www.MegaLab.it

[torch]

Ecco quì l'ultimo log.

ComboFix 10-05-14.06 - TRH 15/05/2010 15:52:58.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2614 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\TRH\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\NV33083936.TMP"
"c:\windows\NV48165944.TMP"
"c:\windows\system32\drivers\iynqkam.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\iynqkam.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IYNQKAM
-------\Service_iynqkam


((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-15 11:10 . 2010-05-15 11:23 -------- d-----w- C:\ComboFix_
2010-05-14 23:21 . 2010-05-14 23:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18 . 2010-05-14 23:18 -------- d-----w- c:\programmi\File comuni\Topaz Labs
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:21 . 2008-04-13 18:54 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 20:20 . 2008-04-13 18:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-14 20:06 . 2009-11-23 11:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40 . 2004-08-19 12:00 620804 ----a-w- c:\windows\system32\perfh010.dat
2010-05-15 09:40 . 2004-08-19 12:00 128830 ----a-w- c:\windows\system32\perfc010.dat
2010-05-15 00:32 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11 . 2009-12-30 15:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-12 22:32 . 2010-04-27 11:26 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-05-12 22:32 . 2010-04-27 11:25 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-12 04:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2010-02-16 08:22 . 2010-05-10 15:20 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 16:10
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0xFCFE18AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf616cf28
\Driver\ACPI -> ACPI.sys @ 0xf5fbdcb8
\Driver\atapi -> atapi.sys @ 0xf5e60b40
IoDeviceObjectType -> ParseProcedure -> TUKERNEL.EXE @ 0xe0c096b1
\Device\Harddisk0\DR0 -> ParseProcedure -> TUKERNEL.EXE @ 0xe0c096b1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabjodhgbhkbiccepoekoafbipib"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,
6d,6d,64,62,6b,65,67,70,00,ff
"malhcajkmkogmnaoocakkcpilj"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,6d,
6d,64,62,6b,65,67,70,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\programmi\File comuni\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
e:\sicurezza\Comodo\COMODO Internet Security\cmdagent.exe
c:\programmi\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
e:\scanner\abbyy\NetworkLicenseServer.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
c:\windows\system32\astsrv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\hasplms.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\MNSFramework.exe
c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
e:\manutenzione\PerfectDisk\PDAgent.exe
c:\programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-15 16:19:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-15 14:18

Pre-Run: 2.291.003.392 byte disponibili
Post-Run: 1.887.604.736 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - DCD6C322DDCCB3EDBB1AB359C0A7643C

Mentre combofix lavorava, avira ha trovato un altro virus sempre nella cartella c:combofix e l'ha rimosso.

Cosa devo fare ora?

Grazie

[stevens]

sembri ancora infettato da rootkit

disattiva l'antivirus

scarica in C:\ mbr.exe

vai in provvisoria

start => esegui => digita: c:\mbr.exe -f (fai copia incolla )

posta il rapporto, lo trovi in c:\

[torch]

L'antivirus (avira) lo disattivo con il tasto destro sulla trayicons, e tolgo il segno di spunta da -Attiva antivir guard-. L'ombrello sulla tray si chiude.
Basta fare così o dovrei fare dell'altro per disattivarlo?

[torch]

Ecco qui il log generato da mbr.exe:

------
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-------

[stevens]

anche l'MBR e' a posto

esegui anche questo programmino

lascia le spunte di default e clicca su ''start scan ''

il log lo trovi sul desktop oppure cliccando su ''view report''

[torch]

Sto eseguendo la scansione con l'anti rootkit di avira.
Appena finisce posto il log.

[torch]

Eccolo qui:

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started sabato 15 maggio 2010 - 19:27:31
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 49.85 GB
- Working disk free size : 1.80 GB (3 %)
--------------------------------------------------------------------------------------------------------

Results:
Value data mismatch : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Adobe\Bridge CS5\Preferences -> favoritesicons
Embedded nulls : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}
Hidden value : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B} -> nabjodhgbhkbiccepoekoafbipib
Hidden value : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B} -> malhcajkmkogmnaoocakkcpilj

