www.MegaLab.it

da **torch** » ven mag 14, 2010 9:43 pm

Salve a tutti,

ho appena ricevuto da Avira (aggiornato), la segnalazione di una quindicina di dati residenti nella cartella C:\WINDOWS\system32\drivers
fra i quali:

iynqkam.sys , xgktvfe.sys, OLD7V.sys , OLD80.sys, OLD84.sys , OLD88.sys

Ho pulito, e mi sembra che il tutto sia tornato alla normalità.

Voi che controlli mi consigliate di fare?

Immagino che mi siano arrivate le schifezze da una chiavetta dal qual ho trasferito dei dati, nel pomeriggio di oggi.

Grazie,
torcH

da **stevens** » ven mag 14, 2010 10:24 pm

ciao

disattiva l'antivirus

scarica combofix sul desktop

tenendo premuto il tasto SHIFT nella tastiera in basso a sinistra inserisci la chiavetta e rilascia il tasto dopo qualche secondo

Avvia la scansione
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

da **torch** » ven mag 14, 2010 11:25 pm

Ecco qui. Grazie

ComboFix 10-05-14.06 - TRH 14/05/2010 23:48:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2504 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\TRH\IMPOST~1\Temp\svchost.exe
c:\documents and settings\TRH\Dati applicazioni\7za.exe
c:\documents and settings\TRH\Dati applicazioni\avdrn.dat
c:\documents and settings\TRH\Dati applicazioni\chrtmp
c:\documents and settings\TRH\Dati applicazioni\inst.exe
c:\documents and settings\TRH\Dati applicazioni\setup.exe
c:\documents and settings\TRH\g2mdlhlpx.exe
c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\wwwzuc32.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\st325602.dll
c:\windows\system32\VB40032.DLL

.
((((((((((((((((((((((((( Files Creati Da 2010-04-14 al 2010-05-14 )))))))))))))))))))))))))))))))))))
.

2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- C:\32788R22FWJFW
2010-05-14 20:22 . 2010-05-14 21:58 755200 ----a-w- c:\windows\system32\drivers\iynqkam.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-14 20:21 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-14 20:19 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-14 20:06 . 2010-05-14 20:21 -------- d-----w- c:\windows\LastGood
2010-05-14 18:20 . 2010-05-14 18:20 551912 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 13:16 -------- d-----w- c:\windows\LastGood.Tmp
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-10 15:20 . 2010-02-16 08:22 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26 . 2010-05-12 22:32 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25 . 2010-05-12 22:32 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:52 . 2004-08-19 12:00 621414 ----a-w- c:\windows\system32\perfh010.dat
2010-05-13 10:52 . 2004-08-19 12:00 129250 ----a-w- c:\windows\system32\perfc010.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-13 09:32 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-18 17:28 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-29 22:46 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2010-01-12 04:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-26 10:00 . 2010-03-26 10:00 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\TuneUp Software
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service -->

e:\scanner\abbyy\NetworkLicenseServer.exe -service [?]

R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" -->

c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager [?]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run -->

c:\windows\system32\hasplms.exe -run [?]

R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [12/01/2010 06:36 236368]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20824]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys -->

c:\windows\system32\drivers\CFRMD.sys [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys -->

c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys -->

c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - I2OMGMT
*Deregistered* - iynqkam
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{05F914F6-39FC-36DA-B369-34D32863C5E6} - (no file)
MSConfigStartUp-QuickTime Task - c:\programmi\QuickTime\qttask.exe
AddRemove-ArchShaders for V-Ray vol.1_is1 - d:\archshaders\archshaders\uninstall\unins000.exe
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\programmi\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\programmi\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log
AddRemove-V-Ray Material Presets Pro - d:\3dsmax2010\3ds Max 2010\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 23:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iynqkam]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabjodhgbhkbiccepoekoafbipib"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,
6d,6d,64,62,6b,65,67,70,00,ff
"malhcajkmkogmnaoocakkcpilj"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,6d,
6d,64,62,6b,65,67,70,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
Ora fine scansione: 2010-05-15 00:02:37
ComboFix-quarantined-files.txt 2010-05-14 22:02

Pre-Run: 1.889.021.952 byte disponibili
Post-Run: 2.104.098.816 byte disponibili

- - End Of File - - 05C02E74352D22EC516CBB6240A31197

da **torch** » sab mag 15, 2010 1:00 am

dimenticavo... Ad un certo punto della scansione, verso l'inizio, è comparso un messaggio di errore diguardante il file dumphive.cfxxe .
Una volta chiusa la segnalazione, la scansione ha proceduto correttamente.
torcH

da **torch** » sab mag 15, 2010 2:00 am

Altra cosa: Sempre con Combofix, fra lo stage 2 e lo stage 3, avira rileva un file malevolo (che segnala come rootkit rkit/bubnix.s) in C:\combofix\N_\testme

da **stevens** » sab mag 15, 2010 10:30 am

combofix ti ha eliminato anche un rootkit

ora procedi in questo modo

apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

File::
c:\windows\system32\drivers\iynqkam.sys
c:\windows\NV48165944.TMP
c:\windows\NV33083936.TMP

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iynqkam]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\iynqkam]

Driver::
iynqkam

NetSvcs::
iynqkam

salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

poi.....

vai qui e analizza questo file

c:\windows\system32\drivers\CFRMD.sys

potrebbe essere legittimo ma meglio fare un controllo

da **torch** » sab mag 15, 2010 11:07 am

Stevens, buongiorno.

Anzitutto, ti ringrazio per l'aiuto.

Ho fatto quanto mi hai suggerito: ho copiato lo script e l'ho trascinato sopra all'icona di combofix.
Il sistema si è riavviato, ma ora, subito dopo aver caricato il desktop, (e qunado, penso, dovrebbe cominciare a lavorare combofix) il sistema si pianta con la schermata che vado ad allegare.

E' 4 volte che riavvio, 4 volte che si pianta.

Help!

Grazie

da **stevens** » sab mag 15, 2010 11:19 am

quell'errore visto cosi' e' troppo generico, ci vogliono altre informazioni

per ora dovresti postarmi il log di combofix ottenuto con questa scansione, elimina l'altro

da **torch** » sab mag 15, 2010 11:23 am

Il problema è che il pc sipianta con schermata blu, e sono costretto a riavviare. Provo in modalità provvisioria.
(ho provato a sostituire i moduli della ram con 2 nuovi che avevo, ed il problema persiste).

da **torch** » sab mag 15, 2010 11:29 am

Ho avviato in modalità provvisoria ed il pc così non crasha.
Ma in c: trovo solo il log vecchio di combofix, quello di ieri.
Sembra che il pc vada in crash prima di fargli fare la scansione e di generare il log.

da **torch** » sab mag 15, 2010 11:39 am

Aggiornamento.

