Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.47.24, on 28/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Users\win\AppData\Local\Temp\CUninst.exe
C:\Users\win\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60429
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60429
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60429
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233749846541
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233750013714
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11033 bytes

c'è un altro probl il pc è un pò lento mi date una pulita totale da virus e schifezze e se sapete consigliarmi antivirus e firewall ke nn pesino troppo e se vanno bene già quelli ke ho.....
grazie in anticipo

Ciao.
Non si vedono montagne di schifezze nel log.
Hai solo un file sospetto.
Prova a fare una scansione con MBAM.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

punto 1: anche te ti sei preso la schifezza di quel webmediaplayer
punto 2: non le hai eliminate, malwarebytes dice "No action taken."

Log di combofix:

ComboFix 09-04-29.01 - win 29/04/2009 20.15.35.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.3002.2005 [GMT 2:00]
Eseguito da: c:\users\win\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
ADS - Windows: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Condizioni generali.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Riservatezza.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
C:\rox.exe
c:\users\Franco\AppData\Local\icdys.dat
c:\users\Franco\AppData\Local\icdys_nav.dat
c:\users\Franco\AppData\Local\icdys_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-29 )))))))))))))))))))))))))))))))))))
.

2009-04-29 12:26 . 2009-04-29 12:26 -------- d-----w c:\users\Giada\AppData\Roaming\PCToolsFirewallPlus
2009-04-29 12:26 . 2009-04-29 12:26 -------- d-----w c:\users\Giada\AppData\Roaming\Spyware Terminator
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\users\win\AppData\Roaming\Malwarebytes
2009-04-29 06:31 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 06:31 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\programdata\Malwarebytes
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 06:15 . 2009-04-29 06:15 -------- d-----w c:\program files\Crawler
2009-04-28 11:51 . 2009-04-28 11:51 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-28 11:51 . 2009-04-29 18:08 -------- d-----w c:\users\win\AppData\Roaming\Spyware Terminator
2009-04-28 11:50 . 2009-04-29 13:02 -------- d-----w c:\programdata\Spyware Terminator
2009-04-28 11:50 . 2009-04-29 13:02 -------- d-----w c:\users\All Users\Spyware Terminator
2009-04-28 11:50 . 2009-04-28 15:29 -------- d-----w c:\program files\Spyware Terminator
2009-04-27 18:55 . 2009-04-27 18:56 -------- d-----w c:\users\win\AppData\Roaming\PCToolsFirewallPlus
2009-04-27 18:50 . 2008-09-22 10:29 97408 ----a-w c:\windows\system32\drivers\pctfw.sys
2009-04-27 18:50 . 2009-01-21 08:38 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-04-27 18:50 . 2009-04-28 19:17 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-04-27 18:49 . 2009-04-28 12:21 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-27 18:49 . 2009-04-28 12:21 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-27 18:47 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-27 18:47 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-27 18:47 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-27 18:46 . 2009-04-28 11:43 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-25 12:06 . 2009-04-25 12:06 18816 ----a-w c:\windows\system32\drivers\dvd43llh.sys
2009-04-25 12:06 . 2009-04-25 12:06 -------- d-----w c:\program files\dvd43
2009-04-25 12:00 . 2009-04-25 12:00 -------- d-----w c:\programdata\SlySoft
2009-04-25 12:00 . 2009-04-25 12:00 -------- d-----w c:\users\All Users\SlySoft
2009-04-25 11:57 . 2009-04-25 12:06 -------- d-----w c:\program files\SlySoft
2009-04-25 11:34 . 2009-04-25 11:34 -------- d-----w c:\program files\Elaborate Bytes
2009-04-25 09:17 . 2009-04-25 09:19 -------- d-----w c:\programdata\DVD Shrink
2009-04-25 09:17 . 2009-04-25 09:19 -------- d-----w c:\users\All Users\DVD Shrink
2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\program files\DVD Shrink
2009-04-23 17:41 . 2009-04-23 17:41 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-16 22:58 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 22:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 22:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 22:52 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 22:52 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 22:52 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 22:52 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\program files\Ferrero
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\programdata\Ferrero
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\users\All Users\Ferrero