--------------------------------------------------------------------------------------------------------
Files: 0/358913
Registry items: 4/1334023
Processes: 0/68
Scan time: 00:12:40
--------------------------------------------------------------------------------------------------------
Active processes:
- zkwpcvug.exe (PID 2172) (Avira AntiRootkit Tool)
- System (PID 4)
- smss.exe (PID 860)
- csrss.exe (PID 1128)
- winlogon.exe (PID 1220)
- services.exe (PID 1328)
- lsass.exe (PID 1340)
- svchost.exe (PID 1580)
- svchost.exe (PID 1712)
- cmdagent.exe (PID 1768)
- svchost.exe (PID 1828)
- svchost.exe (PID 1916)
- S24EvMon.exe (PID 260)
- svchost.exe (PID 352)
- svchost.exe (PID 516)
- spoolsv.exe (PID 744)
- scardsvr.exe (PID 844)
- sched.exe (PID 868)
- avguard.exe (PID 924)
- svchost.exe (PID 1124)
- NetworkLicenseServer.exe (PID 804)
- AppleMobileDeviceService.exe (PID 1084)
- lmgrd.exe (PID 1180)
- rpcACMapp.exe (PID 1264)
- lmgrd.exe (PID 1356)
- ASTSRV.EXE (PID 208)
- mDNSResponder.exe (PID 1560)
- svchost.exe (PID 1604)
- EvtEng.exe (PID 1800)
- hasplms.exe (PID 1708)
- jqs.exe (PID 784)
- raysat_3dsmax2010_32server.exe (PID 1028)
- raysat_3dsmax2011_32server.exe (PID 1436)
- MNSFramework.exe (PID 2120)
- sqlservr.exe (PID 2160)
- NBService.exe (PID 2488)
- NicConfigSvc.exe (PID 2744)
- nvPDsvc.exe (PID 2788)
- nvsvc32.exe (PID 2832)
- PDAgent.exe (PID 2864)
- RegSrvc.exe (PID 2916)
- RichVideo.exe (PID 2952)
- sqlwriter.exe (PID 2984)
- svchost.exe (PID 3028)
- WDDMService.exe (PID 3048)
- WLKEEPER.exe (PID 3440)
- explorer.exe (PID 2188)
- SynTPEnh.exe (PID 3996)
- stsystra.exe (PID 4020)
- rundll32.exe (PID 4060)
- wmiprvse.exe (PID 2416)
- alg.exe (PID 564)
- quickset.exe (PID 2176)
- LVComS.exe (PID 2256)
- GrooveMonitor.exe (PID 2060)
- acrotray.exe (PID 2936)
- avgnt.exe (PID 3816)
- rundll32.exe (PID 2392)
- ZCfgSvc.exe (PID 3624)
- iFrmewrk.exe (PID 1760)
- iTunesHelper.exe (PID 328)
- unsecapp.exe (PID 3548)
- wmiprvse.exe (PID 292)
- I8kfanGUI.exe (PID 664)
- ISUSPM.exe (PID 2644)
- ctfmon.exe (PID 1048)
- iPodService.exe (PID 4508)
- avirarkd.exe (PID 5476)
========================================================================================================
- Scan finished sabato 15 maggio 2010 - 19:40:12
========================================================================================================

[stevens]

dovrebbe averlo eliminato, e' lo stesso che combofix ha bloccato

prova ad eseguire combofix nuovamente, vediamo se lo rileva ancora

elimina tutti gli altri log di combofix

noti miglioramenti?

[torch]

Salve.

Invero non è che prima notassi dei problemi. E' solo che quei rilevamenti, uno dopo l'altro, di file malevoli nella cartella drivers mi aveva insospettito.

I bluescreen, fortunatamente, non compaiono più.

E' che sapere di avere il pc infetto, e a possibile riscio di intrusioni, non mi fa fare sogni franquilli...

Non è che devo disattivare qualcosa prima di riavviare combofix?

(tipo "ripristina configurazione di sistema"?)

Grazie

[torch]

Ecco il nuovo log

ComboFix 10-05-14.06 - TRH 15/05/2010 20:16:08.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2612 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\TRH\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\NV33083936.TMP"
"c:\windows\NV48165944.TMP"
"c:\windows\system32\drivers\iynqkam.sys"
.

