Thanks
- Code: Select all
ComboFix 10-08-27.03 - Loris 28/08/2010 17.18.25.4.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3002.1889 [GMT 2:00] Eseguito da: c:\users\Loris\Desktop\ComboFix.exe SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\%appdata% . ((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-28 ))))))))))))))))))))))))))))))))))) . 2010-08-28 15:26 . 2010-08-28 15:28 -------- d-----w- c:\users\Loris\AppData\Local\temp 2010-08-28 15:26 . 2010-08-28 15:26 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-28 15:26 . 2010-08-28 15:26 -------- d-----w- c:\users\durrrr\AppData\Local\temp 2010-08-28 15:26 . 2010-08-28 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-12 12:03 . 2010-08-12 12:03 -------- d-----w- c:\programdata\DivX 2010-08-12 09:55 . 2010-06-26 06:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-08-05 21:11 . 2010-08-05 21:11 -------- d-----w- C:\5bc655c27bcc507d632c4dff . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-28 15:26 . 2009-03-23 22:22 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-28 15:05 . 2010-02-20 16:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-28 14:51 . 2009-12-08 22:01 -------- d-----w- c:\users\Loris\AppData\Roaming\vlc 2010-08-28 02:58 . 2009-08-31 21:19 -------- d-----w- c:\program files\Full Tilt Poker 2010-08-28 00:27 . 2010-02-28 05:14 -------- d-----w- c:\users\Loris\AppData\Roaming\Spyware Terminator 2010-08-27 10:20 . 2010-02-28 05:14 -------- d-----w- c:\programdata\Spyware Terminator 2010-08-26 15:41 . 2010-04-04 14:28 -------- d-----w- c:\program files\JDownloader 2010-08-21 10:27 . 2009-03-26 20:18 -------- d-----w- c:\program files\Spyware Terminator 2010-08-13 01:09 . 2008-10-25 06:48 -------- d-----w- c:\program files\Microsoft Works 2010-08-13 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-10 20:15 . 2008-10-25 07:18 -------- d-----w- c:\program files\Common Files\Java 2010-08-10 20:15 . 2008-10-25 07:18 -------- d-----w- c:\program files\Java 2010-08-10 20:01 . 2008-10-25 14:57 665702 ----a-w- c:\windows\system32\perfh010.dat 2010-08-10 20:01 . 2008-10-25 14:57 121302 ----a-w- c:\windows\system32\perfc010.dat 2010-07-21 03:18 . 2010-07-21 03:18 -------- d-----w- c:\users\Loris\AppData\Roaming\VeniceLobby.B5CA23157793C8EB7433EADB0451A1FE7E88A7DF.1 2010-07-21 03:18 . 2010-07-21 03:18 -------- d-----w- c:\program files\VeniceLobby 2010-07-21 03:15 . 2010-02-18 14:19 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-07-20 12:22 . 2010-02-18 13:49 -------- d-----w- c:\program files\Electronic Arts 2010-07-20 12:19 . 2010-07-20 12:19 -------- d-----w- c:\programdata\EA Logs 2010-07-20 12:19 . 2008-10-25 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-20 12:18 . 2010-06-13 11:43 -------- d-----w- c:\users\Loris\AppData\Roaming\My Games 2010-07-19 22:02 . 2010-04-15 12:30 -------- d-----w- c:\program files\gdpoker_skin 2010-07-17 03:00 . 2010-05-11 10:42 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-15 18:54 . 2010-07-15 18:54 -------- d-----w- c:\programdata\UDL 2010-07-15 18:53 . 2010-06-29 15:27 -------- d-----w- c:\program files\EPSON 2010-07-14 13:11 . 2010-07-14 13:11 -------- d-----w- c:\users\Loris\AppData\Roaming\VeniceLobby.9F71CA09EFF10A6472C7BA21E2FE0A2C8D29F167.1 2010-06-29 11:48 . 2009-04-14 21:52 5972 ----a-w- c:\users\Loris\AppData\Local\d3d9caps.dat 2010-06-26 06:02 . 2010-08-12 09:54 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 06:02 . 2010-08-12 09:54 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 04:25 . 2010-08-12 09:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-21 13:37 . 2010-08-12 09:54 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 09:54 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 09:54 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 09:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 09:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-11 16:16 . 2010-08-12 09:54 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-11 16:15 . 2010-08-12 09:54 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-06-08 17:35 . 2010-08-12 09:54 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-08 17:35 . 2010-08-12 09:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2008-10-25 15:19 . 2008-10-25 15:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-28 3037696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 09:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):01,63,33,30,c3,72,ca,01 R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-02-28 142592] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Presario&pf=cnnb uInternet Settings,ProxyOverride = local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\desktop\PokerStars.IT\PokerStarsUpdate.exe FF - ProfilePath - c:\users\Loris\AppData\Roaming\Mozilla\Firefox\Profiles\gv582f8x.default\ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - CHIAVI ORFANE RIMOSSE - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe ************************************************************************** scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- [HKEY_USERS\S-1-5-21-2538485830-3884554313-3056553341-1000\Software\SecuROM\License information*] "datasecu"=hex:57,99,33,bb,f6,48,3b,e2,30,c8,46,ba,c0,5f,fa,2c,19,8d,36,46,6a, dc,b8,f3,72,6c,23,e8,9c,90,06,c2,43,ff,bc,7f,01,4c,f6,27,3a,b0,46,d9,a8,63,\ "rkeysecu"=hex:5d,e8,86,5d,74,49,aa,58,90,0e,51,c0,79,2c,aa,de [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Ora fine scansione: 2010-08-28 17:39:38 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-08-28 15:39 ComboFix2.txt 2010-03-01 12:04 Pre-Run: 42.996.510.720 byte disponibili Post-Run: 42.971.885.568 byte disponibili - - End Of File - - 89EF4E95343A42F989ECAC200B3517EC
- Code: Select all
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12.42.32, on 29/08/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Presario&pf=cnnb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-21-2538485830-3884554313-3056553341-1016\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'durrrr') O4 - HKUS\S-1-5-21-2538485830-3884554313-3056553341-1016\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'durrrr') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\desktop\PokerStars.IT\PokerStarsUpdate.exe O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Loris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU) O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Loris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9347 bytes