-11-04 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120427.001\IDSvix86.sys [2012-04-13 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\Ironx86.SYS [2012-03-29 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1307000.009\SYMNETS.SYS [2012-03-29 318584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
S2 EBOOSTRSVC;eBoostr Service;c:\program files\eBoostr\EBstrSvc.exe [2010-04-15 647296]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2009-08-24 126392]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-04-13 1529152]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-02-20 522280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 45288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-14 106104]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-03-31 350248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETwNs32;___ Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-10-31 7522304]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-31 10064]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - PCTAppEvent
*Deregistered* - pctDS
*Deregistered* - pctEFA
*Deregistered* - pctgntdi
*Deregistered* - PCTSD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:48]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:12]
.
2012-04-14 c:\windows\Tasks\Norton Security Scan for FRANCO.job
- c:\progra~1\Norton Security Scan\Engine\3.6.1.11\Nss.exe [2012-04-14 07:47]
.
2012-04-03 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-02-09 16:05]
.
2012-04-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5a1e8d32-2127-4cf3-b15c-3d48a2dbbae4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-01 c:\windows\Tasks\WebReg .job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 18:40]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.virgilio.it/
mStart Page = hxxp://search.findeer.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{09F54451-697F-4C97-9199-9789DF48F2D8}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{31AB7A5C-8E41-4729-8164-EC489778AD1A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{641C3640-B2D0-48AA-B772-81608F98BA5E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{840E4623-DEFE-4F37-A326-C5F64FFE446A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A8BD4204-D72A-40D3-8225-45E828E22E77}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\078696C6960737F596E6374716C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6642716E636F6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\4496769636F6D6F5135303: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C416023616371602469602479647479702: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C4160236163716024696024797474797: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970223: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C41602361637160246960247974747970233: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B92D5C14-51C6-4D80-BBF6-448305663773}\C496265627F675966496: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C7DB716E-9D93-4CD8-8D3D-71530EF94EED}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\FRANCO\AppData\Roaming\Mozilla\Firefox\Profiles\5mne4rp5.default\
FF - prefs.js: browser.startup.homepage - www.virgilio.it
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,8b,51,1d,6f,7d,24,47,bf,31,ba,\
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-799568924-1534362706-3771050731-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
c:\windows\system32\sppsvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\progra~1\COMMON~1\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-28 19:56:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-28 17:56
.
Pre-Run: 356.738.191.360 byte disponibili
Post-Run: 356.639.371.264 byte disponibili
.
- - End Of File - - 47BA5B315D8CF3995F41855E002BA862
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.08.37, on 29/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\PROGRA~1\COMMON~1\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.18\coIEPlg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MzCPUAccelerator] C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F54451-697F-4C97-9199-9789DF48F2D8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AB7A5C-8E41-4729-8164-EC489778AD1A}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{641C3640-B2D0-48AA-B772-81608F98BA5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{840E4623-DEFE-4F37-A326-C5F64FFE446A}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BD4204-D72A-40D3-8225-45E828E22E77}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 16323 bytes
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MzCPUAccelerator] C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MzCPUAccelerator] C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.43.57, on 29/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.18\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-21-799568924-1534362706-3771050731-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-799568924-1534362706-3771050731-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-799568924-1534362706-3771050731-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-799568924-1534362706-3771050731-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-799568924-1534362706-3771050731-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F54451-697F-4C97-9199-9789DF48F2D8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AB7A5C-8E41-4729-8164-EC489778AD1A}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{34F6317E-4A40-4BD5-A906-F00C9AEB6D45}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{641C3640-B2D0-48AA-B772-81608F98BA5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{840E4623-DEFE-4F37-A326-C5F64FFE446A}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BD4204-D72A-40D3-8225-45E828E22E77}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{04C826DA-126A-459B-9424-94C766EA606F}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 10922 bytes
non riesco a navigare collegando il computer al cellulare Autore: terrybella |
Forum: Reti, ADSL e wireless Risposte: 15 |
Visitano il forum: Nessuno e 44 ospiti