mi vengono rilevate 58 minacce
tutti ricollegabile al file Rootkit.HiddenValue@0
Comodo non riesce ad estirpare la minaccia (sempre se è tale )
questo è il log di comodo
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\ThreadingModel
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\ThreadingModel
questo di HijackThis,che sembra pulito..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:14, on 27/03/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 5359 bytes
Scan saved at 12:56:14, on 27/03/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 5359 bytes
Combofix
ComboFix 11-03-26.01 - user 27/03/2011 12:15:19.12.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3067.2655 [GMT 2:00]
Eseguito da: c:\users\user\Downloads\jj.exe
AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-27 al 2011-03-27 )))))))))))))))))))))))))))))))))))
.
.
2011-03-27 10:20 . 2011-03-27 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-27 08:46 . 2011-03-27 08:47 -------- d-----w- c:\users\user\AppData\Local\{2CA4FF5A-5C40-4E65-A578-30A5D61316FF}
2011-03-26 11:57 . 2011-03-26 12:08 -------- d-----w- C:\jj
2011-03-26 10:18 . 2011-03-26 10:18 -------- d-----w- c:\users\user\AppData\Local\{FA8BAB44-7365-4822-82D5-61C22050B0B1}
2011-03-25 12:21 . 2011-03-25 12:21 -------- d-----w- c:\users\user\AppData\Local\{C1858907-E88C-4285-972F-C5F91106E814}
2011-03-24 11:25 . 2011-03-24 11:25 -------- d-----w- c:\users\user\AppData\Local\{35D4C66C-F1AC-4824-8401-541242B0084A}
2011-03-23 11:39 . 2011-03-23 11:40 -------- d-----w- c:\users\user\AppData\Local\{4B86640B-969A-4CB6-811B-95093C666E48}
2011-03-22 09:43 . 2011-03-22 09:43 -------- d-----w- c:\users\user\AppData\Local\{45BD5B2C-E0B5-4995-A886-0B94CD0E7794}
2011-03-22 09:06 . 2011-03-22 09:06 -------- d-----w- c:\users\user\AppData\Local\{0B9067DD-80A4-45BC-82C7-F25907D0BE5F}
2011-03-21 15:26 . 2011-03-21 15:26 -------- d-----w- c:\users\user\AppData\Local\{D3A06F5E-2A79-44FE-8D10-2EF8437B93D3}
2011-03-20 21:31 . 2011-03-20 21:31 -------- d-----w- c:\users\user\AppData\Local\{53C8DAFE-86FA-4A2D-A7CA-5EB120376FBA}
2011-03-20 09:15 . 2011-03-20 09:15 -------- d-----w- c:\users\user\AppData\Local\{58B954B6-C381-4E82-9FBD-FE073ACADE20}
2011-03-19 18:46 . 2011-03-19 18:46 -------- d-----w- C:\VritualRoot
2011-03-19 17:53 . 2011-03-27 10:20 -------- d-----w- c:\users\user\AppData\Local\temp
2011-03-19 08:07 . 2011-03-19 08:07 -------- d-----w- c:\users\user\AppData\Local\{DBCD1B9D-8B4D-4575-A621-81D9AD0C22FA}
2011-03-18 22:36 . 2011-03-18 23:18 -------- d-----w- c:\programdata\Immunet
2011-03-18 22:36 . 2011-03-18 22:36 -------- d-----w- c:\users\user\AppData\Local\Immunet
2011-03-18 22:35 . 2011-03-19 07:46 -------- d-----w- c:\program files\Immunet Protect
2011-03-18 13:57 . 2011-03-18 13:58 -------- d-----w- c:\users\user\AppData\Local\{85FA5FB6-B6E4-43E4-947E-F67E4F263B92}
2011-03-17 11:05 . 2011-03-17 11:05 -------- d-----w- c:\users\user\AppData\Local\{AB57C472-C8CA-4799-A1D2-1F035DD316CB}
2011-03-15 22:05 . 2011-03-15 22:06 -------- d-----w- c:\users\user\AppData\Local\{0B93F8E6-5814-4385-9AC3-0C701E4CF955}
2011-03-14 14:47 . 2011-03-14 14:47 -------- d-----w- c:\users\user\AppData\Local\{2EED8CEE-6648-453E-B15D-19E3637BFCBA}
2011-03-13 09:54 . 2011-03-13 09:55 -------- d-----w- c:\users\user\AppData\Local\{AD2C5B7A-6B9D-492D-9E0E-8BE3AB161FBD}
2011-03-12 19:28 . 2011-03-12 19:36 -------- d-----w- c:\program files\DreaMule
2011-03-12 19:25 . 2011-03-12 19:25 -------- d-----w- c:\users\user\AppData\Local\COMODO
2011-03-12 10:26 . 2011-03-12 10:26 -------- d-----w- c:\users\user\AppData\Local\{5FD0F48B-4076-483C-98CB-91E265A368F8}
2011-03-11 21:48 . 2011-03-11 21:48 -------- d-----w- C:\Download
2011-03-11 21:47 . 2011-03-11 21:47 -------- d-----w- C:\YoutubeMusicDownloader
2011-03-11 09:41 . 2011-03-11 09:41 -------- d-----w- c:\users\user\AppData\Local\{1139E0BD-285B-4DF4-A5E7-5989F50BB89E}
2011-03-11 00:14 . 2011-03-11 00:14 -------- d-----w- c:\users\user\Tracing
2011-03-10 13:52 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 13:52 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 13:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 13:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 13:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 13:52 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 13:52 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-05 22:29 . 2011-03-05 22:29 -------- d-----w- c:\program files\Sports Interactive
2011-02-25 21:06 . 2011-02-25 21:06 -------- d-----w- c:\program files\COMODO