2009-04-08 13:26 . 2009-04-08 13:26 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 18:13 . 2008-08-01 15:35 680208 ----a-w c:\windows\system32\perfh010.dat
2009-04-29 18:13 . 2008-08-01 15:35 126380 ----a-w c:\windows\system32\perfc010.dat
2009-04-28 14:45 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 14:45 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-28 14:45 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 14:36 . 2009-04-28 14:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-04-25 11:40 . 2008-12-29 13:20 -------- d-----w c:\program files\Common Files\Nero
2009-04-23 17:41 . 2009-01-14 19:46 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-23 17:31 . 2009-01-14 19:37 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-17 01:08 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 13:05 . 2009-02-20 10:46 -------- d-----w c:\program files\Pinnacle
2009-04-11 13:02 . 2008-08-01 06:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 13:02 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-04-11 12:15 . 2009-03-10 12:17 -------- d-----w c:\program files\Windows Live
2009-04-01 15:15 . 2009-03-10 12:32 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-26 19:40 . 2009-02-09 14:51 -------- d-----w c:\program files\free-downloads.net
2009-03-26 16:05 . 2009-02-05 18:07 -------- d-----w c:\program files\MegaLink
2009-03-21 22:08 . 2009-03-13 13:45 -------- d-----w c:\program files\Sweet Games
2009-03-21 22:08 . 2009-03-13 13:45 -------- d-----w c:\program files\Oberon Media
2009-03-21 01:18 . 2009-03-21 01:18 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-21 01:17 . 2009-03-10 12:18 -------- d-----w c:\program files\Microsoft
2009-03-17 03:38 . 2009-04-16 22:52 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-13 13:45 . 2009-03-13 13:45 -------- d-----w c:\program files\Common Files\Oberon Media
2009-03-10 12:17 . 2009-03-10 12:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-10 12:14 . 2009-03-10 12:14 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 21:06 . 2009-03-09 21:06 5465 ----a-w C:\kkx.exe
2009-03-09 21:04 . 2009-03-09 20:48 5465 ----a-w C:\kk.exe
2009-03-09 20:56 . 2009-03-09 20:38 83 ----a-w C:\rocks.exe
2009-03-09 13:07 . 2008-11-12 04:58 -------- d-----w c:\program files\CONEXANT
2009-03-08 14:09 . 2009-03-08 14:09 -------- d-----w c:\program files\digicom
2009-03-07 12:18 . 2009-03-07 12:18 0 ------w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-07 12:07 . 2009-03-07 12:07 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-07 12:07 . 2009-03-07 12:07 -------- d-----w c:\program files\DVDVideoSoft
2009-03-06 20:00 . 2009-03-06 20:00 -------- d-----w c:\program files\eMule AdunanzA
2009-03-06 12:15 . 2009-02-12 14:04 -------- d-----w c:\program files\Video Convert Master
2009-03-04 12:32 . 2009-03-04 12:32 -------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-03 19:53 . 2009-03-03 19:52 -------- d-----w c:\program files\mp3DirectCut
2009-03-03 19:45 . 2009-03-03 19:45 -------- d-----w c:\program files\Eazel-IT
2009-03-03 04:46 . 2009-04-16 22:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 22:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 22:59 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 22:59 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 22:59 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 22:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 22:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 22:59 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 22:59 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 22:59 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 22:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 22:59 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 22:59 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 18:50 . 2009-02-04 20:07 89 ----a-w c:\users\Franco\AppData\Local\icdys.bat
2009-02-27 12:36 . 2009-02-27 12:36 237568 ------w c:\windows\system32\rmc_rtspdl.dll
2009-02-27 12:36 . 2009-02-27 12:36 156672 ------w c:\windows\system32\rmc_fixasf.exe
2009-02-27 12:35 . 2009-02-27 12:35 323584 ------w c:\windows\system32\AUDIOGENIE2.DLL
2009-02-23 19:09 . 2009-02-23 19:09 680 ----a-w c:\users\win\AppData\Local\d3d9caps.dat
2009-02-21 10:30 . 2008-12-25 18:14 147280 ----a-w c:\users\Giada\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2008-12-25 16:52 147280 ----a-w c:\users\Franco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-20 11:01 . 2008-12-12 15:11 147280 ----a-w c:\users\win\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\system32\ElbyCDIO.dll
2009-02-12 14:05 . 2009-02-12 14:05 81920 ----a-w c:\users\win\AppData\Roaming\ezpinst.exe
2009-02-12 14:05 . 2009-02-12 14:05 47360 ----a-w c:\users\win\AppData\Roaming\pcouffin.sys
2009-02-12 14:05 . 2009-02-12 14:05 47360 ------w c:\windows\system32\drivers\pcouffin.sys
2009-02-10 09:53 . 2009-02-10 09:53 603904 ------w c:\windows\system32\TUProgSt.exe
