Hardware Upgrade Forum - View Single Post - AIUTO-AIUTO-AIUTO(connesso,scarico ma non navigo)

Painkiller091 · 16-08-2009, 17:41

ecco il secondo!che significa QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA cosa implica e come risolverlo?il log te lo metto qui e non in allegato perche troppo grande:

ComboFix 09-08-10.06 - Menny 16/08/2009 18.18.39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1280.762 [GMT 2:00]
Eseguito da: c:\documents and settings\Menny\Documenti\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\ca457.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\2945a9d8.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-07-16 al 2009-08-16 )))))))))))))))))))))))))))))))))))
.

2009-08-16 16:08 . 2009-08-16 16:08 -------- d-----w- c:\programmi\Trend Micro
2009-08-16 11:38 . 2009-08-16 11:38 -------- d-----w- c:\programmi\File comuni\DirectX
2009-08-10 03:14 . 2009-08-10 03:14 -------- d-----w- c:\programmi\AMP WinOFF
2009-08-09 15:11 . 2009-08-09 15:11 -------- d-----w- C:\Sounds
2009-08-08 16:44 . 2008-09-04 04:28 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-08-08 16:44 . 2008-09-04 04:27 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-08-08 16:44 . 2008-09-04 04:27 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-08-08 16:44 . 2009-08-08 16:44 -------- d-----w- c:\programmi\LG Electronics
2009-08-08 16:27 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-08-08 16:27 . 2009-08-09 22:57 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\LG Electronics
2009-08-08 16:27 . 2009-08-10 23:48 -------- d-----w- c:\programmi\LG PC Suite II
2009-08-07 00:36 . 2009-08-07 00:36 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ubi.com
2009-08-07 00:14 . 2009-08-07 00:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hagel Technologies
2009-08-07 00:11 . 2009-08-07 00:11 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Hagel Technologies
2009-08-06 23:17 . 2009-08-06 23:17 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\AdobeUM
2009-08-05 21:44 . 2009-08-09 12:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2009-08-05 09:21 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-05 09:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-05 09:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-05 09:21 . 2009-08-05 09:23 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-08-05 09:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-05 09:20 . 2009-08-05 09:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-08-04 17:13 . 2009-08-04 17:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-08-04 01:58 . 2009-08-04 01:58 -------- d-----w- c:\programmi\Windows Resource Kits
2009-08-03 21:40 . 2009-08-05 22:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-08-03 21:39 . 2009-08-03 21:40 -------- d-----w- c:\programmi\Motive
2009-08-03 21:05 . 2009-08-03 21:05 -------- d-----w- c:\programmi\File comuni\Motive
2009-08-03 18:44 . 2009-08-03 18:44 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Motive
2009-08-03 18:38 . 2009-08-03 21:40 -------- d-----w- c:\windows\Motive
2009-08-03 18:35 . 2009-08-03 18:35 -------- d-----w- c:\programmi\Telecom Italia
2009-08-03 17:57 . 2009-08-03 17:57 -------- d-----w- c:\windows\Cache
2009-08-02 02:00 . 2009-08-02 02:00 -------- d-----w- c:\programmi\XP TCPIP Repair
2009-08-02 01:33 . 2009-08-02 01:33 -------- d-----w- c:\windows\SiS
2009-08-02 01:32 . 2006-02-14 14:02 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys
2009-07-31 22:19 . 2009-07-31 22:20 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\The Path
2009-07-28 23:10 . 2009-07-28 23:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-26 15:32 . 2004-11-26 04:04 38400 ----a-r- c:\windows\system32\GsiDi32.dll
2009-07-26 01:04 . 2009-07-26 01:04 -------- d-----w- c:\programmi\Digimask
2009-07-26 00:43 . 2009-07-26 00:53 -------- d--h--r- c:\documents and settings\Menny\Dati applicazioni\CrystalSpace
2009-07-26 00:06 . 2009-07-26 00:06 0 ----a-w- c:\windows\PowerReg.dat
2009-07-25 23:59 . 2009-07-25 23:59 -------- d-----w- c:\programmi\ReflexiveArcade
2009-07-25 23:21 . 2009-07-25 23:21 -------- d-----w- c:\programmi\U.S. Robotics
2009-07-25 23:18 . 2009-08-03 18:21 -------- d-----w- C:\Temp
2009-07-24 23:07 . 2008-08-25 09:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-24 23:07 . 2008-08-25 09:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-24 23:07 . 2008-08-25 09:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-24 23:07 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-24 23:06 . 2009-08-05 09:59 -------- d-----w- c:\programmi\Spyware Doctor
2009-07-24 23:06 . 2009-07-24 23:06 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\PC Tools
2009-07-24 22:24 . 2009-07-24 22:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Malwarebytes
2009-07-24 22:24 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 22:23 . 2009-07-24 22:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-24 22:23 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 22:23 . 2009-07-24 22:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-24 13:22 . 2009-08-05 19:27 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Temp
