Ciao a tutti!
Oggi, accendendo il pc, mi sono ritrovato ad accedere ad una homepage che non era la mia, ovvero su en.v9.com con tutto ciò che ne consegue.... Se potete darmi una mano, io non so a quale santo affidarmi :cav: Ho provato a fare una scansione ma non viene rilevato, io non sono un esperto... Mi è stato detto di provare l'HijackThis e questo è il file log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.52.53, on 29/05/13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Kies\Kies.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Documents and Settings\All Users\Dati applicazioni\eSafe\eGdpSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
E:\Downloads\HiJackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = V9 Portal Site
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = V9 Portal Site
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: RADIO TIME - {11d3cd90-b806-4116-b0db-b3ba2137c061} - C:\Programmi\RADIO_TIME\prxtbRAD0.dll
O2 - BHO: PiccShare - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ext_piccshare\ext_piccshare.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Programmi\XingHaoLyrics\lrcspal.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: RADIO TIME Toolbar - {11d3cd90-b806-4116-b0db-b3ba2137c061} - C:\Programmi\RADIO_TIME\prxtbRAD0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunOnce: [Del4229343] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Programmi\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SCheck] "C:\Documents and Settings\Administrator\Dati applicazioni\SCheck\SCheck.exe" check nohp nods
O4 - HKCU\..\Run: [SSync] "C:\Documents and Settings\Administrator\Dati applicazioni\SSync\SSync.exe"
O4 - HKCU\..\Run: [DataMgr] "C:\Documents and Settings\Administrator\Dati applicazioni\DataMgr\DataMgr.exe"
O4 - HKCU\..\Run: [Intermediate] "C:\Documents and Settings\Administrator\Dati applicazioni\Intermediate\Intermediate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Del510171] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O4 - HKCU\..\RunOnce: [Del4229343] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://77.238.10.101/security/services/static/McciInstaller.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C64784-2491-4759-9F27-DD370C08D016}: Domain = domain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: eSafe Service (eSafeSvc) - eSafe Security Co., Ltd. - C:\Documents and Settings\All Users\Dati applicazioni\eSafe\eGdpSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpSC - SoftwareUpdService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe
--
End of file - 11272 bytes
Oggi, accendendo il pc, mi sono ritrovato ad accedere ad una homepage che non era la mia, ovvero su en.v9.com con tutto ciò che ne consegue.... Se potete darmi una mano, io non so a quale santo affidarmi :cav: Ho provato a fare una scansione ma non viene rilevato, io non sono un esperto... Mi è stato detto di provare l'HijackThis e questo è il file log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.52.53, on 29/05/13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Kies\Kies.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Documents and Settings\All Users\Dati applicazioni\eSafe\eGdpSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
E:\Downloads\HiJackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = V9 Portal Site
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9 Portal Site
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = V9 Portal Site
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programmi\AutocompletePro\AutocompletePro.dll
O2 - BHO: RADIO TIME - {11d3cd90-b806-4116-b0db-b3ba2137c061} - C:\Programmi\RADIO_TIME\prxtbRAD0.dll
O2 - BHO: PiccShare - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ext_piccshare\ext_piccshare.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Programmi\XingHaoLyrics\lrcspal.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: RADIO TIME Toolbar - {11d3cd90-b806-4116-b0db-b3ba2137c061} - C:\Programmi\RADIO_TIME\prxtbRAD0.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunOnce: [Del4229343] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Programmi\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SCheck] "C:\Documents and Settings\Administrator\Dati applicazioni\SCheck\SCheck.exe" check nohp nods
O4 - HKCU\..\Run: [SSync] "C:\Documents and Settings\Administrator\Dati applicazioni\SSync\SSync.exe"
O4 - HKCU\..\Run: [DataMgr] "C:\Documents and Settings\Administrator\Dati applicazioni\DataMgr\DataMgr.exe"
O4 - HKCU\..\Run: [Intermediate] "C:\Documents and Settings\Administrator\Dati applicazioni\Intermediate\Intermediate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Del510171] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O4 - HKCU\..\RunOnce: [Del4229343] cmd.exe /Q /D /c del "C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\0.del"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Administrator\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://77.238.10.101/security/services/static/McciInstaller.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C64784-2491-4759-9F27-DD370C08D016}: Domain = domain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: eSafe Service (eSafeSvc) - eSafe Security Co., Ltd. - C:\Documents and Settings\All Users\Dati applicazioni\eSafe\eGdpSvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpSC - SoftwareUpdService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe
--
End of file - 11272 bytes