Ho eliminato il vecchio log in modalità provvisoria.
Ho riavviato in modalità "normale"
ed il pc continua a dare la stessa schermata blu.

da **torch** » sab mag 15, 2010 12:55 pm

Ho eseguito combofix in modalitaà provvisoria(non so se possa servire, il fatto è che non ho proprio modo
di avviare il sistema in modalità normale).
Continua a crashare appena compare.

ComboFix 10-05-14.06 - TRH 15/05/2010 13:13:17.5.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1608 [GMT 2:00]
Eseguito da: C:\Documents and Settings\TRH\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-14 23:21:40 . 2010-05-14 23:21:40 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18:39 . 2010-05-14 23:18:40 -------- d-----w- C:\Programmi\File comuni\Topaz Labs
2010-05-14 21:40:11 . 2010-05-14 21:40:11 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:22:38 . 2010-05-15 11:18:11 755200 ----a-w- C:\WINDOWS\system32\drivers\iynqkam.sys
2010-05-14 20:21:20 . 2008-04-13 17:41:22 8576 -c--a-w- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2010-05-14 20:21:20 . 2008-04-13 17:41:22 8576 ----a-w- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-05-14 20:19:17 . 2008-04-13 17:40:58 8192 -c--a-w- C:\WINDOWS\system32\dllcache\changer.sys
2010-05-14 20:06:29 . 2010-05-14 20:21:46 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2010-05-13 16:59:02 . 2010-05-13 16:59:02 4286 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15:41 . 2007-08-01 23:45:00 335872 ----a-w- C:\WINDOWS\system32\nvwrses.dll
2010-05-13 13:01:32 . 2010-05-13 12:32:30 23456 ----a-w- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2010-05-13 12:32:30 . 2010-05-13 13:01:32 -------- d-----w- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43:21 . 2010-05-13 11:43:29 -------- d-----w- C:\WINDOWS\NV33083936.TMP
2010-05-13 11:40:56 . 2010-05-13 11:40:56 -------- d-----w- C:\Dell
2010-05-10 15:20:18 . 2010-02-16 08:22:53 38784 ----a-w- C:\Documents and Settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22:12 . 2007-11-17 01:03:00 356352 ----a-w- C:\WINDOWS\system32\nvudisp.exe
2010-05-07 13:20:30 . 2007-11-16 12:37:18 356352 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE
2010-05-07 13:02:03 . 2010-05-07 13:02:07 -------- d-----w- C:\WINDOWS\NV48165944.TMP
2010-05-07 09:11:33 . 2003-06-25 14:05:08 266360 ----a-w- C:\WINDOWS\system32\TweakUI.exe
2010-05-05 18:45:22 . 2010-05-05 21:07:31 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45:14 . 2010-05-05 18:45:14 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11:05 . 2010-05-04 20:11:05 -------- d-----w- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11:05 . 2010-05-04 20:11:05 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08:56 . 2010-05-04 20:08:56 878080 ----a-w- C:\WINDOWS\system32\iconv.dll
2010-05-04 20:08:56 . 2010-05-04 20:08:56 150016 ----a-w- C:\WINDOWS\system32\libxslt.dll
2010-05-04 20:08:55 . 2010-05-04 20:08:56 721920 ----a-w- C:\WINDOWS\system32\libxml2.dll
2010-05-04 20:08:55 . 2010-05-04 20:08:55 51200 ----a-w- C:\WINDOWS\system32\libexslt.dll
2010-05-04 20:06:53 . 2007-03-24 10:45:48 57344 ----a-r- C:\WINDOWS\system32\libsyslic1.dll
2010-05-04 20:06:53 . 2007-03-13 23:57:54 144896 ----a-r- C:\WINDOWS\system32\libsyslic1.original.dll
2010-05-04 13:46:17 . 2010-05-04 13:46:17 -------- d-----w- C:\Programmi\Citrix
2010-05-04 12:47:33 . 2009-02-09 08:42:42 99968 ----a-w- C:\WINDOWS\system32\drivers\hxctlflt.sys
2010-05-04 12:44:32 . 2009-10-19 15:30:28 23848 ----a-w- C:\WINDOWS\system32\libcmmn.dll
2010-05-04 12:44:32 . 2009-10-19 15:30:22 681256 ----a-w- C:\WINDOWS\system32\WebCamPropertyWindow.dll
2010-05-04 12:44:32 . 2008-12-12 16:34:44 73728 ----a-w- C:\WINDOWS\system32\BurnerApLib.dll
2010-05-04 12:44:32 . 2008-10-09 09:02:28 102400 ----a-w- C:\WINDOWS\system32\st50220.dll
2010-05-02 00:12:35 . 2010-05-02 00:12:35 36864 ----a-w- C:\Documents and Settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08:13 . 2006-11-22 05:20:00 348160 ----a-w- C:\WINDOWS\system32\WkExt32.dll
2010-05-01 19:08:13 . 2006-11-02 05:20:00 479232 ----a-w- C:\WINDOWS\system32\wibuKJni.dll
2010-05-01 19:08:11 . 2000-10-18 02:00:00 57552 ----a-w- C:\WINDOWS\system32\WkDos.exe
2010-05-01 19:08:07 . 2006-11-09 05:20:00 16384 ----a-w- C:\WINDOWS\system32\drivers\Wibukey2.sys
2010-05-01 19:08:06 . 2006-11-22 05:20:00 72704 ----a-w- C:\WINDOWS\system32\drivers\WibuKey.sys
2010-05-01 19:08:06 . 2006-11-22 05:20:00 159744 ----a-w- C:\WINDOWS\system32\WkWin32.dll
2010-05-01 19:08:04 . 2010-05-01 19:08:04 -------- d-----w- C:\Programmi\WIBUKEY
2010-05-01 19:08:04 . 2010-05-01 19:08:04 -------- d-----w- C:\Programmi\WIBU-SYSTEMS
2010-05-01 15:56:25 . 2010-05-01 15:57:47 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14:09 . 2010-04-29 20:14:09 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16:49 . 2010-04-29 16:18:02 -------- d-----w- C:\Documents and Settings\All Users\Personal Translator
2010-04-29 07:05:38 . 2010-04-29 07:05:38 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04:10 . 2010-04-29 07:04:10 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26:01 . 2010-05-12 22:32:31 304096 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25:58 . 2010-05-12 22:32:28 302848 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28:51 . 2010-04-23 09:28:51 10 ----a-w- C:\WINDOWS\popcinfo.dat
2010-04-23 09:16:56 . 2010-04-23 09:16:56 -------- d-----w- C:\Programmi\MozBackup
2010-04-21 20:15:41 . 2010-04-21 20:15:41 -------- d-----w- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59:43 . 1999-02-16 06:02:24 49664 ----a-w- C:\WINDOWS\SSMaui Wowee.scr
2010-04-20 00:57:21 . 2004-09-20 14:00:28 802816 ----a-w- C:\WINDOWS\FeedingFrenzy.scr
2010-04-20 00:56:19 . 2005-01-07 09:39:00 57344 ----a-w- C:\WINDOWS\system32\Big Kahuna Reef.scr
2010-04-20 00:55:38 . 2005-08-03 11:48:54 389120 ----a-w- C:\WINDOWS\Adventure Inlay.scr
2010-04-18 17:49:07 . 2009-10-26 03:47:30 4221952 ----a-w- C:\WINDOWS\system32\drivers\NETw5x32.sys
2010-04-18 17:49:07 . 2008-06-20 07:33:34 2756608 ----a-w- C:\WINDOWS\system32\NETw5r32.dll
2010-04-18 17:49:07 . 2008-06-20 07:32:32 663552 ----a-w- C:\WINDOWS\system32\NETw5c32.dll
2010-04-18 17:48:37 . 2010-04-18 17:48:37 -------- d-----w- C:\Programmi\File comuni\Intel
2010-04-18 16:34:26 . 2010-04-18 16:34:26 22798 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34:26 . 2010-04-18 16:34:26 22798 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34:22 . 2010-04-18 16:34:23 -------- d-----w- C:\Programmi\Microsoft Location Finder
2010-04-18 10:16:40 . 2010-04-18 10:16:40 -------- d-----w- C:\Programmi\Widget vodafone.it
2010-04-18 00:00:04 . 2010-04-18 00:05:04 -------- d-----w- C:\Programmi\File comuni\Akamai
2010-04-17 07:58:04 . 2010-04-17 07:58:05 -------- d-----w- C:\Programmi\iPod
2010-04-17 07:57:08 . 2010-04-17 07:57:10 -------- d-----w- C:\Programmi\Apple Software Update
2010-04-17 07:56:54 . 2009-10-16 00:33:06 41472 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2010-04-17 07:56:54 . 2009-10-16 00:33:06 3003680 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2010-04-17 07:03:12 . 2008-08-26 07:26:12 18816 ----a-w- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-04-17 07:03:04 . 2010-04-17 07:03:06 -------- d-----w- C:\Programmi\PC Connectivity Solution
2010-04-17 07:02:14 . 2010-02-26 11:32:52 662016 ----a-w- C:\WINDOWS\system32\nmwcdcocls.dll
2010-04-17 07:02:14 . 2010-02-26 11:32:44 18176 ----a-w- C:\WINDOWS\system32\drivers\ccdcmb.sys
2010-04-17 07:02:14 . 2010-02-26 11:19:00 1461992 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-04-16 21:26:18 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll
2010-04-16 21:25:08 . 2010-04-16 21:26:17 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 18:10:15 . 2010-04-15 18:10:15 13094 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10:15 . 2010-04-15 18:10:15 13094 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10:15 . 2010-04-15 18:10:15 1078 ----a-r- C:\Documents and Settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10:08 . 2010-04-15 18:10:08 -------- d-----w- C:\Programmi\Planetside Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40:14 . 2004-08-19 12:00:00 620804 ----a-w- C:\WINDOWS\system32\perfh010.dat
2010-05-15 09:40:14 . 2004-08-19 12:00:00 128830 ----a-w- C:\WINDOWS\system32\perfc010.dat
2010-05-15 00:32:17 . 2010-01-12 04:36:39 -------- d-----w- C:\Programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12:24 . 2010-03-13 09:19:12 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11:23 . 2009-12-30 15:53:58 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16:04 . 2010-05-14 20:15:52 16 ----a-w- C:\Documents and Settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46:50 . 2009-10-09 13:07:37 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17:28 . 2008-12-11 11:23:55 11691 ----a-w- C:\WINDOWS\system32\nvModes.dat
2010-05-13 23:48:54 . 2009-01-05 17:29:19 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37:13 . 2009-01-13 09:55:24 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-05-13 14:28:26 . 2010-05-13 14:28:14 16 ----a-w- C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46:11 . 2008-12-16 13:16:26 -------- d-----w- C:\Programmi\Microsoft.NET