2009-02-10 09:53 . 2009-02-10 09:53 360192 ------w c:\windows\system32\TuneUpDefragService.exe
2009-02-09 03:10 . 2009-03-11 09:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 20:15 . 2009-01-14 20:13 138184 ------w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 20:14 . 2009-01-14 20:13 183112 ------w c:\windows\system32\PnkBstrB.exe
2009-02-06 17:52 . 2009-02-06 17:52 49504 ------w c:\windows\system32\sirenacm.dll
2009-02-06 15:03 . 2009-02-06 15:03 0 ----a-w c:\windows\nsreg.dat
2009-02-05 21:06 . 2008-12-12 16:36 51792 ------w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-02 18:02 . 2009-02-02 18:02 680 ----a-w c:\users\Giada\AppData\Local\d3d9caps.dat
2009-01-31 13:28 . 2009-01-31 13:28 32 ----a-w c:\users\All Users\ezsid.dat
2009-01-31 13:28 . 2009-01-31 13:28 32 ----a-w c:\programdata\ezsid.dat
2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-28 2176000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2118804827-1726119250-1251687127-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{279A8A28-4017-4820-A17D-D862F0A951CB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{E19B1BB9-E744-4FA4-91D0-0350062C3BE7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB38B420-2EB1-47C8-AE57-20B52F5B1002}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B08C3A01-B8E9-4F1C-B45E-9C613D3D684E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7ADFACFA-AB38-409D-B8C7-B3A787F96037}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D8B388C3-96C8-44CA-8A87-B970F0213E4A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{A71BAF43-F83F-43F7-A24A-DBE66753BF07}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{53DEE5C0-D5DE-44CE-A68D-5CEEF0ACDD81}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{64103F82-0F91-42E0-900A-D72978480066}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{776CDEB6-899C-499C-9DB2-9B017838DB46}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"{5EA4CE18-0857-4E03-B097-8ED338074E73}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5E561ED2-77EE-41B1-A4ED-7BE1E0059A3D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8CCA36AE-3035-46AE-B563-483A3F7CF690}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3D0A899-DB50-494B-99AF-45BB9B2C225E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA435618-E773-4382-9064-7B6CB7979A6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A105F6A7-FBEE-4E1A-B985-B0D4C0DC65E0}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{B2C6FE81-8C59-48C2-AF35-483E36EAA124}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{6C87679A-03AB-434F-B20C-6721C7BB4504}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C5E8BDB2-A16B-4A4A-AFA2-AE4B9437DA1F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{0A34D861-FB47-4E2B-B1E2-6C03EC3946F0}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{5E0FACC4-372A-466A-B668-8CAEC6366654}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{AF1315C1-54CE-40F0-8EC1-765DDA010B08}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{66D2CCA9-D269-4760-91B4-DDEEB0C471FB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{27066455-3203-41AA-98C3-14B4C9FC1A55}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{A166BBA6-E9CC-4C57-B339-88E790BACBA4}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{3258A319-4FDC-4E05-B9DA-B2D0B7B7253E}c:\\users\\win\\desktop\\msnmsgr.exe"= UDP:c:\users\win\desktop\msnmsgr.exe:msnmsgr.exe
"UDP Query User{D350F84C-20A2-4596-82CB-A9B705E154E5}c:\\users\\win\\desktop\\msnmsgr.exe"= TCP:c:\users\win\desktop\msnmsgr.exe:msnmsgr.exe
"TCP Query User{767E7E51-2296-4403-8204-50960F094DD8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5AC27C3F-5C47-49C4-ACF2-96F867A9542A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1342318A-E2BA-4330-B046-90AEA14064E0}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{CEB800CE-F3F8-4480-BEAB-83B9810521EB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{6B5A92D8-D05D-4EBA-A395-384034A6993F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2762681F-3427-4377-B478-F324C1FD891E}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{960DCB8E-04C9-4F2A-88B3-5EF52F8586FF}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{431865B2-A6E1-4C7C-8C9C-EDEDD477A0E3}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{FD70D114-28F7-48F6-8F3E-5B279760187C}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{EEA27814-E62D-400A-8574-B1160D30FB9C}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{E9175E8D-286D-48B9-BC4E-4110C0D8F0B8}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1EAA5985-8E26-4FDF-B505-D1A749F6DF68}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2003-09-12 646784]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 aswSP;avast! Self Protection; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-04-28 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-10 603904]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-09 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-25 15:35]

