ComboFix 11-01-15.01 - giancarlo 17/01/2011 0:21.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3839.2968 [GMT 1:00]
Eseguito da: c:\users\giancarlo\Downloads\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-12-16 al 2011-01-16 )))))))))))))))))))))))))))))))))))
.

2011-01-16 23:25 . 2011-01-16 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-16 17:10 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-16 17:01 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0033FFB-5C85-47AB-8D36-39D6A2D9E71A}\mpengine.dll
2011-01-15 15:25 . 2011-01-15 19:19 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-15 15:25 . 2011-01-15 15:25 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-15 15:22 . 2011-01-15 15:23 -------- d-----w- c:\programdata\Hitman Pro
2011-01-14 22:42 . 2011-01-14 22:42 388096 ----a-r- c:\users\giancarlo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-14 22:42 . 2011-01-14 22:42 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-12 08:02 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:02 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:02 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 08:02 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 07:44 . 2010-12-03 19:54 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-01-11 07:44 . 2010-12-03 19:54 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\programdata\TreeCardGames
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\program files (x86)\123 Free Solitaire
2011-01-09 20:01 . 2011-01-09 20:07 -------- d-----w- c:\program files (x86)\Plobb
2011-01-08 09:42 . 2011-01-08 09:42 -------- d-----w- c:\users\giancarlo\AppData\Local\Adobe
2011-01-08 09:36 . 2011-01-08 09:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-08 08:55 . 2011-01-08 08:55 -------- d-----w- c:\programdata\McAfee
2011-01-06 23:01 . 2011-01-06 23:25 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-03 21:13 . 2011-01-03 21:13 -------- d-----w- c:\users\giancarlo\dwhelper
2010-12-28 20:27 . 2010-12-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 -------- d-----w- c:\program files (x86)\Java
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Uniblue
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-27 10:06 . 2010-12-27 10:06 -------- d-----w- c:\users\giancarlo\AppData\Local\PackageAware
2010-12-24 18:45 . 2010-12-24 18:45 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-20 13:44 . 2010-12-20 13:44 -------- d-----w- c:\programdata\TomTom
2010-12-20 13:43 . 2010-12-20 13:43 -------- d-----w- c:\users\giancarlo\AppData\Roaming\TomTom
2010-12-20 13:43 . 2010-12-20 13:43 -------- d-----w- c:\users\giancarlo\AppData\Local\TomTom
2010-12-20 13:43 . 2010-12-20 13:43 -------- d-----w- c:\program files (x86)\TomTom International B.V
2010-12-20 13:43 . 2010-12-20 13:43 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2010-12-18 19:35 . 2010-12-18 19:35 -------- d-----w- c:\programdata\Acer
2010-12-18 19:35 . 2010-12-18 19:36 -------- d-----w- c:\users\giancarlo\AppData\Local\Acer
2010-12-18 19:35 . 2010-12-18 19:35 -------- d-----w- c:\users\giancarlo\AppData\Local\ADDP
2010-12-18 19:22 . 2010-06-26 05:31 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-12-18 19:22 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2010-12-18 19:19 . 2010-12-18 19:19 -------- d-----w- c:\program files (x86)\Feedback Tool
2010-12-18 19:08 . 2010-12-18 19:08 -------- d-----w- c:\windows\WindowsMobile
2010-12-18 17:26 . 2010-12-18 19:08 -------- d-----w- c:\program files\Acer
2010-12-18 17:26 . 2010-12-18 17:26 -------- d-----w- c:\program files\DIFX
2010-12-18 17:26 . 2010-12-18 17:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-12-18 17:26 . 2010-12-18 17:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-18 17:25 . 2010-12-18 17:25 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-18 17:25 . 2010-12-18 17:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-12-18 17:25 . 2009-08-14 16:09 120960 ----a-w- c:\windows\system32\drivers\qcusbser.sys
2010-12-18 15:02 . 2011-01-09 20:48 -------- d-----w- c:\users\giancarlo\AppData\Roaming\TreeCardGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 18:54 . 2010-12-08 14:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-24 18:46 . 2010-12-15 20:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 17:09 . 2010-12-04 13:15 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-04 13:15 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 14:29 . 2010-12-08 14:29 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-25 09:42 . 2010-12-02 23:54 179464 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2010-11-24 08:18 . 2010-12-02 23:54 119688 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2010-11-17 09:20 . 2010-12-02 23:55 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-11-17 09:20 . 2010-12-02 23:55 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-11-04 06:35 . 2010-12-15 22:00 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 22:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 22:00 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 22:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 22:00 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 22:00 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 21:50 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 21:50 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 21:50 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 21:50 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 21:50 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 21:50 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 21:50 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:50 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 21:50 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:50 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 12:28 . 2010-12-17 21:02 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-27 05:06 . 2010-12-15 22:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 22:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-15 21:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-15 21:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-15 21:49 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-15 21:50 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-15 21:50 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-19 09:41 . 2010-12-02 20:24 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-16_16.56.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-16 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-16 16:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-16 16:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-16 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-16 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-16 16:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 19:25 . 2011-01-16 20:06 47542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-16 20:06 42146 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-01 19:25 . 2011-01-16 20:06 10618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2698347344-3509447176-1861105731-1001_UserData.bin
- 2010-09-03 09:41 . 2011-01-13 02:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-03 09:41 . 2011-01-16 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-03 09:41 . 2011-01-13 02:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-03 09:41 . 2011-01-16 17:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-13 02:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-16 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:09 . 2011-01-16 20:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:09 . 2011-01-16 16:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-01-14 06:47 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-01-16 18:19 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-01 18:09 . 2011-01-16 20:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-01 18:09 . 2011-01-16 16:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-01 18:09 . 2011-01-16 20:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-01 18:09 . 2011-01-16 16:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:12 . 2011-01-16 20:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:12 . 2011-01-16 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:12 . 2011-01-16 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:12 . 2011-01-16 20:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-16 20:04 . 2011-01-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-16 16:07 . 2011-01-16 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-16 16:07 . 2011-01-16 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-16 20:04 . 2011-01-16 20:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-01 22:25 . 2011-01-16 23:14 341672 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-09-03 10:17 . 2011-01-16 16:14 698776 c:\windows\system32\perfh010.dat
+ 2010-09-03 10:17 . 2011-01-16 23:19 698776 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2011-01-16 16:14 616254 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-16 23:19 616254 c:\windows\system32\perfh009.dat
+ 2010-09-03 10:17 . 2011-01-16 23:19 127744 c:\windows\system32\perfc010.dat
- 2010-09-03 10:17 . 2011-01-16 16:14 127744 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2011-01-16 23:19 106376 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-01-16 16:14 106376 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-01-16 20:04 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-01-16 16:07 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-01-13 07:04 3798245 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-01-16 17:13 3798245 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-01-16 16:33 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-16 23:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2010-02-25 10:04 466944 ----a-w- c:\program files (x86)\WebPornoTV\adxloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 qcusbser;ACER USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-14 120960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
S2 AcerSyncServiceWinService;AcerSyncServiceWinService;c:\program files\Acer\AcerSync\AcerSyncService.exe [2010-04-14 205856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-01 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-01 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-01 186880]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
*Deregistered* - pctESPInject
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-03 09:47]