2010-05-12 06:59:38 . 2008-12-16 13:13:36 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25:04 . 2008-12-16 14:20:56 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25:04 . 2008-12-16 14:19:55 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17:12 . 2008-12-16 14:54:44 -------- d-----w- C:\Programmi\Autodesk
2010-05-11 19:24:20 . 2010-04-03 21:16:47 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27:44 . 2010-02-13 10:05:21 -------- d---a-w- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50:40 . 2009-01-10 17:37:18 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02:55 . 2010-04-03 21:16:47 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27:45 . 2008-12-12 21:12:55 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22:34 . 2009-09-27 17:33:11 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13:57 . 2010-05-05 12:13:57 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13:56 . 2010-05-05 12:13:56 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48:19 . 2008-12-16 14:54:44 -------- d-----w- C:\Programmi\File comuni\Autodesk Shared
2010-05-04 20:11:26 . 2008-12-11 11:12:13 -------- d--h--w- C:\Programmi\InstallShield Installation Information
2010-05-04 13:59:15 . 2008-12-16 12:28:53 66632 ----a-w- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06:21 . 2008-12-11 13:44:13 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04:57 . 2008-12-16 17:53:01 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58:27 . 2009-10-05 13:03:00 -------- d-----w- C:\Programmi\Unlocker
2010-05-04 12:51:42 . 2009-07-29 17:12:14 -------- d-----w- C:\Programmi\Hercules
2010-05-04 10:08:38 . 2008-12-12 21:25:31 -------- d-----w- C:\Programmi\File comuni\Adobe
2010-05-01 19:47:45 . 2009-04-16 19:37:02 -------- d-----w- C:\Programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35:55 . 2008-12-16 12:27:37 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39:38 . 2010-01-12 04:36:43 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39:26 . 2010-01-12 04:36:39 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-22 09:39:26 . 2009-01-29 09:12:30 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Canon
2010-04-17 08:47:45 . 2010-03-21 22:28:55 -------- d-----w- C:\Programmi\SatHunter
2010-04-17 08:32:12 . 2010-01-19 11:06:39 -------- d-----w- C:\Programmi\Aide PDF to DXF Converter
2010-04-17 07:58:03 . 2008-12-11 13:41:14 -------- d-----w- C:\Programmi\File comuni\Apple
2010-04-17 07:12:33 . 2008-12-11 11:09:01 -------- d-----w- C:\Programmi\Intel
2010-04-17 07:01:54 . 2009-03-25 14:25:15 -------- d-----w- C:\Programmi\Nokia
2010-04-09 13:12:41 . 2009-04-06 17:44:35 -------- d-----w- C:\Programmi\Google
2010-04-08 14:39:20 . 2010-04-23 09:37:23 642560 ----a-w- C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28:57 . 2010-04-03 14:28:57 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28:54 . 2010-04-03 14:28:54 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16:57 . 2009-01-06 20:51:06 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03:07 . 2009-01-06 20:50:37 -------- d-----w- C:\Programmi\File comuni\Nokia
2010-04-01 19:01:33 . 2010-04-01 19:01:32 12212040 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01:30 . 2010-04-01 19:01:29 13930312 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01:26 . 2010-04-01 19:01:26 77824 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01:26 . 2010-04-01 19:01:26 61440 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01:26 . 2010-04-01 19:01:26 58880 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01:26 . 2010-04-01 19:01:26 50000 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42:34 . 2010-04-01 18:42:34 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42:33 . 2010-04-01 18:42:35 98366952 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06:28 . 2010-03-31 21:06:27 -------- d-----w- C:\Programmi\Bonjour
2010-03-27 18:49:40 . 2010-03-27 18:49:40 1875108 ----a-w- C:\Documents and Settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49:40 . 2010-03-27 18:49:40 1875108 ----a-w- C:\Documents and Settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14:36 . 2010-03-24 17:14:36 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36:22 . 2010-03-21 23:35:18 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38:53 . 2010-03-21 17:38:53 -------- d-----w- C:\Programmi\AutoDWG
2010-03-21 16:28:17 . 2010-03-20 21:21:07 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25:55 . 2010-03-20 21:21:34 -------- d-----w- C:\Programmi\DivX
2010-03-21 16:23:43 . 2010-03-20 21:25:40 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36:05 . 2010-03-21 12:36:05 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36:03 . 2010-03-21 12:36:03 -------- d-----w- C:\Programmi\NortonInstaller
2010-03-20 21:21:00 . 2010-03-20 21:25:40 986904 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10:17 . 2010-03-20 19:10:17 -------- d-----w- C:\Documents and Settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04:41 . 2010-03-20 19:04:41 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47:22 . 2010-03-18 14:47:22 17760 ----a-w- C:\WINDOWS\system32\aspnet_counters.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 771424 ----a-w- C:\WINDOWS\system32\msvcr100_clr0400.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 70472 ----a-w- C:\WINDOWS\system32\dxva2.dll
2010-03-18 11:16:28 . 2010-03-18 11:16:28 486216 ----a-w- C:\WINDOWS\system32\evr.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 99176 ----a-w- C:\WINDOWS\system32\PresentationHostProxy.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 49488 ----a-w- C:\WINDOWS\system32\netfxperf.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll
2010-03-18 08:09:00 . 2010-03-18 08:09:00 295264 ----a-w- C:\WINDOWS\system32\PresentationHost.exe
2010-03-10 06:15:53 . 2004-08-19 12:00:00 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-05 08:13:40 . 2007-03-12 13:02:26 947472 ----a-w- C:\WINDOWS\system32\msjava.dll
2010-03-02 21:18:16 . 2009-01-14 19:55:03 20 ---h--w- C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32:50 . 2009-01-06 20:49:40 92672 ----a-w- C:\WINDOWS\system32\nmwcdcls.dll
2010-02-25 06:16:35 . 2006-03-04 03:34:07 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2004-08-19 12:00:00 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-16 19:05:03 . 2005-03-30 17:35:41 2149888 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 19:05:02 . 2005-03-30 17:35:39 2028032 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-16 11:05:29 . 2010-02-16 11:05:29 16712 ----a-w- C:\WINDOWS\system32\AcSignExtRes.dll
2009-05-14 20:02:10 . 2009-05-14 20:02:10 3392872 ----a-w- C:\Programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02:10 . 2009-05-14 20:02:10 3298152 ----a-w- C:\Programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="E:\Masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 14:16:16 171464]
"i8kfangui"="C:\Programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 16:58:12 856064]
"Google Update"="C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 16:54:56 133104]
"Gadwin PrintScreen Pro"="C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 17:39:04 516096]
"MNS"="C:\Programmi\Mobile Net Switch\MNS.exe" [2009-02-19 15:54:50 1047552]
"ISUSPM"="C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 08:50:42 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48:02 761947]
"SigmatelSysTrayApp"="C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 09:22:32 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 02:14:25 110592]
"AdobeCS4ServiceManager"="C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 06:58:34 611712]
"COMODO Internet Security"="E:\Sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 21:30:33 1800464]
"Dell QuickSet"="C:\Programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 17:51:42 1032192]
"LVCOMS"="C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 15:54:04 127022]
"GrooveMonitor"="E:\Sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 09:44:34 31072]
"Acrobat Assistant 8.0"="E:\AdobeAcrobatPro\Acrobat\Acrotray.exe" [2008-06-11 21:43:26 640376]
"avgnt"="C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:52 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 16:55:10 55824]
"AppleSyncNotifier"="C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 19:58:34 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 23:45:00 67584]
"QuickTime Task"="E:\Players\Quicktime\QTTask.exe" [2010-03-17 19:53:36 421888]
"IntelZeroConfig"="C:\Programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 13:45:48 1372160]
"IntelWireless"="C:\Programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 13:35:14 1202448]
"iTunesHelper"="E:\Audio\iTunes\iTunesHelper.exe" [2010-03-25 23:10:02 142120]
"AdobeAAMUpdater-1.0"="C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208]
"AdobeCS5ServiceManager"="C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 02:57:06 406992]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:52 952768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-13 17:26:00 7700480]
"nwiz"="nwiz.exe" [2007-08-01 23:45:00 1626112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-02-13 17:26:00 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:14:03 15360]