2009-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-25 11:11]

2009-03-06 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-25 22:44]

2009-04-25 c:\windows\Tasks\elbyExecuteWithUAC.job
- c:\program files\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe [2008-06-27 19:26]

2009-03-09 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]

2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E1B7EB7E-D83D-4EF3-9428-508DCEDFC34D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 20:22
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-04-29 20.25.06
ComboFix-quarantined-files.txt 2009-04-29 18:25

Pre-Run: 43.127.619.584 byte disponibili
Post-Run: 43.066.392.576 byte disponibili

325 --- E O F --- 2009-04-28 14:47

è tutto apposto??

mi suggeriresti qual'è la combinazione per non prendere virus?? antivirus - firewall
grazie :)

Log di combofix aggiornato:

ComboFix 09-04-29.01 - win 30/04/2009 8.39.18.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.3002.1987 [GMT 2:00]
Eseguito da: c:\users\win\Desktop\ComboFix.exe
Opzioni usate :: c:\users\win\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
C:\kk.exe
C:\kkx.exe
C:\rocks.exe
.

((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-30 )))))))))))))))))))))))))))))))))))
.

2009-04-29 19:23 . 2009-04-29 19:23 -------- d-----w c:\users\Giada\AppData\Roaming\TuneUp Software
2009-04-29 12:26 . 2009-04-29 12:26 -------- d-----w c:\users\Giada\AppData\Roaming\PCToolsFirewallPlus
2009-04-29 12:26 . 2009-04-30 05:43 -------- d-----w c:\users\Giada\AppData\Roaming\Spyware Terminator
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\users\win\AppData\Roaming\Malwarebytes
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\programdata\Malwarebytes
2009-04-29 06:31 . 2009-04-29 06:31 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-29 06:15 . 2009-04-29 06:15 -------- d-----w c:\program files\Crawler
2009-04-28 11:51 . 2009-04-28 11:51 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-04-28 11:51 . 2009-04-29 18:08 -------- d-----w c:\users\win\AppData\Roaming\Spyware Terminator
2009-04-28 11:50 . 2009-04-29 13:02 -------- d-----w c:\programdata\Spyware Terminator
2009-04-28 11:50 . 2009-04-29 13:02 -------- d-----w c:\users\All Users\Spyware Terminator
2009-04-28 11:50 . 2009-04-28 15:29 -------- d-----w c:\program files\Spyware Terminator
2009-04-27 18:55 . 2009-04-27 18:56 -------- d-----w c:\users\win\AppData\Roaming\PCToolsFirewallPlus
2009-04-27 18:50 . 2008-09-22 10:29 97408 ----a-w c:\windows\system32\drivers\pctfw.sys
2009-04-27 18:50 . 2009-01-21 08:38 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-04-27 18:50 . 2009-04-28 19:17 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-04-27 18:49 . 2009-04-28 12:21 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-27 18:49 . 2009-04-28 12:21 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-27 18:47 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-27 18:47 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-27 18:47 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-27 18:46 . 2009-04-28 11:43 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-25 12:06 . 2009-04-25 12:06 18816 ----a-w c:\windows\system32\drivers\dvd43llh.sys
2009-04-25 12:06 . 2009-04-25 12:06 -------- d-----w c:\program files\dvd43
2009-04-25 12:00 . 2009-04-25 12:00 -------- d-----w c:\programdata\SlySoft
2009-04-25 12:00 . 2009-04-25 12:00 -------- d-----w c:\users\All Users\SlySoft
2009-04-25 11:57 . 2009-04-25 12:06 -------- d-----w c:\program files\SlySoft
2009-04-25 11:34 . 2009-04-25 11:34 -------- d-----w c:\program files\Elaborate Bytes
2009-04-25 09:17 . 2009-04-25 09:19 -------- d-----w c:\programdata\DVD Shrink
2009-04-25 09:17 . 2009-04-25 09:19 -------- d-----w c:\users\All Users\DVD Shrink
2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\program files\DVD Shrink
2009-04-23 17:41 . 2009-04-23 17:41 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-16 22:58 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 22:58 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 22:58 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 22:52 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 22:52 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 22:52 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 22:52 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\program files\Ferrero
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\programdata\Ferrero
2009-04-08 16:32 . 2009-04-08 16:32 -------- d-----w c:\users\All Users\Ferrero