2011-02-25 20:21 . 2011-02-25 20:21 -------- d-----w- c:\program files\Recuva
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:46 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 15:32 . 2011-02-23 15:32 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-23 15:02 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-09 09:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-04-18 07:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-01 20:58 . 2011-02-01 21:00 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-01-24 15:39 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-07 07:46 . 2011-02-23 09:29 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 09:29 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 09:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-09 09:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 09:26 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 16:36 . 2011-01-06 16:36 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 16:36 . 2011-01-06 16:36 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 16:36 . 2011-01-06 16:36 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 16:36 . 2011-01-06 16:36 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-05 13:56 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-05 05:55 . 2011-02-09 09:27 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-09 09:27 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-01-04 11:31 . 2010-04-03 21:45 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-01-04 11:30 . 2010-04-03 21:27 47560 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-01-04 11:23 . 2010-04-03 21:28 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-01-04 11:23 . 2010-04-03 21:28 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-01-04 11:09 . 2010-04-03 21:27 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-12-30 17:47 . 2010-04-25 22:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-29 00:42 . 2010-12-29 00:42 285480 ----a-w- c:\windows\system32\guard32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-19_17.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 08:52 . 2011-03-27 09:33 62378 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-04-02 08:52 . 2011-03-19 12:22 62378 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-03-27 09:33 64972 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 08:15 . 2011-03-27 09:33 24344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633374088-4001182803-702579871-1000_UserData.bin
- 2010-04-02 07:47 . 2011-03-19 12:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2011-03-27 09:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 07:47 . 2011-03-19 12:21 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 07:47 . 2011-03-27 09:31 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-03-27 09:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-03-19 12:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-03-26 09:09 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:34 . 2011-03-12 10:13 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-27 10:06 . 2011-03-27 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-19 17:41 . 2011-03-19 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-19 17:41 . 2011-03-19 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-27 10:06 . 2011-03-27 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-02 21:14 . 2011-03-26 20:31 408698 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-04-02 17:19 . 2011-03-26 21:25 532064 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-02-17 19:48 . 2011-03-27 10:11 739748 c:\windows\System32\perfh010.dat
+ 2009-07-14 02:05 . 2011-03-27 10:11 652828 c:\windows\System32\perfh009.dat
+ 2010-02-17 19:48 . 2011-03-27 10:11 145674 c:\windows\System32\perfc010.dat
+ 2009-07-14 02:05 . 2011-03-27 10:11 120496 c:\windows\System32\perfc009.dat
+ 2011-03-21 10:35 . 2011-02-02 20:40 157472 c:\windows\System32\javaws.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 157472 c:\windows\System32\javaws.exe
+ 2011-03-21 10:35 . 2011-02-02 20:40 145184 c:\windows\System32\javaw.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 145184 c:\windows\System32\javaw.exe
+ 2011-03-21 10:35 . 2011-02-02 20:40 145184 c:\windows\System32\java.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 145184 c:\windows\System32\java.exe
+ 2009-07-14 04:47 . 2011-03-27 10:05 491800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-03-19 17:40 491800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-21 10:42 . 2011-03-21 10:42 183808 c:\windows\Installer\102082.msi