C:\Documents and Settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - C:\Documents and Settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28:42 72208 ----a-w- c:\Programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10:02 142120 ----a-w- E:\Audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55:32 54832 ----a-w- E:\Players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57:36 1451520 ----a-w- C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37:40 69216 ------w- E:\Players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11:12 25623336 ----a-r- E:\Internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"E:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"E:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"E:\\Internet\\uTorrent\\uTorrent.exe"=
"E:\\Internet\\Mirc\\mirc.exe"=
"C:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Internet\\eMule\\emule.exe"=
"E:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"E:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"E:\\Internet\\Firefox\\firefox.exe"=
"C:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"E:\\Internet\\SoulseekNS\\slsk.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"E:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"D:\\3dsMax2010\\3dsmax.exe"=
"D:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"D:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"C:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"E:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"E:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"E:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"E:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"E:\\Architettura\\Maya2010\\bin\\maya.exe"=
"E:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"E:\\Audio\\iTunes\\iTunes.exe"=
"E:\\Internet\\Skype\\Phone\\Skype.exe"=
"E:\\Architettura\\Backburner\\monitor.exe"=
"E:\\Architettura\\Backburner\\manager.exe"=
"E:\\Architettura\\Backburner\\server.exe"=
"E:\\Architettura\\3dMax2011\\3dsmax.exe"=
"E:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"E:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"E:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"E:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"E:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

S0 CFRMD;CFRMD;C:\WINDOWS\system32\drivers\CFRMD.sys -->

C:\WINDOWS\system32\drivers\CFRMD.sys [?]