2009-07-24 13:22 . 2009-07-24 13:24 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google
2009-07-24 13:22 . 2009-07-24 13:22 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Deployment
2009-07-24 01:49 . 2009-08-08 16:26 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\InstallShield
2009-07-24 01:49 . 2009-07-24 01:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-07-24 00:46 . 2009-07-24 00:46 -------- d-----w- c:\programmi\MSXML 4.0
2009-07-24 00:27 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-24 00:27 . 2008-06-14 17:59 272768 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-07-23 22:05 . 1997-08-14 14:20 54272 ----a-r- c:\windows\sleun.exe
2009-07-23 02:00 . 2009-07-23 02:00 -------- d-----w- c:\windows\ie8updates
2009-07-23 01:57 . 2004-08-19 13:39 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-23 01:51 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-23 01:51 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-23 01:51 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-23 01:50 . 2009-07-19 16:42 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-23 01:50 . 2009-02-09 11:48 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-23 01:50 . 2009-02-09 11:49 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-23 01:50 . 2009-02-09 11:48 2184192 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-23 01:49 . 2009-02-09 11:48 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-23 01:48 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-22 22:34 . 2004-08-30 12:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-22 22:34 . 2007-04-12 13:01 118832 ----a-w- c:\windows\system32\SHW32.DLL
2009-07-22 22:19 . 2009-08-05 20:55 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-22 22:18 . 2009-07-22 22:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-19 16:49 . 2009-07-19 16:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive
2009-07-19 16:41 . 2009-07-19 16:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-07-19 16:05 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-19 16:05 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-19 16:05 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-19 16:05 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-19 16:05 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-19 16:05 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-19 00:34 . 2009-07-30 23:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-07-18 23:14 . 2009-07-18 23:19 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ppstream
2009-07-18 22:54 . 2009-07-18 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-07-18 22:54 . 2009-07-18 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-07-17 21:08 . 2009-07-17 21:08 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-07-17 21:08 . 2009-07-17 21:08 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-07-17 21:08 . 2009-07-17 21:08 12067 ----a-w- c:\windows\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 16:28 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\uTorrent
2009-08-16 12:14 . 2009-06-13 22:32 -------- d-----w- c:\programmi\PokerStars.IT
2009-08-15 22:58 . 2009-05-09 20:59 85832 ----a-w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-15 01:10 . 2009-05-10 18:58 282184 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-08-08 16:44 . 2009-05-09 18:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-05 21:56 . 2009-05-15 14:42 256 ----a-w- c:\windows\system32\pool.bin
2009-08-03 21:58 . 2009-05-11 13:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-03 21:56 . 2009-05-11 12:36 152576 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-08-03 21:41 . 2009-08-03 18:37 -------- d-----w- c:\programmi\Alice ti aiuta
2009-08-03 18:38 . 2009-06-14 23:48 -------- d-----w- c:\programmi\Common Files
2009-08-03 18:37 . 2009-08-03 18:37 2232 ----a-w- c:\windows\java\Packages\Data\J7N5RX3V.DAT
2009-08-03 18:37 . 2009-08-03 18:37 155995 ----a-w- c:\windows\java\Packages\YWD7PZ3B.ZIP
2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\BZHF3XV9.DAT
2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\Z3TVRPN7.DAT
2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\Z3T7DB7D.DAT
2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\YT3ZFX37.DAT
2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\TJ3F1JPF.DAT
2009-08-03 18:21 . 2009-05-09 18:27 -------- d-----w- c:\programmi\microsoft frontpage
2009-07-28 21:15 . 2001-08-31 15:00 81222 ----a-w- c:\windows\system32\perfc010.dat
2009-07-28 21:15 . 2001-08-31 15:00 483326 ----a-w- c:\windows\system32\perfh010.dat
2009-07-28 20:36 . 2009-07-28 20:36 0 ----atw- c:\windows\005755_.tmp
2009-07-19 16:51 . 2009-06-01 11:11 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Sports Interactive
2009-07-17 13:04 . 2009-07-17 13:04 -------- d-----w- c:\programmi\EA SPORTS
