Kenji87

January 28, 2011

Hi, thank you for your reply.

I've followed exactly your instructions but the virus is still there, it seems that there is some file that continue to generate it.

When i run MalwareByte, it finds a virus which i delete; the computer seems to run smooth while i'm not online and the antivirus find nothing.

When i connect to the internet, it work only a few minutes and this things happen:

Internet explorer does not work or crash.

Chrome give blank page with cannot load problem

In Firefox happen something strange: if i leave the standard settings it does not work, and in Tools -> Options -> Advanced -> Network -> Connections -> settings i have "use the proxy of the system" (traduction from italian) and it does not work; but IF I set it on "No proxy" or "auto-detect proxy settings for this network" the browser works for a few minutes, then it start to go crazy, i can't deactivate the connection, the computer goes slow, i have no control of it and i must reboot.

After that i find a new virus...

Here the logs, i'm not attaching it like you asked:

The last MalwareBytes log, run from administrator in windows xp provisory mod:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5623

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

28/01/2011 3.31.44

mbam-log-2011-01-28 (03-31-44).txt

Scan type: Full scan (C:\|)

Objects scanned: 483634

Time elapsed: 2 hour(s), 33 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programmi\mozilla firefox\test.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{73b9b787-50d3-4cf4-b158-25e90160905d}\RP596\A0161960.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\system volume information\_restore{73b9b787-50d3-4cf4-b158-25e90160905d}\RP596\A0161961.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

_______________________________________________________

The last hijackthislog after deleting the virus in the standard mode of windows in my account:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7.00.48, on 28/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Avira\AntiVir Desktop\avshadow.exe

C:\Programmi\DCPFLICS\dcpflics.exe

C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe

C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe

C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\AirPort\APAgent.exe

C:\Programmi\Java\jre6\bin\jusched.exe

C:\Programmi\Logitech\SetPointP\SetPoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Messenger\msmsgs.exe

C:\WINDOWS\system32\mapiicon.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ADSL_A2] A2Installed

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Programmi\AirPort\APAgent.exe"

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [amd_dc_opt] C:\Programmi\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [startCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programmi\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daniele\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [{33F866F4-0E91-4EAB-55BF-3464463241F4}] "C:\Documents and Settings\Daniele\Dati applicazioni\Agkiab\ovad.exe"

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - .DEFAULT User Startup: elyfa.exe (User 'Default user')

O4 - .DEFAULT User Startup: esofy.exe (User 'Default user')

O4 - .DEFAULT User Startup: ilogn.exe (User 'Default user')

O4 - .DEFAULT User Startup: luukeh.exe (User 'Default user')

O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Programmi\DCPFLICS\dcpflics.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Servizio di Google Update (gupdate1c9cf2766eee058) (gupdate1c9cf2766eee058) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: M-Audio ProKeysSono Installer (MAudioProKeysSonoService) - Unknown owner - C:\Programmi\M-Audio\ProKeysSono\MAUSBPSInst.exe (file missing)

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 11001 bytes

______________________________________________________________________

The last piece of the log of Ad-Aware which found another trojan.

******************************** Scan results: *********************************

Scan profile name: Scansione intelligente (ID: smart)

Objects scanned: 71767

Objects detected: 4

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 1

Folders.........: 0

LSPs............: 0

Cookies.........: 3

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: c:\documents and settings\daniele\dati applicazioni\ogud\ybol.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 556bd90ca6145741f85be521fa593c27

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

__________________________________________________________

Every time i run the internet, the virus return and the antivirus find a new .exe with different name and in a different location than the previous virus.

If i can't find a method to resolve this problem, i think i will save the important files and format the computer, i need to use the internet in the weekend :blink:

Thank you again and sorry for my english

January 27, 2011

Hi all, this problem started some days ago after clicking on a internet link (a reply in a forum).

Windows media player opened himself and then my computer started to go slowly.

After some time chrome was not working anymore, firefox and IE redirect me in some sites i never visited and the computer goes out of control (until i restart).

If i don't start the internet connection, the computer run smooth.

Now if i activate the internet connection i can't navigate, chrome and IE does not work, firefox say (this is a traduction from my error in italian lenguage):

"Connection refused from the proxy server. Firefox is configured to use a proxy server that is refusing connections"

So i can't use internet (now i'm using the pc at work)

I've tried many antivirus and the last one (lavasoft ad-aware) deleted some files:

"

Quarantined items:

Description: c:\docume~1\daniele\impost~1\temp\0.7835895404894659.exe Family Name: Win32.Trojan.FakeAV/D Engine: 1 Clean status: Success Item ID: 0 Family ID: 0

Description: c:\docume~1\daniele\impost~1\temp\csrss.exe Family Name: Win32.Trojan.FakeAV/D Engine: 1 Clean status: Success Item ID: 0 Family ID: 0

"

And now every time i start Windows (i have Windows xp sp3) an error say that crss.exe is missing and he can't find it.

I've tried to restore the system to a week ago, but nothing changed.

Here is the log (already loaded on the site and all clean) of Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21.28.51, on 26/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe

C:\Programmi\Avira\AntiVir Desktop\sched.exe

C:\Programmi\Avira\AntiVir Desktop\avguard.exe

C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\Programmi\Avira\AntiVir Desktop\avshadow.exe

C:\Programmi\DCPFLICS\dcpflics.exe

C:\Programmi\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Programmi\Java\jre6\bin\jqs.exe

C:\Programmi\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe

C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe

C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\AirPort\APAgent.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Programmi\Java\jre6\bin\jusched.exe

C:\Programmi\Logitech\SetPointP\SetPoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Messenger\msmsgs.exe

C:\WINDOWS\system32\mapiicon.exe

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programmi\Java\jre6\bin\jucheck.exe

C:\DOCUME~1\Daniele\IMPOST~1\Temp\0.7835895404894659.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

C:\Documents and Settings\Daniele\Dati applicazioni\dwm.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61758