S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [16/12/2008 15:04:33 685816]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdguard.sys [11/12/2008 14:54:01 132808]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [11/12/2008 14:54:01 25160]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\C:\DOCUME~1\TRH\IMPOST~1\Temp\VSPE.sys -->

C:\DOCUME~1\TRH\IMPOST~1\Temp\VSPE.sys [?]

S1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [17/06/2009 00:57:01 14464]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;E:\Scanner\abbyy\NetworkLicenseServer.exe -service -->

E:\Scanner\abbyy\NetworkLicenseServer.exe -service [?]

S2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06:56 1431440]
S2 ArchVision Content Manager Service;ArchVision Content Manager Service;C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "C:\Programmi\ArchVision\ArchVision Content Manager" -->

C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path C:\Programmi\ArchVision\ArchVision Content Manager [?]

S2 CAMTHWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38:24 941784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16:28 130384]
S2 cpwnt;cpwnt;C:\WINDOWS\system32\drivers\cpwnt.sys [16/01/2009 23:52:09 21824]
S2 gupdate;Google Update Service (gupdate);C:\Programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34:17 133104]
S2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run -->

C:\WINDOWS\system32\hasplms.exe -run [?]

S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36:24 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;E:\Architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10:38 86016]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08:52 3575808]
S2 WDDMService;WD SmartWare Drive Manager;C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44:16 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58:08 20480]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\drivers\camfilt2.sys [29/07/2009 19:14:36 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;C:\WINDOWS\system32\drivers\hpx9g2k.sys [06/01/2009 11:24:00 12658]
S3 hxctlflt;hxctlflt;C:\WINDOWS\system32\drivers\hxctlflt.sys [04/05/2010 14:47:33 99968]
S3 ivusb;Initio Driver for USB Default Controller;C:\WINDOWS\system32\DRIVERS\ivusb.sys -->

C:\WINDOWS\system32\DRIVERS\ivusb.sys [?]

S3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [12/01/2010 06:36:39 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\NANMp50.sys [03/01/2010 17:25:38 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;C:\WINDOWS\system32\drivers\NANSp50.sys [03/01/2010 17:25:38 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\drivers\wdcsam.sys [11/03/2010 19:50:56 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16:28 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;C:\Programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28:58 47128]
S4 RsFx0102;RsFx0102 Driver;C:\WINDOWS\system32\drivers\RsFx0102.sys [10/07/2008 02:49:14 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29:04 369688]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - iynqkam
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 15:42:32 . 2010-03-06 01:44:40]

2010-05-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

2010-05-14 C:\WINDOWS\Tasks\COMODO System Cleaner Update.job
- E:\Sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41:24 . 2010-03-09 13:41:24]

2010-05-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34:17 . 2009-10-05 13:34:14]

2010-05-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34:17 . 2009-10-05 13:34:14]

2010-05-14 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:55:00 . 2009-09-06 16:54:56]

2010-05-15 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:55:00 . 2009-09-06 16:54:56]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: C:\Programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: C:\Documents and Settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: C:\Documents and Settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: C:\Programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: C:\Programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: E:\Audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: E:\Players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
E:\Internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
E:\Internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
E:\Internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
E:\Internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
E:\Internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
E:\Internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
E:\Internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
E:\Internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
E:\Internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
E:\Internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.

Attendo indicazioni, grazie.

torch

da **torch** » sab mag 15, 2010 1:16 pm

Allora:

ho riavviato il sistema, premuto f8, e scelto la voce -utilizza ultima configurazione sicuramente funzionante- .
Sono così riuscito a riavviare il sistema "normalmente".
Al caricamento del desktop, avira ha rilevato i seguenti file malevoli:

cdaudio.sys
changer.sys
dmusic.sys
fdc.sys
irenum.sys

sempre tutti nella cartella drivers.
Li ha rimossi.

Ora sto rieseguendo combofix .
Non mi da piu il problema con il file dumphive.

Ho notato che in c: c'e una cartella Combofix di cui non mi ero accorto dell'esistenza, prima.

Ora

Appena finisce la scansione, la allego.

Grazie

da **torch** » sab mag 15, 2010 1:25 pm

Eccolo:

ComboFix 10-05-14.06 - TRH 15/05/2010 14:12:37.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2660 [GMT 2:00]
Eseguito da: c:\documents and settings\TRH\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-04-15 al 2010-05-15 )))))))))))))))))))))))))))))))))))
.