2009-07-17 12:25 . 2009-07-08 03:26 159934 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe
2009-07-17 12:25 . 2009-07-17 12:25 -------- d-----w- c:\programmi\Marsu-Fix
2009-07-17 12:24 . 2009-07-08 03:12 -------- d-----w- c:\programmi\ESET
2009-07-17 12:15 . 2009-07-17 00:34 -------- d-----w- c:\programmi\File comuni\Softwin
2009-07-17 12:14 . 2009-07-17 02:32 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-17 07:14 . 2009-07-17 07:15 913408 ----a-w- c:\windows\system32\xreglib.dll
2009-07-17 00:35 . 2009-07-17 00:35 -------- d-----w- c:\programmi\Softwin
2009-07-17 00:12 . 2009-07-17 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-07-17 00:12 . 2009-07-17 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\programmi\ViaVoice TTS
2009-07-14 19:44 . 2009-07-14 19:44 572 ----a-w- c:\windows\eReg.dat
2009-07-13 02:17 . 2009-07-13 01:56 -------- d-----w- c:\programmi\MemoriesOnTV3
2009-07-12 23:30 . 2009-05-09 22:30 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-12 22:33 . 2009-07-12 22:33 -------- d-----w- c:\programmi\Youdagames
2009-07-08 19:13 . 2009-07-08 19:13 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Jasc
2009-07-08 19:11 . 2009-07-08 19:11 -------- d-----w- c:\programmi\Jasc Software Inc
2009-07-08 01:25 . 2009-07-08 01:25 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ESET
2009-07-07 14:51 . 2009-07-07 14:44 -------- d-----w- c:\programmi\Microsoft
2009-07-07 14:51 . 2009-07-07 14:51 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2009-07-07 14:50 . 2009-07-07 14:44 -------- d-----w- c:\programmi\Windows Live
2009-07-07 14:49 . 2009-07-07 14:49 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-07-07 14:47 . 2009-07-07 14:47 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-07-05 23:38 . 2009-07-05 23:38 -------- d-----w- c:\programmi\MagicDisc
2009-07-05 22:23 . 2009-07-05 22:23 -------- d-----w- c:\programmi\MagicISO
2009-07-05 11:24 . 2009-07-05 11:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Corel
2009-07-05 11:24 . 2009-07-05 11:24 -------- d-----w- c:\programmi\File comuni\Corel
2009-07-04 00:06 . 2009-07-04 00:06 -------- d-----w- c:\programmi\My Lockbox
2009-07-03 16:55 . 2004-08-19 13:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 17:09 . 2009-07-02 17:09 53 ----a-w- c:\programmi\mkisowin.ini
2009-06-30 17:19 . 2009-07-02 19:31 106496 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-30 17:19 . 2009-07-02 19:31 65536 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-06-30 17:19 . 2009-07-02 19:31 4734976 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-06-27 00:00 . 2009-05-13 21:08 -------- d-----w- c:\programmi\VirtualDJ
2009-06-25 15:54 . 2009-06-25 15:54 -------- d-----w- c:\programmi\AllWallpapersLite
2009-06-25 01:03 . 2009-06-25 01:03 -------- d-----w- c:\programmi\XBOX
2009-06-22 21:41 . 2009-06-22 21:41 -------- d-----w- c:\programmi\MC2
2009-06-21 21:34 . 2009-06-21 21:34 -------- d-----w- c:\programmi\linguatec
2009-06-21 21:23 . 2009-06-21 21:23 -------- d-----w- c:\programmi\Yahoo!
2009-06-21 21:23 . 2009-06-21 21:23 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Yahoo!
2009-06-21 20:10 . 2009-06-21 20:10 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Leadertech
2009-06-21 18:08 . 2009-06-21 17:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Ubisoft
2009-06-21 15:48 . 2009-06-21 14:49 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\MysteryStudio
2009-06-20 23:01 . 2009-06-20 23:01 -------- d--h--r- c:\documents and settings\Menny\Dati applicazioni\SecuROM
2009-06-20 23:01 . 2009-06-20 23:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-20 16:48 . 2009-06-20 16:48 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Pixmantec
2009-06-20 16:47 . 2009-06-20 16:35 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-20 12:04 . 2009-05-16 11:48 -------- d-----w- c:\programmi\AlienGUIse
2009-06-18 20:24 . 2009-06-18 20:17 -------- d--h--w- c:\programmi\FX Uninstall Information
2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-08-31 15:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 20:16 . 2009-06-09 20:16 38208 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-06-03 22:53 . 2009-05-10 00:10 10 ----a-w- c:\windows\popcinfo.dat
2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 22:30 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-05-27 00:30 . 2009-05-09 18:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 15:55 . 2009-05-20 15:55 665600 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-05-20 15:55 . 2009-05-20 15:55 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-05-20 15:55 . 2009-05-20 15:55 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-05-20 15:55 . 2009-05-20 15:55 383 ----a-w- c:\windows\system32\haspdos.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\programmi\CursorXP\CursorXP.exe" [2003-03-01 138240]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"awplite"="c:\programmi\AllWallpapersLite\awplite.exe" [2007-02-10 2607616]