2009-04-08 13:26 . 2009-04-08 13:26 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 06:34 . 2008-08-01 15:35 680208 ----a-w c:\windows\system32\perfh010.dat
2009-04-30 06:34 . 2008-08-01 15:35 126380 ----a-w c:\windows\system32\perfc010.dat
2009-04-28 14:45 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-28 14:45 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-28 14:45 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-28 14:36 . 2009-04-28 14:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-04-25 11:40 . 2008-12-29 13:20 -------- d-----w c:\program files\Common Files\Nero
2009-04-23 17:41 . 2009-01-14 19:46 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-23 17:31 . 2009-01-14 19:37 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-17 01:08 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 13:05 . 2009-02-20 10:46 -------- d-----w c:\program files\Pinnacle
2009-04-11 13:02 . 2008-08-01 06:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 13:02 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-04-11 12:15 . 2009-03-10 12:17 -------- d-----w c:\program files\Windows Live
2009-04-01 15:15 . 2009-03-10 12:32 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-26 19:40 . 2009-02-09 14:51 -------- d-----w c:\program files\free-downloads.net
2009-03-26 16:05 . 2009-02-05 18:07 -------- d-----w c:\program files\MegaLink
2009-03-21 22:08 . 2009-03-13 13:45 -------- d-----w c:\program files\Sweet Games
2009-03-21 22:08 . 2009-03-13 13:45 -------- d-----w c:\program files\Oberon Media
2009-03-21 01:18 . 2009-03-21 01:18 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-21 01:17 . 2009-03-10 12:18 -------- d-----w c:\program files\Microsoft
2009-03-17 03:38 . 2009-04-16 22:52 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-13 13:45 . 2009-03-13 13:45 -------- d-----w c:\program files\Common Files\Oberon Media
2009-03-10 12:17 . 2009-03-10 12:17 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-10 12:14 . 2009-03-10 12:14 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 13:07 . 2008-11-12 04:58 -------- d-----w c:\program files\CONEXANT
2009-03-08 14:09 . 2009-03-08 14:09 -------- d-----w c:\program files\digicom
2009-03-07 12:18 . 2009-03-07 12:18 0 ------w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-07 12:07 . 2009-03-07 12:07 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-07 12:07 . 2009-03-07 12:07 -------- d-----w c:\program files\DVDVideoSoft
2009-03-06 20:00 . 2009-03-06 20:00 -------- d-----w c:\program files\eMule AdunanzA
2009-03-06 12:15 . 2009-02-12 14:04 -------- d-----w c:\program files\Video Convert Master
2009-03-04 12:32 . 2009-03-04 12:32 -------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-03-03 19:53 . 2009-03-03 19:52 -------- d-----w c:\program files\mp3DirectCut
2009-03-03 19:45 . 2009-03-03 19:45 -------- d-----w c:\program files\Eazel-IT
2009-03-03 04:46 . 2009-04-16 22:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 22:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 22:59 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 22:59 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 22:59 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 22:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 22:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 22:59 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 22:59 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 22:59 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 22:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 22:59 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 22:59 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-02 18:50 . 2009-02-04 20:07 89 ----a-w c:\users\Franco\AppData\Local\icdys.bat
2009-02-27 12:36 . 2009-02-27 12:36 237568 ------w c:\windows\system32\rmc_rtspdl.dll
2009-02-27 12:36 . 2009-02-27 12:36 156672 ------w c:\windows\system32\rmc_fixasf.exe
2009-02-27 12:35 . 2009-02-27 12:35 323584 ------w c:\windows\system32\AUDIOGENIE2.DLL
2009-02-23 19:09 . 2009-02-23 19:09 680 ----a-w c:\users\win\AppData\Local\d3d9caps.dat
2009-02-21 10:30 . 2008-12-25 18:14 147280 ----a-w c:\users\Giada\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2008-12-25 16:52 147280 ----a-w c:\users\Franco\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-20 11:01 . 2008-12-12 15:11 147280 ----a-w c:\users\win\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\system32\ElbyCDIO.dll
2009-02-12 14:05 . 2009-02-12 14:05 81920 ----a-w c:\users\win\AppData\Roaming\ezpinst.exe