2010-05-15 11:10 . 2010-05-15 11:23 -------- d-----w- C:\ComboFix_
2010-05-14 23:21 . 2010-05-14 23:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2010-05-14 23:18 . 2010-05-14 23:18 -------- d-----w- c:\programmi\File comuni\Topaz Labs
2010-05-14 21:40 . 2010-05-14 21:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2010-05-14 20:22 . 2010-05-15 12:21 755200 ----a-w- c:\windows\system32\drivers\iynqkam.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 -c--a-w- c:\windows\system32\dllcache\ip6fw.sys
2010-05-14 20:21 . 2008-04-13 18:53 36608 ----a-w- c:\windows\system32\drivers\ip6fw.sys
2010-05-13 16:59 . 2010-05-13 16:59 4286 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{F15E7B15-CB34-4C21-9E5F-946F13F9739F}\sinstall.exe
2010-05-13 13:15 . 2007-08-01 23:45 335872 ----a-w- c:\windows\system32\nvwrses.dll
2010-05-13 13:01 . 2010-05-13 12:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-13 12:32 . 2010-05-13 13:01 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\eSupport.com
2010-05-13 11:43 . 2010-05-13 11:43 -------- d-----w- c:\windows\NV33083936.TMP
2010-05-13 11:40 . 2010-05-13 11:40 -------- d-----w- C:\Dell
2010-05-10 15:20 . 2010-02-16 08:22 38784 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-07 13:22 . 2007-11-17 01:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-07 13:20 . 2007-11-16 12:37 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-07 13:02 . 2010-05-07 13:02 -------- d-----w- c:\windows\NV48165944.TMP
2010-05-07 09:11 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-05-05 18:45 . 2010-05-05 21:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\freeTVRadio
2010-05-05 18:45 . 2010-05-05 18:45 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FissaSearch
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\SYSTRAN
2010-05-04 20:11 . 2010-05-04 20:11 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SYSTRAN
2010-05-04 20:08 . 2010-05-04 20:08 878080 ----a-w- c:\windows\system32\iconv.dll
2010-05-04 20:08 . 2010-05-04 20:08 150016 ----a-w- c:\windows\system32\libxslt.dll
2010-05-04 20:08 . 2010-05-04 20:08 721920 ----a-w- c:\windows\system32\libxml2.dll
2010-05-04 20:08 . 2010-05-04 20:08 51200 ----a-w- c:\windows\system32\libexslt.dll
2010-05-04 20:06 . 2007-03-24 10:45 57344 ----a-r- c:\windows\system32\libsyslic1.dll
2010-05-04 20:06 . 2007-03-13 23:57 144896 ----a-r- c:\windows\system32\libsyslic1.original.dll
2010-05-04 13:46 . 2010-05-04 13:46 -------- d-----w- c:\programmi\Citrix
2010-05-04 12:47 . 2009-02-09 08:42 99968 ----a-w- c:\windows\system32\drivers\hxctlflt.sys
2010-05-04 12:44 . 2009-10-19 15:30 23848 ----a-w- c:\windows\system32\libcmmn.dll
2010-05-04 12:44 . 2009-10-19 15:30 681256 ----a-w- c:\windows\system32\WebCamPropertyWindow.dll
2010-05-04 12:44 . 2008-12-12 16:34 73728 ----a-w- c:\windows\system32\BurnerApLib.dll
2010-05-04 12:44 . 2008-10-09 09:02 102400 ----a-w- c:\windows\system32\st50220.dll
2010-05-02 00:12 . 2010-05-02 00:12 36864 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Autodesk\AutoCAD 2011\R18.1\ita\ContextualTabSelectorRules.dll
2010-05-01 19:08 . 2006-11-22 05:20 348160 ----a-w- c:\windows\system32\WkExt32.dll
2010-05-01 19:08 . 2006-11-02 05:20 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2010-05-01 19:08 . 2000-10-18 02:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2010-05-01 19:08 . 2006-11-09 05:20 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2010-05-01 19:08 . 2006-11-22 05:20 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2010-05-01 19:08 . 2006-11-22 05:20 159744 ----a-w- c:\windows\system32\WkWin32.dll
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBUKEY
2010-05-01 19:08 . 2010-05-01 19:08 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2010-05-01 15:56 . 2010-05-01 15:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
2010-04-29 20:14 . 2010-04-29 20:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\autodessys
2010-04-29 16:16 . 2010-04-29 16:18 -------- d-----w- c:\documents and settings\All Users\Personal Translator
2010-04-29 07:05 . 2010-04-29 07:05 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ComodoGroup
2010-04-29 07:04 . 2010-04-29 07:04 -------- d-----w- c:\documents and settings\TRH\Dati applicazioniComodoGroup
2010-04-27 11:26 . 2010-05-12 22:32 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-04-27 11:25 . 2010-05-12 22:32 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-04-23 09:28 . 2010-04-23 09:28 10 ----a-w- c:\windows\popcinfo.dat
2010-04-23 09:16 . 2010-04-23 09:16 -------- d-----w- c:\programmi\MozBackup
2010-04-21 20:15 . 2010-04-21 20:15 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Xenocode
2010-04-20 00:59 . 1999-02-16 06:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2010-04-20 00:57 . 2004-09-20 14:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2010-04-20 00:56 . 2005-01-07 09:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2010-04-20 00:55 . 2005-08-03 11:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2010-04-18 17:49 . 2009-10-26 03:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-04-18 17:49 . 2008-06-20 07:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-04-18 17:49 . 2008-06-20 07:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2010-04-18 17:48 . 2010-04-18 17:48 -------- d-----w- c:\programmi\File comuni\Intel
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_8EDC585963537054B6C7F9.exe
2010-04-18 16:34 . 2010-04-18 16:34 22798 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_6FEFF9B68218417F98F549.exe
2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\programmi\Microsoft Location Finder
2010-04-18 10:16 . 2010-04-18 10:16 -------- d-----w- c:\programmi\Widget vodafone.it
2010-04-18 00:00 . 2010-04-18 00:05 -------- d-----w- c:\programmi\File comuni\Akamai
2010-04-17 07:58 . 2010-04-17 07:58 -------- d-----w- c:\programmi\iPod
2010-04-17 07:57 . 2010-04-17 07:57 -------- d-----w- c:\programmi\Apple Software Update
2010-04-17 07:56 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-17 07:56 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-17 07:03 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-04-17 07:03 . 2010-04-17 07:03 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-17 07:02 . 2010-02-26 11:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-04-17 07:02 . 2010-02-26 11:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-04-17 07:02 . 2010-02-26 11:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-04-16 21:26 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-16 21:25 . 2010-04-16 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_2cd672ae.exe
2010-04-15 18:10 . 2010-04-15 18:10 13094 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_16496df1.exe
2010-04-15 18:10 . 2010-04-15 18:10 1078 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{A892C5E6-B04D-4CAB-95DA-A52038B97B01}\_69525f90.exe
2010-04-15 18:10 . 2010-04-15 18:10 -------- d-----w- c:\programmi\Planetside Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 09:40 . 2004-08-19 12:00 620804 ----a-w- c:\windows\system32\perfh010.dat
2010-05-15 09:40 . 2004-08-19 12:00 128830 ----a-w- c:\windows\system32\perfc010.dat
2010-05-15 00:32 . 2010-01-12 04:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-15 00:12 . 2010-03-13 09:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\vlc
2010-05-14 23:11 . 2009-12-30 15:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\onOne Software
2010-05-14 20:16 . 2010-05-14 20:15 16 ----a-w- c:\documents and settings\NetworkService\Dati applicazioni\qvjsge.dat
2010-05-14 12:46 . 2009-10-09 13:07 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Abvent_Artlantis3
2010-05-14 11:17 . 2008-12-11 11:23 11691 ----a-w- c:\windows\system32\nvModes.dat
2010-05-13 23:48 . 2009-01-05 17:29 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uTorrent
2010-05-13 18:37 . 2009-01-13 09:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 14:28 . 2010-05-13 14:28 16 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\qvjsge.dat
2010-05-13 10:46 . 2008-12-16 13:16 -------- d-----w- c:\programmi\Microsoft.NET
2010-05-12 06:59 . 2008-12-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:25 . 2008-12-16 14:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Autodesk
2010-05-11 21:25 . 2008-12-16 14:19 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Autodesk
2010-05-11 21:17 . 2008-12-16 14:54 -------- d-----w- c:\programmi\Autodesk
2010-05-11 19:24 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\e-onsoftware
2010-05-11 09:27 . 2010-02-13 10:05 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-08 13:50 . 2009-01-10 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-05-07 21:02 . 2010-04-03 21:16 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\e-on software
2010-05-07 12:27 . 2008-12-12 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-07 12:22 . 2009-09-27 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-05 12:13 . 2010-05-05 12:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 10:48 . 2008-12-16 14:54 -------- d-----w- c:\programmi\File comuni\Autodesk Shared