"uTorrent"="d:\utorrent\uTorrent.exe" [2009-07-03 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtcMaestro"="c:\programmi\KMaestro\KMaestro.exe" [2003-01-08 163840]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"mylbx"="c:\programmi\My Lockbox\mylbx.exe" [2009-07-01 1075888]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\programmi\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-05-11 12:20 210168 ----a-w- c:\programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Menny^Menu Avvio^Programmi^Esecuzione automatica^Fishy.lnk]
path=c:\documents and settings\Menny\Menu Avvio\Programmi\Esecuzione automatica\Fishy.lnk
backup=c:\windows\pss\Fishy.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=c:\programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"Google Update"="c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\programmi\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
"RoxWatchTray"="c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"NexusServer"="c:\programmi\File comuni\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Programmi\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"d:\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\eMule 0[1].49c Chimera 1.1 PuBliC VerSioN\\eMule 0.49c Chimera 1.1 PuBliC VerSioN\\emule.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"d:\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Atari\\Crashday\\Crashday.exe"=
"d:\\Sacred Edizione Oro\\Sacred.exe"=
"d:\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"d:\\Team17\\Worms World Party\\wwp.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\eMulexenomorph\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Return to Castle Wolfenstein\\WolfMP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP

NS
"4851:TCP"= 4851:TCP:messenger
"7155:TCP"= 7155:TCP:unic
"5353:TCP"= 5353:TCP:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/07/2009 2.06.31 43792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 16.52.18 33800]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [13/03/2008 16.49.56 472320]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/07/2009 2.06.31 73392]
R2 jobexec32;Active Setup Job Executer;c:\windows\system32\rundll32.exe jobexec32.dll,unic --> c:\windows\system32\rundll32.exe jobexec32.dll,unic [?]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/08/2009 23.08.40 8192]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/05/2009 15.06.00 603904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/07/2009 0.23.58 19096]
S3 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [25/07/2009 0.24.03 211216]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12.29.14 162176]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/01/2004 16.33.01 13952]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [25/07/2009 1.06.52 348752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-MCPClient - c:\progra~1\FILECO~1\Stardock\mcpstub.dll

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {13CBF557-F43C-4AD0-9F0F-705F5636653E} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&tab=iw
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Menny\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 18:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1060284298-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programmi\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\programmi\Common Files\Stardock\MCPCore.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\PAStiSvc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-16 18.38.08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-16 16:38

Pre-Run: 10.249.912.320 byte disponibili
Post-Run: 10.185.584.640 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
370 --- E O F --- 2009-08-15 01:09

16-08-2009, 17:41	#6
Painkiller091 Junior Member Iscritto dal: Aug 2009 Messaggi: 21	ecco il secondo!che significa QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA cosa implica e come risolverlo?il log te lo metto qui e non in allegato perche troppo grande: ComboFix 09-08-10.06 - Menny 16/08/2009 18.18.39.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1280.762 [GMT 2:00] Eseguito da: c:\documents and settings\Menny\Documenti\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\ca457.msi c:\windows\Installer\WMEncoder.msi c:\windows\system32\_000110_.tmp.dll c:\windows\system32\2945a9d8.dll . ((((((((((((((((((((((((( Files Creati Da 2009-07-16 al 2009-08-16 ))))))))))))))))))))))))))))))))))) . 2009-08-16 16:08 . 2009-08-16 16:08 -------- d-----w- c:\programmi\Trend Micro 2009-08-16 11:38 . 2009-08-16 11:38 -------- d-----w- c:\programmi\File comuni\DirectX 2009-08-10 03:14 . 2009-08-10 03:14 -------- d-----w- c:\programmi\AMP WinOFF 2009-08-09 15:11 . 2009-08-09 15:11 -------- d-----w- C:\Sounds 2009-08-08 16:44 . 2008-09-04 04:28 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys 2009-08-08 16:44 . 2008-09-04 04:27 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys 2009-08-08 16:44 . 2008-09-04 04:27 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys 2009-08-08 16:44 . 