2009-02-12 14:05 . 2009-02-12 14:05 47360 ----a-w c:\users\win\AppData\Roaming\pcouffin.sys
2009-02-12 14:05 . 2009-02-12 14:05 47360 ------w c:\windows\system32\drivers\pcouffin.sys
2009-02-10 09:53 . 2009-02-10 09:53 603904 ------w c:\windows\system32\TUProgSt.exe
2009-02-10 09:53 . 2009-02-10 09:53 360192 ------w c:\windows\system32\TuneUpDefragService.exe
2009-02-09 03:10 . 2009-03-11 09:10 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 20:15 . 2009-01-14 20:13 138184 ------w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 20:14 . 2009-01-14 20:13 183112 ------w c:\windows\system32\PnkBstrB.exe
2009-02-06 17:52 . 2009-02-06 17:52 49504 ------w c:\windows\system32\sirenacm.dll
2009-02-06 15:03 . 2009-02-06 15:03 0 ----a-w c:\windows\nsreg.dat
2009-02-05 21:06 . 2008-12-12 16:36 51792 ------w c:\windows\system32\drivers\aswMonFlt.sys
2009-02-02 18:02 . 2009-02-02 18:02 680 ----a-w c:\users\Giada\AppData\Local\d3d9caps.dat
2009-01-31 13:28 . 2009-01-31 13:28 32 ----a-w c:\users\All Users\ezsid.dat
2009-01-31 13:28 . 2009-01-31 13:28 32 ----a-w c:\programdata\ezsid.dat
2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_18.23.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-04-30 06:29 58080 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-25 18:15 . 2009-04-30 05:44 10190 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2118804827-1726119250-1251687127-1003_UserData.bin
+ 2008-12-12 15:08 . 2009-04-30 06:29 13300 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2118804827-1726119250-1251687127-1000_UserData.bin
+ 2008-11-12 04:48 . 2009-04-30 06:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-12 04:48 . 2009-04-29 18:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-12 04:48 . 2009-04-29 18:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-12 04:48 . 2009-04-30 06:28 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-12 04:48 . 2009-04-30 06:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-12 04:48 . 2009-04-29 18:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-30 06:27 . 2009-04-30 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-29 18:06 . 2009-04-29 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-30 06:27 . 2009-04-30 06:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-29 18:06 . 2009-04-29 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:02 . 2009-04-30 06:29 141356 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-04-30 06:34 594776 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 18:13 594776 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 18:13 106596 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-30 06:34 106596 c:\windows\System32\perfc009.dat
+ 2009-04-29 19:16 . 2009-04-29 19:32 418304 c:\windows\Resources\Themes\Vectrum\Shell\NormalColor\shellstyle.dll
+ 2009-04-29 19:16 . 2009-04-29 19:32 418304 c:\windows\Resources\Themes\Tiberium\Shell\NormalColor\shellstyle.dll
+ 2009-04-29 19:16 . 2009-04-29 19:32 418304 c:\windows\Resources\Themes\RedEye Vista\Shell\NormalColor\shellstyle.dll
+ 2009-04-29 19:17 . 2009-04-29 19:17 418304 c:\windows\Resources\Themes\BlueEye Vista\Shell\NormalColor\shellstyle.dll
+ 2009-04-29 19:32 . 2009-04-29 19:32 2173440 c:\windows\Resources\Themes\Rose\Shell\NormalColor\shellstyle.dll
+ 2009-04-29 19:32 . 2009-04-29 19:32 1647104 c:\windows\Resources\Themes\Aero 4074 Remix\Shell\NormalColor\shellstyle.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-28 2176000]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2118804827-1726119250-1251687127-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{279A8A28-4017-4820-A17D-D862F0A951CB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{E19B1BB9-E744-4FA4-91D0-0350062C3BE7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB38B420-2EB1-47C8-AE57-20B52F5B1002}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B08C3A01-B8E9-4F1C-B45E-9C613D3D684E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7ADFACFA-AB38-409D-B8C7-B3A787F96037}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D8B388C3-96C8-44CA-8A87-B970F0213E4A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{A71BAF43-F83F-43F7-A24A-DBE66753BF07}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{53DEE5C0-D5DE-44CE-A68D-5CEEF0ACDD81}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{64103F82-0F91-42E0-900A-D72978480066}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{776CDEB6-899C-499C-9DB2-9B017838DB46}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"{5EA4CE18-0857-4E03-B097-8ED338074