+ 2009-07-14 02:03 . 2011-03-24 13:01 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-02-23 15:07 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-10-29 12:28 . 2011-03-25 23:26 1474832 c:\windows\System32\drivers\sfi.dat
- 2010-10-29 12:28 . 2011-03-19 17:40 1474832 c:\windows\System32\drivers\sfi.dat
+ 2009-07-14 04:34 . 2011-03-24 14:04 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-03-10 15:39 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-12 18:14 . 2011-03-26 23:15 3693311 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-633374088-4001182803-702579871-1000-8192.dat
- 2010-12-12 18:14 . 2011-03-19 17:40 3693311 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-633374088-4001182803-702579871-1000-8192.dat
+ 2011-01-20 02:01 . 2011-03-24 12:50 115680255 c:\windows\winsxs\ManifestCache\ee9f676b8aa4122b_blobs.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-01-03 9340872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-26 20:12 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R0 ctsvgn;ctsvgn; [x]
R0 dcmwwg;dcmwwg; [x]
R0 ijbsgx;ijbsgx; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R0 wayuia;wayuia; [x]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2011-01-03 121288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 136176]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-01-24 16968]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-12-29 103552]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-12-29 116736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegKernelHelp;RegKernelHelp;c:\program files\Safe Returner\RegKernelHelp.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-06 17256]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 35768]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-12-30 98392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 208.67.222.222,208.67.220.220
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Copy Links: {76C80A11-FAD4-406c-8246-F5ED4F9367B5} - %profile%\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-633374088-4001182803-702579871-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-03-27 12:21:38
ComboFix-quarantined-files.txt 2011-03-27 10:21
ComboFix2.txt 2011-03-26 12:08
ComboFix3.txt 2011-03-19 17:53
.
Pre-Run: 133.725.220.864 byte disponibili
Post-Run: 133.817.843.712 byte disponibili
.
- - End Of File - - F6C26B1F4E2EDBB21EE9DFD33391F629
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3067.2655 [GMT 2:00]
Eseguito da: c:\users\user\Downloads\jj.exe
AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-27 al 2011-03-27 )))))))))))))))))))))))))))))))))))
.
.
2011-03-27 10:20 . 2011-03-27 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-27 08:46 . 2011-03-27 08:47 -------- d-----w- c:\users\user\AppData\Local\{2CA4FF5A-5C40-4E65-A578-30A5D61316FF}
2011-03-26 11:57 . 2011-03-26 12:08 -------- d-----w- C:\jj
2011-03-26 10:18 . 2011-03-26 10:18 -------- d-----w- c:\users\user\AppData\Local\{FA8BAB44-7365-4822-82D5-61C22050B0B1}
2011-03-25 12:21 . 2011-03-25 12:21 -------- d-----w- c:\users\user\AppData\Local\{C1858907-E88C-4285-972F-C5F91106E814}
2011-03-24 11:25 . 2011-03-24 11:25 -------- d-----w- c:\users\user\AppData\Local\{35D4C66C-F1AC-4824-8401-541242B0084A}
2011-03-23 11:39 . 2011-03-23 11:40 -------- d-----w- c:\users\user\AppData\Local\{4B86640B-969A-4CB6-811B-95093C666E48}
2011-03-22 09:43 . 2011-03-22 09:43 -------- d-----w- c:\users\user\AppData\Local\{45BD5B2C-E0B5-4995-A886-0B94CD0E7794}
2011-03-22 09:06 . 2011-03-22 09:06 -------- d-----w- c:\users\user\AppData\Local\{0B9067DD-80A4-45BC-82C7-F25907D0BE5F}
2011-03-21 15:26 . 2011-03-21 15:26 -------- d-----w- c:\users\user\AppData\Local\{D3A06F5E-2A79-44FE-8D10-2EF8437B93D3}
2011-03-20 21:31 . 2011-03-20 21:31 -------- d-----w- c:\users\user\AppData\Local\{53C8DAFE-86FA-4A2D-A7CA-5EB120376FBA}
2011-03-20 09:15 . 2011-03-20 09:15 -------- d-----w- c:\users\user\AppData\Local\{58B954B6-C381-4E82-9FBD-FE073ACADE20}
2011-03-19 18:46 . 2011-03-19 18:46 -------- d-----w- C:\VritualRoot
2011-03-19 17:53 . 2011-03-27 10:20 -------- d-----w- c:\users\user\AppData\Local\temp
2011-03-19 08:07 . 2011-03-19 08:07 -------- d-----w- c:\users\user\AppData\Local\{DBCD1B9D-8B4D-4575-A621-81D9AD0C22FA}
2011-03-18 22:36 . 2011-03-18 23:18 -------- d-----w- c:\programdata\Immunet
2011-03-18 22:36 . 2011-03-18 22:36 -------- d-----w- c:\users\user\AppData\Local\Immunet
2011-03-18 22:35 . 2011-03-19 07:46 -------- d-----w- c:\program files\Immunet Protect
2011-03-18 13:57 . 2011-03-18 13:58 -------- d-----w- c:\users\user\AppData\Local\{85FA5FB6-B6E4-43E4-947E-F67E4F263B92}