2009-08-08 16:44 -------- d-----w- c:\programmi\LG Electronics 2009-08-08 16:27 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll 2009-08-08 16:27 . 2009-08-09 22:57 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\LG Electronics 2009-08-08 16:27 . 2009-08-10 23:48 -------- d-----w- c:\programmi\LG PC Suite II 2009-08-07 00:36 . 2009-08-07 00:36 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ubi.com 2009-08-07 00:14 . 2009-08-07 00:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hagel Technologies 2009-08-07 00:11 . 2009-08-07 00:11 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Hagel Technologies 2009-08-06 23:17 . 2009-08-06 23:17 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\AdobeUM 2009-08-05 21:44 . 2009-08-09 12:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bluetooth 2009-08-05 09:21 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-08-05 09:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-05 09:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-08-05 09:21 . 2009-08-05 09:23 -------- d-----w- c:\programmi\File comuni\PC Tools 2009-08-05 09:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-08-05 09:20 . 2009-08-05 09:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools 2009-08-04 17:13 . 2009-08-04 17:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia 2009-08-04 01:58 . 2009-08-04 01:58 -------- d-----w- c:\programmi\Windows Resource Kits 2009-08-03 21:40 . 2009-08-05 22:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive 2009-08-03 21:39 . 2009-08-03 21:40 -------- d-----w- c:\programmi\Motive 2009-08-03 21:05 . 2009-08-03 21:05 -------- d-----w- c:\programmi\File comuni\Motive 2009-08-03 18:44 . 2009-08-03 18:44 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Motive 2009-08-03 18:38 . 2009-08-03 21:40 -------- d-----w- c:\windows\Motive 2009-08-03 18:35 . 2009-08-03 18:35 -------- d-----w- c:\programmi\Telecom Italia 2009-08-03 17:57 . 2009-08-03 17:57 -------- d-----w- c:\windows\Cache 2009-08-02 02:00 . 2009-08-02 02:00 -------- d-----w- c:\programmi\XP TCPIP Repair 2009-08-02 01:33 . 2009-08-02 01:33 -------- d-----w- c:\windows\SiS 2009-08-02 01:32 . 2006-02-14 14:02 32768 ----a-w- c:\windows\system32\drivers\sisnicxp.sys 2009-07-31 22:19 . 2009-07-31 22:20 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\The Path 2009-07-28 23:10 . 2009-07-28 23:10 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-26 15:32 . 2004-11-26 04:04 38400 ----a-r- c:\windows\system32\GsiDi32.dll 2009-07-26 01:04 . 2009-07-26 01:04 -------- d-----w- c:\programmi\Digimask 2009-07-26 00:43 . 2009-07-26 00:53 -------- d--h--r- c:\documents and settings\Menny\Dati applicazioni\CrystalSpace 2009-07-26 00:06 . 2009-07-26 00:06 0 ----a-w- c:\windows\PowerReg.dat 2009-07-25 23:59 . 2009-07-25 23:59 -------- d-----w- c:\programmi\ReflexiveArcade 2009-07-25 23:21 . 2009-07-25 23:21 -------- d-----w- c:\programmi\U.S. Robotics 2009-07-25 23:18 . 2009-08-03 18:21 -------- d-----w- C:\Temp 2009-07-24 23:07 . 2008-08-25 09:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys 2009-07-24 23:07 . 2008-08-25 09:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys 2009-07-24 23:07 . 2008-08-25 09:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys 2009-07-24 23:07 . 2008-06-02 13:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys 2009-07-24 23:06 . 2009-08-05 09:59 -------- d-----w- c:\programmi\Spyware Doctor 2009-07-24 23:06 . 2009-07-24 23:06 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\PC Tools 2009-07-24 22:24 . 2009-07-24 22:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Malwarebytes 2009-07-24 22:24 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-24 22:23 . 2009-07-24 22:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2009-07-24 22:23 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-24 22:23 . 2009-07-24 22:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2009-07-24 13:22 . 2009-08-05 19:27 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Temp 2009-07-24 13:22 . 2009-07-24 13:24 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google 2009-07-24 13:22 . 2009-07-24 13:22 -------- d-----w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Deployment 2009-07-24 01:49 . 2009-08-08 16:26 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\InstallShield 2009-07-24 01:49 . 2009-07-24 01:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield 2009-07-24 00:46 . 2009-07-24 00:46 -------- d-----w- c:\programmi\MSXML 4.0 2009-07-24 00:27 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-07-24 00:27 . 2008-06-14 17:59 272768 ----a-w- c:\windows\system32\drivers\bthport.sys 2009-07-23 22:05 . 1997-08-14 14:20 54272 ----a-r- c:\windows\sleun.exe 2009-07-23 02:00 . 2009-07-23 02:00 -------- d-----w- c:\windows\ie8updates 2009-07-23 01:57 . 2004-08-19 13:39 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-07-23 01:51 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-23 01:51 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-23 01:51 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-23 01:50 . 