((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-15 14:34 . 2010-05-15 14:33 77312 ----a-w- C:\mbr.exe
2010-05-15 11:10 . 2010-05-15 11:23 -------- d-----w- C:\ComboFix_
2010-05-14 23:21 . 2010-05-15 15:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18 . 2010-05-14 23:18 -------- d-----w- c:\programmi\File comuni\Topaz Labs
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:21 . 2008-04-13 18:54 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 20:20 . 2008-04-13 18:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-14 20:06 . 2009-11-23 11:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-10 15:20 . 2010-02-16 08:22 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26 . 2010-05-12 22:32 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25 . 2010-05-12 22:32 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40 . 2004-08-19 12:00 620804 ----a-w- c:\windows\system32\perfh010.dat
2010-05-15 09:40 . 2004-08-19 12:00 128830 ----a-w- c:\windows\system32\perfc010.dat
2010-05-15 00:32 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11 . 2009-12-30 15:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-12 04:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-15_11.18.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 18:13 . 2010-05-15 18:13 16384 c:\windows\temp\Perflib_Perfdata_6b4.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-14 20:06 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2009-11-23 12:24 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabjodhgbhkbiccepoekoafbipib"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,
6d,6d,64,62,6b,65,67,70,00,ff
"malhcajkmkogmnaoocakkcpilj"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,6d,
6d,64,62,6b,65,67,70,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
Ora fine scansione: 2010-05-15 20:28:11
ComboFix-quarantined-files.txt 2010-05-15 18:28

Pre-Run: 1.911.091.200 byte disponibili
Post-Run: 1.848.602.624 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - E0FA3408DCA26A1F7FC45200A97E0F43

[stevens]

apri una pagina del blocco note e copia incolla quanto segue

RegLock::
[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...

[torch]

Rieccoci. Nuovo log di combofix:

ComboFix 10-05-14.06 - TRH 15/05/2010 20:49:02.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2738 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\TRH\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-15 14:34 . 2010-05-15 14:33 77312 ----a-w- C:\mbr.exe
2010-05-15 11:10 . 2010-05-15 11:23 -------- d-----w- C:\ComboFix_
2010-05-14 23:21 . 2010-05-15 15:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18 . 2010-05-14 23:18 -------- d-----w- c:\programmi\File comuni\Topaz Labs
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:21 . 2008-04-13 18:54 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 20:20 . 2008-04-13 18:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-14 20:06 . 2009-11-23 11:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-10 15:20 . 2010-02-16 08:22 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26 . 2010-05-12 22:32 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25 . 2010-05-12 22:32 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40 . 2004-08-19 12:00 620804 ----a-w- c:\windows\system32\perfh010.dat
2010-05-15 09:40 . 2004-08-19 12:00 128830 ----a-w- c:\windows\system32\perfc010.dat
2010-05-15 00:32 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11 . 2009-12-30 15:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-12 04:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-15_11.18.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 18:13 . 2010-05-15 18:13 16384 c:\windows\temp\Perflib_Perfdata_6b4.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 18:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-14 20:06 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2009-11-23 12:24 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 20:54
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabjodhgbhkbiccepoekoafbipib"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,
6d,6d,64,62,6b,65,67,70,00,ff
"malhcajkmkogmnaoocakkcpilj"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,6d,
6d,64,62,6b,65,67,70,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\programmi\File comuni\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-05-15 20:58:00
ComboFix-quarantined-files.txt 2010-05-15 18:57
ComboFix2.txt 2010-05-15 18:28

Pre-Run: 1.883.508.736 byte disponibili
Post-Run: 1.842.954.240 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - 60CA1E05AD7509FFE7F9DA770E92110E

[stevens]

scusa ho sbagliato lo script....elimina nuovamente il log di combofix e ripeti il passaggio di prima con questo script

RegNull::
[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

posta il nuovo log
mi raccimando, elimina TUTTI I LOG PRECEDENTI DI COMBOFIX e posta quello nuovo

[torch]

Prima di rieseguire combofix cancello sempre il log precedente (combofix.txt che trovo in c:)
Ho appena rilanciato combofix.
Posto appena finisce

[torch]

Ecco:

ComboFix 10-05-14.06 - TRH 15/05/2010 21:16:22.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2608 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\TRH\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-15 14:34 . 2010-05-15 14:33 77312 ----a-w- C:\mbr.exe
2010-05-15 11:10 . 2010-05-15 11:23 -------- d-----w- C:\ComboFix_
2010-05-14 23:21 . 2010-05-15 15:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18 . 2010-05-14 23:18 -------- d-----w- c:\programmi\File comuni\Topaz Labs
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:21 . 2008-04-13 18:54 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 20:20 . 2008-04-13 18:40 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-05-14 20:20 . 2008-04-13 17:40 27392 ----a-w- c:\windows\system32\drivers\fdc.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys
2010-05-14 20:18 . 2001-08-17 19:52 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys
2010-05-14 20:06 . 2009-11-23 11:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-10 15:20 . 2010-02-16 08:22 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26 . 2010-05-12 22:32 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25 . 2010-05-12 22:32 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40 . 2004-08-19 12:00 620804 ----a-w- c:\windows\system32\perfh010.dat
2010-05-15 09:40 . 2004-08-19 12:00 128830 ----a-w- c:\windows\system32\perfc010.dat
2010-05-15 00:32 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11 . 2009-12-30 15:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-12 04:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-15_11.18.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 19:13 . 2010-05-15 19:13 16384 c:\windows\temp\Perflib_Perfdata_b8.dat
+ 2008-12-11 11:02 . 2010-05-15 19:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 19:13 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 19:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-14 20:06 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2009-11-23 12:24 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service e:\scanner\abbyy\NetworkLicenseServer.exe -service
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run c:\windows\system32\hasplms.exe -run
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys c:\windows\system32\drivers\CFRMD.sys
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys c:\windows\system32\DRIVERS\ivusb.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
Ora fine scansione: 2010-05-15 21:27:52
ComboFix-quarantined-files.txt 2010-05-15 19:27
ComboFix2.txt 2010-05-15 18:28

