mswinvks.exe

[maverik085]

Ciao a tutti ragazzi!
Io ho lo stesso problema che si è presentato a molti e cioè il virus mswinvks.exe.
Quando apro il computer mi appare una finestra con la scritta:

C:\WINDOWS\system32\mswinvk.exe

Impossibile trovare il file"C:\WINDOWS\system32\mswinvks.exe". Verificare che il percorso e il nome del file siano corretti e ritentare. Per cercare un file fare clic sul pulsante Start, quindi scegliere Trova.

Poi quando clicco su ok mi viene fuori un'altra finestra con scritto:

Impossibile caricare o eseguire il file "C:\WINDOWS\system32\mswinvks.exe", specificato nel Registro di sistema. Controllare che il file esista, oppure rimuoverne il relativo riferimento nel Registro di sistema.

Poichè se vi allego il log del software da voi consigliato è troppo lungo lo spezzerò in due parti
Grazie anticipatamente



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:05, on 05/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\3D Studio Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PLFSetL.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Acronis\TrueImage\TrueImageMonitor.ex e
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

[maverik085]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/yco...//it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/yco...//it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImage\TrueImageMonitor.ex e
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [giwesgs] "c:\documents and settings\andrea carpin\impostazioni locali\dati applicazioni\giwesgs.exe" giwesgs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Point&&Go - C:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005\IEExtension.dll
O9 - Extra 'Tools' menuitem: Garzanti Linguistica - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\File comuni\Garzanti\Dizionari Garzanti 2005

\IEExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

[maverik085]

http://www.update.microsoft.com/micr...?1202937396046
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File

comuni\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\3D Studio Max 9

\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 16926 bytes

[antonpaco]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,;*.local

F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe

credo proprio che queste voci siano infette, prova a fare un controllo su www.virustotal.com

[maverik085]

grazie antonpaco!
Ho cercato di fare come dici ma quando vado sul sito www.virustotal.com e clicco sul bottone sfoglia ho i seguenti problemi:

1) il primo file denominato " R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,;*.local " non so dove andarlo a cercare su C:
Ho provato a usare anche il comando cerca dal menù di avvio ma non mi da risultati

2) il secondo file denominato " F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe" non sono riuscito a trovarlo dentro la cartella " system32 " .Ho provato a mettere come visibili i files nascosti (cliccando nel menù della barra in alto della cartella "strumenti/opzioni cartella" e poi sulla linguetta "visualizzazione" e spuntando "visualizza cartelle e files nascosti" e togliendo la spunta da "nascondi i files protetti da sistema") ma non l'ho trovato. POi ho provato a usare anche il comando cerca dal menù di avvio ma non mi da risultati.

Cosa mi consigli?
Perchè sò che molti con lo stesso problema lo hanno eliminato installando il programma Malwarebytes' Anti-Malware. Io però prima di provare volevo che qualcuno mi desse l'ok che io non sto facenendo una stupidaggine.

Grazie 1000!!

[amvinfe]

ciao,

scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Vai su http://www.mediafire.com clicca su "Upload to MediaFire" carica il file con estensione .zip e scrivi, nella tua prossima replica, l'URL per poterlo scaricare.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.




SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.

[maverik085]

Ciao amvinfe!
Grazie 1000 dell'aiuto!
Ho fatto come hai detto e questo è l'indirizzo URL:
http://www.mediafire.com/file/1ijynz..._08_report.zip

[amvinfe]

Portati su http://www.bleepingcomputer.com/comb...usare-combofix
prima di scaricarlo sul desktop cambiagli il nome in, ad esempio, @123.exe

Disconnettiti da internet, chiudi tutte le finestre eventuali di altri programmi, browser compreso, assicurati che l'antivirus sia effettivamente disattivato.


Attenzione!
prima di usare il programma, leggiti attentamente tutto il tutorial.
Le procedure vengono spiegate passo-passo, l'importante è eseguirle correttamente

Si ringrazia Clairvoyant - p2pforum.it per aver tradotto la guida in italiano.

[maverik085]

Ciao amvinfe.Grazie veramente del tuo aiuto!

ho fatto come hai detto e ora le scritte all'avvio di windows non compaiono più!
Ti riporto qui il file Log che mi ha creato Combofix alla fine, però te lo spezzo in due altrimenti il messaggio è troppo lungo.