2009-07-19 16:42 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-23 01:50 . 2009-02-09 11:48 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-07-23 01:50 . 2009-02-09 11:49 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-07-23 01:50 . 2009-02-09 11:48 2184192 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-07-23 01:49 . 2009-02-09 11:48 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-07-23 01:48 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-07-22 22:34 . 2004-08-30 12:25 438272 ----a-w- c:\windows\system32\vp6vfw.dll 2009-07-22 22:34 . 2007-04-12 13:01 118832 ----a-w- c:\windows\system32\SHW32.DLL 2009-07-22 22:19 . 2009-08-05 20:55 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP 2009-07-22 22:18 . 2009-07-22 22:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help 2009-07-19 16:49 . 2009-07-19 16:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sports Interactive 2009-07-19 16:41 . 2009-07-19 16:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer 2009-07-19 16:05 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-07-19 16:05 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-07-19 16:05 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2009-07-19 16:05 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\cooliris19.dll 2009-07-19 16:05 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-07-19 16:05 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-07-19 00:34 . 2009-07-30 23:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus! 2009-07-18 23:14 . 2009-07-18 23:19 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ppstream 2009-07-18 22:54 . 2009-07-18 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP 2009-07-18 22:54 . 2009-07-18 22:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET 2009-07-17 21:08 . 2009-07-17 21:08 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2009-07-17 21:08 . 2009-07-17 21:08 17212 ----a-w- c:\windows\system32\SIntf32.dll 2009-07-17 21:08 . 2009-07-17 21:08 12067 ----a-w- c:\windows\system32\SIntf16.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-16 16:28 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\uTorrent 2009-08-16 12:14 . 2009-06-13 22:32 -------- d-----w- c:\programmi\PokerStars.IT 2009-08-15 22:58 . 2009-05-09 20:59 85832 ----a-w- c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2009-08-15 01:10 . 2009-05-10 18:58 282184 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat 2009-08-08 16:44 . 2009-05-09 18:42 -------- d--h--w- c:\programmi\InstallShield Installation Information 2009-08-05 21:56 . 2009-05-15 14:42 256 ----a-w- c:\windows\system32\pool.bin 2009-08-03 21:58 . 2009-05-11 13:08 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-08-03 21:56 . 2009-05-11 12:36 152576 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll 2009-08-03 21:41 . 2009-08-03 18:37 -------- d-----w- c:\programmi\Alice ti aiuta 2009-08-03 18:38 . 2009-06-14 23:48 -------- d-----w- c:\programmi\Common Files 2009-08-03 18:37 . 2009-08-03 18:37 2232 ----a-w- c:\windows\java\Packages\Data\J7N5RX3V.DAT 2009-08-03 18:37 . 2009-08-03 18:37 155995 ----a-w- c:\windows\java\Packages\YWD7PZ3B.ZIP 2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\BZHF3XV9.DAT 2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\Z3TVRPN7.DAT 2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\Z3T7DB7D.DAT 2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\YT3ZFX37.DAT 2009-08-03 18:37 . 2009-08-03 18:37 2678 ----a-w- c:\windows\java\Packages\Data\TJ3F1JPF.DAT 2009-08-03 18:21 . 2009-05-09 18:27 -------- d-----w- c:\programmi\microsoft frontpage 2009-07-28 21:15 . 2001-08-31 15:00 81222 ----a-w- c:\windows\system32\perfc010.dat 2009-07-28 21:15 . 2001-08-31 15:00 483326 ----a-w- c:\windows\system32\perfh010.dat 2009-07-28 20:36 . 2009-07-28 20:36 0 ----atw- c:\windows\005755_.tmp 2009-07-19 16:51 . 2009-06-01 11:11 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Sports Interactive 2009-07-17 13:04 . 2009-07-17 13:04 -------- d-----w- c:\programmi\EA SPORTS 2009-07-17 12:25 . 2009-07-08 03:26 159934 ----a-w- c:\windows\Marsu-Fix Uninstaller.exe 2009-07-17 12:25 . 2009-07-17 12:25 -------- d-----w- c:\programmi\Marsu-Fix 2009-07-17 12:24 . 2009-07-08 03:12 -------- d-----w- c:\programmi\ESET 2009-07-17 12:15 . 2009-07-17 00:34 -------- d-----w- c:\programmi\File comuni\Softwin 2009-07-17 12:14 . 2009-07-17 02:32 81984 ----a-w- c:\windows\system32\bdod.bin 2009-07-17 07:14 . 2009-07-17 07:15 913408 ----a-w- c:\windows\system32\xreglib.dll 2009-07-17 00:35 . 2009-07-17 00:35 -------- d-----w- c:\programmi\Softwin 2009-07-17 00:12 . 2009-07-17 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software 2009-07-17 00:12 . 2009-07-17 00:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\programmi\ViaVoice TTS 2009-07-14 19:44 . 2009-07-14 19:44 572 ----a-w- c:\windows\eReg.dat 2009-07-13 02:17 . 2009-07-13 01:56 -------- d-----w- c:\programmi\MemoriesOnTV3 2009-07-12 23:30 . 