Pre-Run: 1.881.264.128 byte disponibili
Post-Run: 1.815.281.664 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - 9B036A1DE1BCEBD566A9412C290EA5C9

[stevens]

mentre controllo combofix riesegui avira antirootkit come prima

lascia le spunte di default e clicca su ''start scan ''

il log lo trovi sul desktop oppure cliccando su ''view report''

elimina il vecchio log e posta quello che ti rilascera' la nuova scansione

[torch]

Lo stavo facendo... ormai mi stai istruendo a dovere :-)

eccolo qui:

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
- Scan started sabato 15 maggio 2010 - 21:30:15
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 49.85 GB
- Working disk free size : 1.74 GB (3 %)
--------------------------------------------------------------------------------------------------------

Results:
Value data mismatch : HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Adobe\Bridge CS5\Preferences -> favoritesicons

--------------------------------------------------------------------------------------------------------
Files: 0/243919
Registry items: 1/1334053
Processes: 0/48
Scan time: 00:08:53
--------------------------------------------------------------------------------------------------------
Active processes:
- smhnwkyx.exe (PID 3324) (Avira AntiRootkit Tool)
- System (PID 4)
- smss.exe (PID 804)
- csrss.exe (PID 1072)
- winlogon.exe (PID 1164)
- services.exe (PID 1324)
- lsass.exe (PID 1336)
- svchost.exe (PID 1568)
- svchost.exe (PID 1652)
- cmdagent.exe (PID 1708)
- svchost.exe (PID 1756)
- svchost.exe (PID 1868)
- S24EvMon.exe (PID 2016)
- svchost.exe (PID 212)
- svchost.exe (PID 268)
- spoolsv.exe (PID 572)
- scardsvr.exe (PID 652)
- sched.exe (PID 620)
- avguard.exe (PID 744)
- svchost.exe (PID 944)
- NetworkLicenseServer.exe (PID 336)
- AppleMobileDeviceService.exe (PID 904)
- lmgrd.exe (PID 1840)
- rpcACMapp.exe (PID 1024)
- lmgrd.exe (PID 1092)
- ASTSRV.EXE (PID 1132)
- mDNSResponder.exe (PID 1172)
- svchost.exe (PID 1216)
- EvtEng.exe (PID 1288)
- hasplms.exe (PID 1984)
- jqs.exe (PID 184)
- MNSFramework.exe (PID 1516)
- sqlservr.exe (PID 1876)
- NBService.exe (PID 2344)
- NicConfigSvc.exe (PID 2540)
- nvPDsvc.exe (PID 2564)
- nvsvc32.exe (PID 2584)
- PDAgent.exe (PID 2628)
- RegSrvc.exe (PID 2688)
- RichVideo.exe (PID 2740)
- sqlwriter.exe (PID 2768)
- svchost.exe (PID 2816)
- WDDMService.exe (PID 2844)
- WLKEEPER.exe (PID 3272)
- wmiprvse.exe (PID 3788)
- alg.exe (PID 1352)
- explorer.exe (PID 1240)
- avirarkd.exe (PID 3772)
========================================================================================================
- Scan finished sabato 15 maggio 2010 - 21:39:09
========================================================================================================

[stevens]

penso che l'accoppiata combofix \avira dovrebbe averlo eliminato....se confronti i due log di avira e di combofix non sono piu' presenti

fai un ulteriore controllo con Sophos Anti-Rootkit

[torch]

Sophos antirootkit stà scansionando il sistema già dsa un po... continua ad analizzare file, ma la barra di avanzamento sarà dieci minuti che è ferma...

Per ora ha trovato solo un Unknown hidden file nella cartella c:\system volume information\_restore

[stevens]

incrocia le dita, forse ci siamo