ComboFix 09-12-11.04 - ANDREA CARPIN 12/12/2009 10:06:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2328 [GMT 1:00]
Eseguito da: c:\documents and settings\ANDREA CARPIN\Desktop\@123.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\All Users\Menu Avvio\Programmi\Acer Crystal Eye
c:\documents and settings\All Users\Menu Avvio\Programmi\Acer Crystal Eye \Acer Crystal Eye webcam.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\Acer Crystal Eye \Uninstall.lnk
c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Desktopicon
c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Desktopicon\uninst.exe
c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Dossier de téléchargement Share-to-Web
c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\giwesgs_nav.dat
C:\LOG.TXT
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\system32\drivers\npf.sys
c:\windows\system32\mswins.sys
c:\windows\system32\pthreadVC.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-11-12 al 2009-12-12 )))))))))))))))))))))))))))))))))))
.

2092-11-06 13:29 . 2092-11-06 13:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DesignBuilder
2092-11-06 13:29 . 2009-03-01 22:47 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\DesignBuilder
2092-11-06 13:29 . 2008-07-24 09:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2092-11-06 13:29 . 2007-11-19 19:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2092-11-06 13:29 . 2000-03-06 23:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2092-11-06 13:29 . 1999-04-23 21:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2092-11-06 13:29 . 1996-08-24 10:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2092-11-06 13:29 . 2092-11-06 13:29 -------- d-----w- c:\programmi\DesignBuilder
2090-03-11 13:46 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-12 09:14 . 2009-12-12 09:14 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Dossier de téléchargement Share-to-Web
2009-12-12 09:14 . 2009-12-12 09:14 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Dossier de téléchargement Share-to-Web
2009-12-10 09:15 . 2009-12-10 09:27 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\AskToolbar
2009-12-10 08:39 . 2009-12-10 08:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-08 07:08 . 2009-12-08 07:09 -------- d-----w- c:\programmi\EmuleEx
2009-12-06 17:50 . 2009-12-06 17:50 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\vdownloader
2009-12-06 17:50 . 2009-12-06 17:50 -------- d-----w- c:\programmi\Ask.com
2009-12-06 17:50 . 2009-12-06 17:50 -------- d-----w- c:\programmi\VDOWNLOADER
2009-12-06 13:46 . 2009-12-06 13:46 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\SAU KP
2009-12-06 13:46 . 2009-12-06 13:46 -------- d-----w- c:\programmi\SAU KP
2009-12-06 12:43 . 2009-12-06 16:17 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\Babylon
2009-12-06 12:41 . 2009-09-01 11:04 52224 ----a-w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Mozilla\Firefox\Profiles\gsq9cbj1.def ault\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2009-12-06 12:41 . 2009-09-01 11:04 114688 ----a-w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Mozilla\Firefox\Profiles\gsq9cbj1.def ault\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\npmozax.dll
2009-12-06 12:41 . 2009-12-06 12:41 -------- d-----w- c:\programmi\Babylon
2009-12-06 12:41 . 2009-12-12 09:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-12-06 12:41 . 2009-12-07 08:39 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Babylon
2009-12-06 12:35 . 2004-11-10 16:20 425984 ----a-w- c:\windows\My 3D Christmas Tree Full.scr
2009-12-06 12:35 . 2004-04-29 13:24 28672 ----a-w- c:\windows\vorbisfile.dll
2009-12-06 12:35 . 2004-04-29 13:24 974848 ----a-w- c:\windows\vorbis.dll
2009-12-06 12:35 . 2004-04-29 13:24 49152 ----a-w- c:\windows\ogg.dll
2009-12-06 12:35 . 2009-12-06 12:35 -------- d-----w- c:\programmi\ScreenSaver.com
2009-12-06 12:22 . 2009-12-06 13:38 -------- d-----w- c:\programmi\Dizionario Garzanti Hazon Inglese 2005
2009-12-05 09:56 . 2009-12-05 09:56 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 09:56 . 2009-12-05 09:56 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Malwarebytes
2009-12-05 09:56 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 09:56 . 2009-12-05 09:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-05 09:56 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 09:56 . 2009-12-05 09:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-05 09:18 . 2009-12-05 09:18 -------- d-----w- c:\programmi\Trend Micro
2009-12-02 13:32 . 2009-12-02 13:32 -------- d-----w- c:\windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP
2009-12-02 13:23 . 2009-12-02 13:23 -------- d-----w- c:\windows\Internet Logs
2009-12-02 13:22 . 2007-01-31 12:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-12-02 13:22 . 2007-01-31 12:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-12-02 13:22 . 2009-12-02 13:22 -------- d-----w- c:\programmi\File comuni\Deterministic Networks
2009-12-02 13:22 . 2009-12-02 13:36 -------- d-----w- c:\programmi\Cisco Systems
2009-11-30 09:33 . 2009-11-30 09:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-11-28 15:13 . 2009-11-28 15:13 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\ESET
2009-11-28 15:02 . 2009-11-28 15:02 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2009-11-28 14:53 . 2008-03-03 17:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-11-28 14:53 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-11-28 14:52 . 2009-11-28 14:52 -------- d-----w- c:\programmi\ESET
2009-11-28 14:52 . 2009-11-28 14:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-11-27 23:54 . 2009-11-27 23:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-11-27 23:54 . 2009-11-27 23:54 -------- d-----w- c:\programmi\McAfee Security Scan
2009-11-27 23:54 . 2009-11-27 23:54 836464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\SecurityScan_Rele ase.exe
2009-11-27 23:54 . 2009-11-28 09:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-24 09:32 . 2009-11-24 09:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-11-24 09:32 . 2009-11-24 09:32 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-11-22 13:30 . 2009-11-06 10:43 877848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-11-21 15:10 . 2009-11-21 15:10 91284 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 10:28 . 2009-11-19 10:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ALM
2009-11-17 12:06 . 2009-11-28 14:55 359416 --sh--w- c:\windows\system32\mswins.DLL
2009-11-15 16:16 . 2009-11-15 16:16 79488 ----a-w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-13 08:47 . 2009-11-13 08:47 3963648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-11-13 08:47 . 2009-11-13 08:47 497944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-11-13 08:47 . 2009-11-10 16:05 4026136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2009-11-13 08:47 . 2009-11-10 16:05 2016536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2009-11-13 08:47 . 2009-11-10 16:05 1257240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2009-11-13 08:47 . 2009-11-06 10:43 600344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgnsx.exe