2009-05-09 22:30 -------- d-----w- c:\programmi\Messenger Plus! Live 2009-07-12 22:33 . 2009-07-12 22:33 -------- d-----w- c:\programmi\Youdagames 2009-07-08 19:13 . 2009-07-08 19:13 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Jasc 2009-07-08 19:11 . 2009-07-08 19:11 -------- d-----w- c:\programmi\Jasc Software Inc 2009-07-08 01:25 . 2009-07-08 01:25 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\ESET 2009-07-07 14:51 . 2009-07-07 14:44 -------- d-----w- c:\programmi\Microsoft 2009-07-07 14:51 . 2009-07-07 14:51 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector 2009-07-07 14:50 . 2009-07-07 14:44 -------- d-----w- c:\programmi\Windows Live 2009-07-07 14:49 . 2009-07-07 14:49 -------- d-----w- c:\programmi\Microsoft Sync Framework 2009-07-07 14:47 . 2009-07-07 14:47 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition 2009-07-05 23:38 . 2009-07-05 23:38 -------- d-----w- c:\programmi\MagicDisc 2009-07-05 22:23 . 2009-07-05 22:23 -------- d-----w- c:\programmi\MagicISO 2009-07-05 11:24 . 2009-07-05 11:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Corel 2009-07-05 11:24 . 2009-07-05 11:24 -------- d-----w- c:\programmi\File comuni\Corel 2009-07-04 00:06 . 2009-07-04 00:06 -------- d-----w- c:\programmi\My Lockbox 2009-07-03 16:55 . 2004-08-19 13:39 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 17:09 . 2009-07-02 17:09 53 ----a-w- c:\programmi\mkisowin.ini 2009-06-30 17:19 . 2009-07-02 19:31 106496 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Plugins\npcoolirisplugin.dll 2009-06-30 17:19 . 2009-07-02 19:31 65536 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll 2009-06-30 17:19 . 2009-07-02 19:31 4734976 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll 2009-06-27 00:00 . 2009-05-13 21:08 -------- d-----w- c:\programmi\VirtualDJ 2009-06-25 15:54 . 2009-06-25 15:54 -------- d-----w- c:\programmi\AllWallpapersLite 2009-06-25 01:03 . 2009-06-25 01:03 -------- d-----w- c:\programmi\XBOX 2009-06-22 21:41 . 2009-06-22 21:41 -------- d-----w- c:\programmi\MC2 2009-06-21 21:34 . 2009-06-21 21:34 -------- d-----w- c:\programmi\linguatec 2009-06-21 21:23 . 2009-06-21 21:23 -------- d-----w- c:\programmi\Yahoo! 2009-06-21 21:23 . 2009-06-21 21:23 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Yahoo! 2009-06-21 20:10 . 2009-06-21 20:10 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Leadertech 2009-06-21 18:08 . 2009-06-21 17:24 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Ubisoft 2009-06-21 15:48 . 2009-06-21 14:49 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\MysteryStudio 2009-06-20 23:01 . 2009-06-20 23:01 -------- d--h--r- c:\documents and settings\Menny\Dati applicazioni\SecuROM 2009-06-20 23:01 . 2009-06-20 23:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-06-20 16:48 . 2009-06-20 16:48 -------- d-----w- c:\documents and settings\Menny\Dati applicazioni\Pixmantec 2009-06-20 16:47 . 2009-06-20 16:35 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-20 12:04 . 2009-05-16 11:48 -------- d-----w- c:\programmi\AlienGUIse 2009-06-18 20:24 . 2009-06-18 20:17 -------- d--h--w- c:\programmi\FX Uninstall Information 2009-06-16 14:53 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:53 . 2001-08-31 15:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-09 20:16 . 2009-06-09 20:16 38208 ----a-w- c:\documents and settings\Menny\Dati applicazioni\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe 2009-06-03 22:53 . 2009-05-10 00:10 10 ----a-w- c:\windows\popcinfo.dat 2009-06-03 19:25 . 2004-08-19 13:39 1295872 ----a-w- c:\windows\system32\quartz.dll 2009-06-01 22:30 . 2004-07-17 09:36 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2009-05-27 00:30 . 2009-05-09 18:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-20 15:55 . 2009-05-20 15:55 665600 ----a-w- c:\windows\system32\drivers\hardlock.sys 2009-05-20 15:55 . 2009-05-20 15:55 6656 ----a-w- c:\windows\system32\haspvdd.dll 2009-05-20 15:55 . 2009-05-20 15:55 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2009-05-20 15:55 . 2009-05-20 15:55 383 ----a-w- c:\windows\system32\haspdos.sys . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="c:\programmi\CursorXP\CursorXP.exe" [2003-03-01 138240] "RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616] "awplite"="c:\programmi\AllWallpapersLite\awplite.exe" [2007-02-10 2607616] "uTorrent"="d:\utorrent\uTorrent.exe" [2009-07-03 288048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtcMaestro"="c:\programmi\KMaestro\KMaestro.exe" [2003-01-08 163840] "Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304] "ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872] "mylbx"="c:\programmi\My Lockbox\mylbx.exe" [2009-07-01 1075888] "egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\programmi\TGTSoft\StyleXP\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2009-05-11 12:20 210168 ----a-w- c:\programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Menny^Menu Avvio^Programmi^Esecuzione automatica^Fishy.lnk] path=c:\documents and settings\Menny\Menu Avvio\Programmi\Esecuzione automatica\Fishy.lnk backup=c:\windows\pss\Fishy.