2011-03-17 11:05 . 2011-03-17 11:05 -------- d-----w- c:\users\user\AppData\Local\{AB57C472-C8CA-4799-A1D2-1F035DD316CB}
2011-03-15 22:05 . 2011-03-15 22:06 -------- d-----w- c:\users\user\AppData\Local\{0B93F8E6-5814-4385-9AC3-0C701E4CF955}
2011-03-14 14:47 . 2011-03-14 14:47 -------- d-----w- c:\users\user\AppData\Local\{2EED8CEE-6648-453E-B15D-19E3637BFCBA}
2011-03-13 09:54 . 2011-03-13 09:55 -------- d-----w- c:\users\user\AppData\Local\{AD2C5B7A-6B9D-492D-9E0E-8BE3AB161FBD}
2011-03-12 19:28 . 2011-03-12 19:36 -------- d-----w- c:\program files\DreaMule
2011-03-12 19:25 . 2011-03-12 19:25 -------- d-----w- c:\users\user\AppData\Local\COMODO
2011-03-12 10:26 . 2011-03-12 10:26 -------- d-----w- c:\users\user\AppData\Local\{5FD0F48B-4076-483C-98CB-91E265A368F8}
2011-03-11 21:48 . 2011-03-11 21:48 -------- d-----w- C:\Download
2011-03-11 21:47 . 2011-03-11 21:47 -------- d-----w- C:\YoutubeMusicDownloader
2011-03-11 09:41 . 2011-03-11 09:41 -------- d-----w- c:\users\user\AppData\Local\{1139E0BD-285B-4DF4-A5E7-5989F50BB89E}
2011-03-11 00:14 . 2011-03-11 00:14 -------- d-----w- c:\users\user\Tracing
2011-03-10 13:52 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 13:52 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 13:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 13:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 13:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 13:52 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 13:52 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-05 22:29 . 2011-03-05 22:29 -------- d-----w- c:\program files\Sports Interactive
2011-02-25 21:06 . 2011-02-25 21:06 -------- d-----w- c:\program files\COMODO
2011-02-25 20:21 . 2011-02-25 20:21 -------- d-----w- c:\program files\Recuva
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 13:46 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 15:32 . 2011-02-23 15:32 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-23 15:02 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-09 09:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-04-18 07:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-01 20:58 . 2011-02-01 21:00 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-01-24 15:39 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-07 07:46 . 2011-02-23 09:29 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 09:29 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 09:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-09 09:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 09:26 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 16:36 . 2011-01-06 16:36 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 16:36 . 2011-01-06 16:36 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 16:36 . 2011-01-06 16:36 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 16:36 . 2011-01-06 16:36 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-05 13:56 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-05 05:55 . 2011-02-09 09:27 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-09 09:27 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-01-04 11:31 . 2010-04-03 21:45 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-01-04 11:30 . 2010-04-03 21:27 47560 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-01-04 11:23 . 2010-04-03 21:28 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-01-04 11:23 . 2010-04-03 21:28 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-01-04 11:09 . 2010-04-03 21:27 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2010-12-30 17:47 . 2010-04-25 22:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-29 00:42 . 2010-12-29 00:42 285480 ----a-w- c:\windows\system32\guard32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-19_17.52.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 08:52 . 2011-03-27 09:33 62378 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-04-02 08:52 . 2011-03-19 12:22 62378 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-03-27 09:33 64972 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 08:15 . 2011-03-27 09:33 24344 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633374088-4001182803-702579871-1000_UserData.bin