E73}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5E561ED2-77EE-41B1-A4ED-7BE1E0059A3D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8CCA36AE-3035-46AE-B563-483A3F7CF690}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3D0A899-DB50-494B-99AF-45BB9B2C225E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA435618-E773-4382-9064-7B6CB7979A6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A105F6A7-FBEE-4E1A-B985-B0D4C0DC65E0}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{B2C6FE81-8C59-48C2-AF35-483E36EAA124}c:\\users\\win\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\win\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{6C87679A-03AB-434F-B20C-6721C7BB4504}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C5E8BDB2-A16B-4A4A-AFA2-AE4B9437DA1F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{0A34D861-FB47-4E2B-B1E2-6C03EC3946F0}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{5E0FACC4-372A-466A-B668-8CAEC6366654}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"{AF1315C1-54CE-40F0-8EC1-765DDA010B08}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{66D2CCA9-D269-4760-91B4-DDEEB0C471FB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{27066455-3203-41AA-98C3-14B4C9FC1A55}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{A166BBA6-E9CC-4C57-B339-88E790BACBA4}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{3258A319-4FDC-4E05-B9DA-B2D0B7B7253E}c:\\users\\win\\desktop\\msnmsgr.exe"= UDP:c:\users\win\desktop\msnmsgr.exe:msnmsgr.exe
"UDP Query User{D350F84C-20A2-4596-82CB-A9B705E154E5}c:\\users\\win\\desktop\\msnmsgr.exe"= TCP:c:\users\win\desktop\msnmsgr.exe:msnmsgr.exe
"TCP Query User{767E7E51-2296-4403-8204-50960F094DD8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5AC27C3F-5C47-49C4-ACF2-96F867A9542A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1342318A-E2BA-4330-B046-90AEA14064E0}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{CEB800CE-F3F8-4480-BEAB-83B9810521EB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{6B5A92D8-D05D-4EBA-A395-384034A6993F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2762681F-3427-4377-B478-F324C1FD891E}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{960DCB8E-04C9-4F2A-88B3-5EF52F8586FF}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{431865B2-A6E1-4C7C-8C9C-EDEDD477A0E3}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{FD70D114-28F7-48F6-8F3E-5B279760187C}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= UDP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"UDP Query User{EEA27814-E62D-400A-8574-B1160D30FB9C}c:\\users\\giada\\desktop\\lanterna\\lantmirc.exe"= TCP:c:\users\giada\desktop\lanterna\lantmirc.exe:lantmirc.exe
"TCP Query User{E9175E8D-286D-48B9-BC4E-4110C0D8F0B8}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{1EAA5985-8E26-4FDF-B505-D1A749F6DF68}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2003-09-12 646784]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2009-01-21 95640]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 aswSP;avast! Self Protection; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2008-12-11 159600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-04-28 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-10 603904]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-09 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-25 15:35]

2009-03-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-25 11:11]

2009-03-06 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-25 22:44]

2009-04-25 c:\windows\Tasks\elbyExecuteWithUAC.job
- c:\program files\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe [2008-06-27 19:26]

2009-03-09 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:20]

2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E1B7EB7E-D83D-4EF3-9428-508DCEDFC34D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 08:45
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-04-30 8.47.57
ComboFix-quarantined-files.txt 2009-04-30 06:47

Pre-Run: 44.736.532.480 byte disponibili
Post-Run: 44.544.765.952 byte disponibili

337 --- E O F --- 2009-04-30 05:46

Per avira io cm antivirus mi trovo bene cn avast avira nun me piace intendevo il mio antivirus se andava bene la mia combinazione o se dovevo cambiare il firewall

scusa l intromissione,temo di aver letto in altri post che avast abbia la tendenza a distruggere pc tools firewall plus....mentre non dovrebbero esserci conflitti con agv 8.5

ok disabilitato la protezione di rete di avast grazie x il consiglio ciauz