2010-05-04 20:11 . 2008-12-11 11:12 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-04 13:59 . 2008-12-16 12:28 66632 ----a-w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-04 13:06 . 2008-12-11 13:44 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Skype
2010-05-04 13:04 . 2008-12-16 17:53 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\skypePM
2010-05-04 12:58 . 2009-10-05 13:03 -------- d-----w- c:\programmi\Unlocker
2010-05-04 12:51 . 2009-07-29 17:12 -------- d-----w- c:\programmi\Hercules
2010-05-04 10:08 . 2008-12-12 21:25 -------- d-----w- c:\programmi\File comuni\Adobe
2010-05-01 19:47 . 2009-04-16 19:37 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-05-01 19:35 . 2008-12-16 12:27 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Graphisoft
2010-04-29 13:39 . 2010-01-12 04:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-12 04:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:39 . 2009-01-29 09:12 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Canon
2010-04-17 08:47 . 2010-03-21 22:28 -------- d-----w- c:\programmi\SatHunter
2010-04-17 08:32 . 2010-01-19 11:06 -------- d-----w- c:\programmi\Aide PDF to DXF Converter
2010-04-17 07:58 . 2008-12-11 13:41 -------- d-----w- c:\programmi\File comuni\Apple
2010-04-17 07:12 . 2008-12-11 11:09 -------- d-----w- c:\programmi\Intel
2010-04-17 07:01 . 2009-03-25 14:25 -------- d-----w- c:\programmi\Nokia
2010-04-09 13:12 . 2009-04-06 17:44 -------- d-----w- c:\programmi\Google
2010-04-08 14:39 . 2010-04-23 09:37 642560 ----a-w- c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Planetside Software
2010-04-03 14:28 . 2010-04-03 14:28 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\uk.co.planetside
2010-04-01 19:16 . 2009-01-06 20:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-04-01 19:03 . 2009-01-06 20:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-04-01 19:01 . 2010-04-01 19:01 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-04-01 19:01 . 2010-04-01 19:01 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-04-01 19:01 . 2010-04-01 19:01 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-04-01 19:01 . 2010-04-01 19:01 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-04-01 19:01 . 2010-04-01 19:01 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-04-01 18:42 . 2010-04-01 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-04-01 18:42 . 2010-04-01 18:42 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
2010-03-31 21:06 . 2010-03-31 21:06 -------- d-----w- c:\programmi\Bonjour
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-27 18:49 . 2010-03-27 18:49 1875108 ----a-w- c:\documents and settings\TRH\Dati applicazioni\RAR-Password-Recovery-Magic.exe
2010-03-24 17:14 . 2010-03-24 17:14 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\ePaperPress
2010-03-21 23:36 . 2010-03-21 23:35 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\SecondLife
2010-03-21 17:38 . 2010-03-21 17:38 -------- d-----w- c:\programmi\AutoDWG
2010-03-21 16:28 . 2010-03-20 21:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-21 16:25 . 2010-03-20 21:21 -------- d-----w- c:\programmi\DivX
2010-03-21 16:23 . 2010-03-20 21:25 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\DivX
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-03-21 12:36 . 2010-03-21 12:36 -------- d-----w- c:\programmi\NortonInstaller
2010-03-20 21:21 . 2010-03-20 21:25 986904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-03-20 19:10 . 2010-03-20 19:10 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Stentec
2010-03-20 19:04 . 2010-03-20 19:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Stentec
2010-03-18 14:47 . 2010-03-18 14:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 11:16 . 2010-03-18 11:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 11:16 . 2010-03-18 11:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 08:09 . 2010-03-18 08:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 08:09 . 2010-03-18 08:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 08:09 . 2010-03-18 08:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 08:09 . 2010-03-18 08:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 08:13 . 2007-03-12 13:02 947472 ----a-w- c:\windows\system32\msjava.dll
2010-03-02 21:18 . 2009-01-14 19:55 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-26 11:32 . 2009-01-06 20:49 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-25 06:16 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2005-03-30 17:35 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2005-03-30 17:35 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:05 . 2010-02-16 11:05 16712 ----a-w- c:\windows\system32\AcSignExtRes.dll
2009-05-14 20:02 . 2009-05-14 20:02 3392872 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-05-14 20:02 . 2009-05-14 20:02 3298152 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-15_11.18.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-15 12:00 . 2010-05-15 12:00 16384 c:\windows\temp\Perflib_Perfdata_5dc.dat
- 2004-08-19 12:00 . 2008-04-13 17:40 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2010-05-14 20:20 . 2008-04-13 18:40 20480 c:\windows\system32\drivers\flpydisk.sys
- 2004-08-19 12:00 . 2008-04-13 18:40 27392 c:\windows\system32\drivers\Fdc.sys
+ 2010-05-14 20:20 . 2008-04-13 17:40 27392 c:\windows\system32\drivers\fdc.sys
- 2008-12-11 11:38 . 2008-04-13 18:45 52864 c:\windows\system32\drivers\dmusic.sys
+ 2010-05-14 20:19 . 2008-04-13 17:45 52864 c:\windows\system32\drivers\dmusic.sys
- 2001-08-17 21:52 . 2004-08-19 12:00 18688 c:\windows\system32\drivers\Cdaudio.sys
+ 2010-05-14 20:18 . 2001-08-17 19:52 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2010-05-14 20:20 . 2008-04-13 17:40 27392 c:\windows\system32\dllcache\fdc.sys
- 2004-08-19 12:00 . 2008-04-13 17:40 27392 c:\windows\system32\dllcache\fdc.sys
+ 2010-05-14 20:19 . 2008-04-13 17:45 52864 c:\windows\system32\dllcache\dmusic.sys
- 2008-12-11 11:38 . 2008-04-13 17:45 52864 c:\windows\system32\dllcache\dmusic.sys
+ 2010-05-14 20:18 . 2001-08-17 19:52 18688 c:\windows\system32\dllcache\cdaudio.sys
- 2001-08-17 21:52 . 2001-08-17 19:52 18688 c:\windows\system32\dllcache\cdaudio.sys
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 12:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2008-12-11 11:02 . 2010-05-15 12:00 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2008-12-11 11:02 . 2010-05-15 10:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-11 11:02 . 2010-05-15 12:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-14 20:19 . 2008-04-13 17:40 8192 c:\windows\system32\drivers\changer.sys
- 2010-05-14 20:19 . 2008-04-13 17:40 8192 c:\windows\system32\dllcache\changer.sys
+ 2010-05-14 20:19 . 2008-04-13 17:40 8192 c:\windows\system32\dllcache\changer.sys
- 2009-11-23 12:24 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2010-05-14 20:06 . 2009-11-23 12:24 571904 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2010-05-14 20:06 . 2009-11-23 11:50 1302600 c:\windows\system32\WUDFUpdate_01007.dll
- 2009-11-23 11:50 . 2009-11-23 11:50 1302600 c:\windows\system32\WUDFUpdate_01007.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="e:\masterizzazione\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
"MNS"="c:\programmi\Mobile Net Switch\MNS.exe" [2009-02-19 1047552]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO Internet Security\cfp.exe" [2009-11-19 1800464]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"GrooveMonitor"="e:\sistema\Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="e:\adobeacrobatpro\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NVHotkey"="nvHotkey.dll" [2007-08-01 67584]
"QuickTime Task"="e:\players\Quicktime\QTTask.exe" [2010-03-17 421888]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"iTunesHelper"="e:\audio\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-08-01 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-13 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DRSpawner.lnk - c:\documents and settings\All Users\Dati applicazioni\ASGvis\DRSpawner\DRSpawner.exe [2010-1-23 2076672]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-16 813584]
WDDMStatus.lnk - c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-5 2057536]
WDSmartWare.lnk - c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-5 9116480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Architettura\\SketchupPro7\\SketchUp.exe"=
"e:\\Architettura\\SketchupPro7\\LayOut\\LayOut.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"e:\\Internet\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Architettura\\Rhinoceros_4\\System\\Rhino4.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmi\\Hercules\\Classic Silver\\Station2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\ArchiCAD 13\\ArchiCAD.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Architettura\\Maya2010\\bin\\maya.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/12/2008 14:54 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/12/2008 14:54 25160]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [17/06/2009 00:57 14464]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service -->