- 2010-04-02 07:47 . 2011-03-19 12:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2011-03-27 09:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 07:47 . 2011-03-19 12:21 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 07:47 . 2011-03-27 09:31 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-03-27 09:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-03-19 12:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-03-26 09:09 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:34 . 2011-03-12 10:13 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 16:59 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2011-03-19 12:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2011-03-27 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-27 10:06 . 2011-03-27 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-19 17:41 . 2011-03-19 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-19 17:41 . 2011-03-19 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-27 10:06 . 2011-03-27 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-02 21:14 . 2011-03-26 20:31 408698 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-04-02 17:19 . 2011-03-26 21:25 532064 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-02-17 19:48 . 2011-03-27 10:11 739748 c:\windows\System32\perfh010.dat
+ 2009-07-14 02:05 . 2011-03-27 10:11 652828 c:\windows\System32\perfh009.dat
+ 2010-02-17 19:48 . 2011-03-27 10:11 145674 c:\windows\System32\perfc010.dat
+ 2009-07-14 02:05 . 2011-03-27 10:11 120496 c:\windows\System32\perfc009.dat
+ 2011-03-21 10:35 . 2011-02-02 20:40 157472 c:\windows\System32\javaws.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 157472 c:\windows\System32\javaws.exe
+ 2011-03-21 10:35 . 2011-02-02 20:40 145184 c:\windows\System32\javaw.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 145184 c:\windows\System32\javaw.exe
+ 2011-03-21 10:35 . 2011-02-02 20:40 145184 c:\windows\System32\java.exe
- 2010-12-27 12:06 . 2010-11-12 17:53 145184 c:\windows\System32\java.exe
+ 2009-07-14 04:47 . 2011-03-27 10:05 491800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-03-19 17:40 491800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-21 10:42 . 2011-03-21 10:42 183808 c:\windows\Installer\102082.msi
+ 2009-07-14 02:03 . 2011-03-24 13:01 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-02-23 15:07 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-10-29 12:28 . 2011-03-25 23:26 1474832 c:\windows\System32\drivers\sfi.dat
- 2010-10-29 12:28 . 2011-03-19 17:40 1474832 c:\windows\System32\drivers\sfi.dat
+ 2009-07-14 04:34 . 2011-03-24 14:04 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2011-03-10 15:39 5980439 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-12 18:14 . 2011-03-26 23:15 3693311 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-633374088-4001182803-702579871-1000-8192.dat
- 2010-12-12 18:14 . 2011-03-19 17:40 3693311 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-633374088-4001182803-702579871-1000-8192.dat
+ 2011-01-20 02:01 . 2011-03-24 12:50 115680255 c:\windows\winsxs\ManifestCache\ee9f676b8aa4122b_blobs.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-01-03 9340872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-17 2548552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-26 20:12 136176 ----atw- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R0 ctsvgn;ctsvgn; [x]
R0 dcmwwg;dcmwwg; [x]
R0 ijbsgx;ijbsgx; [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R0 wayuia;wayuia; [x]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2011-01-03 121288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-06 236600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 136176]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-01-24 16968]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-12-29 103552]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-12-29 116736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegKernelHelp;RegKernelHelp;c:\program files\Safe Returner\RegKernelHelp.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-01-06 17256]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-06 35768]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-12-30 98392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 208.67.222.222,208.67.220.220
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Copy Links: {76C80A11-FAD4-406c-8246-F5ED4F9367B5} - %profile%\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-633374088-4001182803-702579871-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-03-27 12:21:38
ComboFix-quarantined-files.txt 2011-03-27 10:21
ComboFix2.txt 2011-03-26 12:08
ComboFix3.txt 2011-03-19 17:53
.
Pre-Run: 133.725.220.864 byte disponibili
Post-Run: 133.817.843.712 byte disponibili
.
- - End Of File - - F6C26B1F4E2EDBB21EE9DFD33391F629
Gmer si interrompe mentre cerco di scansionare
Avete qualche suggerimento ?