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "STYLEXP"=c:\programmi\TGTSoft\StyleXP\StyleXP.exe -Hide "MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background "Google Update"="c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\programmi\HP\HP Software Update\HPWuSchd2.exe "SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" "RoxWatchTray"="c:\programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime "NexusServer"="c:\programmi\File comuni\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch "AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot "Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Programmi\\Windows Media Player\\wmplayer.exe"= "c:\\Programmi\\Real\\RealPlayer\\realplay.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programmi\\Roxio\\Media Manager 9\\MediaManager9.exe"= "c:\\Programmi\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"= "d:\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"= "c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\eMule 0[1].49c Chimera 1.1 PuBliC VerSioN\\eMule 0.49c Chimera 1.1 PuBliC VerSioN\\emule.exe"= "d:\\uTorrent\\uTorrent.exe"= "d:\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "d:\\Atari\\Crashday\\Crashday.exe"= "d:\\Sacred Edizione Oro\\Sacred.exe"= "d:\\Painkiller Overdose\\Bin\\Overdose.exe"= "d:\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"= "d:\\Painkiller Overdose\\Bin\\OverdoseServer.exe"= "d:\\Team17\\Worms World Party\\wwp.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\eMulexenomorph\\emule.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Return to Castle Wolfenstein\\WolfMP.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCPNS "4851:TCP"= 4851:TCP:messenger "7155:TCP"= 7155:TCP:unic "5353:TCP"= 5353:TCP:Adobe CSI CS4 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/07/2009 2.06.31 43792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 16.52.18 33800] R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [13/03/2008 16.49.56 472320] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/07/2009 2.06.31 73392] R2 jobexec32;Active Setup Job Executer;c:\windows\system32\rundll32.exe jobexec32.dll,unic --> c:\windows\system32\rundll32.exe jobexec32.dll,unic [?] R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/08/2009 23.08.40 8192] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [10/05/2009 15.06.00 603904] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/07/2009 0.23.58 19096] S3 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [25/07/2009 0.24.03 211216] S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 12.29.14 162176] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23/01/2004 16.33.01 13952] S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [25/07/2009 1.06.52 348752] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . - - - - CHIAVI ORFANE RIMOSSE - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) Notify-MCPClient - c:\progra~1\FILECO~1\Stardock\mcpstub.dll . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ uInternet Settings,ProxyOverride = 127.0.0.1;.local IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe TCP: {13CBF557-F43C-4AD0-9F0F-705F5636653E} = 208.67.222.222,208.67.220.220 DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\ FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&tab=iw FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= FF - component: c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\Menny\Dati applicazioni\Mozilla\Firefox\Profiles\l8fds2yq.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Menny\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Menny\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-16 18:27 Windows 5.1.2600 Service Pack 2 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ********************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- [HKEY_USERS\S-1-5-21-1060284298-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'winlogon.exe'(788) c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\programmi\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - - - - - - - > 'explorer.exe'(2336) c:\windows\system32\WININET.dll c:\programmi\RocketDock\RocketDock.dll c:\programmi\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\programmi\Common Files\Stardock\MCPCore.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\system32\rundll32.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe c:\windows\system32\HPZipm12.exe c:\programmi\Analog Devices\SoundMAX\SMAgent.exe c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\PAStiSvc.exe . ************************************************************************ . Ora fine scansione: 2009-08-16 18.38.08 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2009-08-16 16:38 Pre-Run: 10.249.912.320 byte disponibili Post-Run: 10.185.584.640 byte disponibili Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 370 --- E O F --- 2009-08-15 01:09 Ultima modifica di Painkiller091 : 16-08-2009 alle 17:58.