[maverik085]

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-12-12 09:12 . 2008-02-13 20:38 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-11 16:42 . 2009-01-24 14:14 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Skype
2009-12-11 11:14 . 2009-01-24 14:17 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\skypePM
2009-12-04 11:06 . 2008-02-13 21:08 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-01 10:04 . 2008-04-04 08:47 -------- d-----w- c:\programmi\Google
2009-11-26 13:25 . 2008-02-14 13:13 -------- d-----w- c:\programmi\ScanSpyware v3.8.0.1
2009-11-24 10:55 . 2008-02-13 20:26 125152 ----a-w- c:\documents and settings\ANDREA CARPIN\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-24 09:37 . 2008-02-26 00:47 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\AdobeUM
2009-11-23 08:58 . 2009-11-06 10:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-11 08:33 . 2009-03-15 10:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-10 16:05 . 2009-11-10 16:05 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-09 15:30 . 2009-06-02 09:00 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\Apple Computer
2009-11-06 21:12 . 2009-06-14 17:29 -------- d-----w- c:\documents and settings\ANDREA CARPIN\Dati applicazioni\dvdcss
2009-11-06 10:43 . 2009-11-10 16:05 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2009-11-06 10:43 . 2009-11-10 16:05 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-06 10:43 . 2009-11-06 10:43 -------- d-----w- c:\programmi\AVG
2009-11-04 08:53 . 2009-11-04 08:52 -------- d-----w- c:\programmi\iTunes
2009-11-04 08:53 . 2009-11-04 08:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-04 08:52 . 2009-11-04 08:52 -------- d-----w- c:\programmi\iPod
2009-11-04 08:52 . 2009-06-06 07:30 -------- d-----w- c:\programmi\File comuni\Apple
2009-11-04 08:52 . 2009-11-04 08:52 -------- d-----w- c:\programmi\QuickTime
2009-11-04 08:52 . 2008-02-14 13:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-13 07:43 . 2008-02-14 13:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 12:37 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Translate.Net"="c:\programmi\SAU KP\Translate.Net\Translate.Net.exe" [2009-07-25 405504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2007-09-07 1015808]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\A zMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-19 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPSt art.exe" [2007-09-07 102400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueI mage\TrueImageMonitor.exe" [2005-10-25 988565]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2005-10-25 118784]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.e xe" [2009-10-28 141600]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2009-10-22 3721104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-12-2 6144]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStun t.exe"=
"c:\\Programmi\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Programmi\\eMule Extreme\\emule.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\3D Studio Max 9\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe" =
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe" =
"c:\\Programmi\\Autodesk\\Backburner\\server.e xe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\EmuleEx\\emsoft.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [20/02/2008 11:11 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 472320]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [13/03/2009 19:40 8192]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 19:00 3584]