e:\scanner\abbyy\NetworkLicenseServer.exe -service [?]

R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 19:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" -->

c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager [?]

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 10:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run -->

c:\windows\system32\hasplms.exe -run [?]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 08:08 3575808]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 09:44 110592]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys -->

c:\windows\system32\drivers\CFRMD.sys [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2008 15:04 685816]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys -->

c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 23:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 15:34 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 18:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit;e:\architettura\3dMax2011Design\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 02:10 86016]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 19:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 11:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 14:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys -->

c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/01/2010 06:36 20952]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANMp50.sys [03/01/2010 17:25 36280]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\NANSp50.sys [03/01/2010 17:25 35256]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 19:50 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11/07/2008 02:29 369688]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - iynqkam
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TRH-DELL-TRH.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-01 01:44]

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-14 c:\windows\Tasks\COMODO System Cleaner Update.job
- e:\sicurezza\Comodo\cleanerreg\UpdateApplications.exe [2010-03-09 13:41]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = *.local
TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220
TCP: {D0AFF87D-CBD8-423A-A7C1-99BF03D231A5} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VisuAllViewer@digitalarts.dk\plugins\npvisuall2.dll
FF - plugin: c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\programmi\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: e:\audio\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\players\Quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\internet\Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\internet\Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\internet\Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\internet\Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\internet\Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 14:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iynqkam]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8158CD65-29A9-7815-9916-FDE3385F5E4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nabjodhgbhkbiccepoekoafbipib"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,
6d,6d,64,62,6b,65,67,70,00,ff
"malhcajkmkogmnaoocakkcpilj"=hex:6b,61,6e,6e,6c,6f,6d,68,67,69,65,66,6b,6e,6d,
6d,64,62,6b,65,67,70,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\windows\system32\IWPDGINA.DLL
c:\programmi\Intel\WiFi\bin\LangResources\ITA\SsoGnITA.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
c:\programmi\File comuni\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\programmi\WIBU-SYSTEMS\System\WibuShellExt.dll
e:\fotografia\Autopano Giga 2\AutopanoShell_win32.dll
c:\programmi\File comuni\Autodesk Shared\AcShellEx\AcShellExtension.dll
c:\programmi\File comuni\Autodesk Shared\Shell\AdpWShellExt.dll
c:\programmi\File comuni\Autodesk Shared\Shell\adp_core-1_0-vc90-wt.dll
c:\programmi\File comuni\Autodesk Shared\Shell\adp_service_opczip-1_0-vc90-wt.dll
c:\programmi\File comuni\Autodesk Shared\Shell\adp_toolkit-1_0-vc90-wt.dll
c:\programmi\File comuni\Autodesk Shared\Shell\ITA\AdpWShellExtRes.dll
e:\fotografia\Autopano Pro\AutopanoShell_win32.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
e:\architettura\ArchiCAD 13\GSShellX32.dll
.
Ora fine scansione: 2010-05-15 14:25:25
ComboFix-quarantined-files.txt 2010-05-15 12:25

Pre-Run: 2.240.548.864 byte disponibili
Post-Run: 2.178.392.064 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 686709F2BDF76911D98FA966DBDADB53

da **stevens** » sab mag 15, 2010 2:25 pm

sono rientrato ora, non ho potuto essere presente....hai ancora le schermate blu?

devi rieseguire lo script, e' ancora tutto nel pc quello da eliminare e potrebbe essere anche la causa dei crash

ti ricordo che combofix ti ha eliminato una brutta infezione da rootkit

da **torch** » sab mag 15, 2010 2:30 pm

Ciao Stevens.

Comre dicevo, le schermate blu non ci sono piu.
Devo rieseguire il medesimo script che mi hai dato prima?
Non dice nulla di nuovo l'ultimo log?

grazie

da **stevens** » sab mag 15, 2010 2:42 pm

si riesegui lo script con le stesse istruzioni che ti ho dato

mi raccomando, elimina tutti gli altri altrimenti si confondono

da **torch** » sab mag 15, 2010 2:54 pm

Sto eseguendo combofix.
Sono allo Stage_3, e avira mi vede il rootkit Rkit/bubnix.s in c:Combofix/N_/testme.

Gli dico, ad Avira, di cancellarlo?

da **stevens** » sab mag 15, 2010 2:59 pm

si segui il consiglio di avira ma a me serve anche il log di combofix

da **torch** » sab mag 15, 2010 3:00 pm

Si. Chiaro.
E' che se non "rispondevo" ad avira, l'esecuzione di combofix restava fissa allostage 3.
Appena finisce pubblico il log.

www.MegaLab.it

Virus in C:\WINDOWS\system32\drivers

Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Re: Virus in C:\WINDOWS\system32\drivers

Chi c’è in linea