2011-01-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-15 22:36]

2011-01-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 23:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2009-11-25 11:47 444752 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCxdm924YYIT&ptb=P8DG.mNP1EJifUmQxFjPMw
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {9B7A7F8F-14D6-42B4-A371-65E8F51EC128} = 80.88.171.16,80.88.161.2
FF - ProfilePath - c:\users\giancarlo\AppData\Roaming\Mozilla\Firefox\Profiles\57mqs1hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Elf 1.13 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithProgids]
"=¯-_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\.* ¯*i%]
@Allowed: (Read) (RestrictedCode)
@="=¯-_auto_file"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\ ¯*i%_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-01-17 00:26:56
ComboFix-quarantined-files.txt 2011-01-16 23:26
ComboFix2.txt 2011-01-16 17:50
ComboFix3.txt 2011-01-16 16:58

Pre-Run: 234.202.587.136 byte disponibili
Post-Run: 234.155.257.856 byte disponibili

- - End Of File - - 86085CADF0E1AFA2738042F4B99AD32C
spero di avere fatto tutto giusto.dopo la scansione il pc si è riacceso ma il centro connessioni mi diceva impossibile connettersi ad internet dopo tanto tentativi ho reimpostato i valori di ip4 almeno 5/6 volte perchè non rimanevano inseriti.questa mattina accendo il pc e la solita password non era accettata spento e riacceso è andata.cosa può essere successo?

operazione eseguita.ti devo ripostare il log di combo o è sufficente l'operazione che ho appena terminato?
mille grazie R16.ciao

ComboFix 11-01-18.04 - giancarlo 19/01/2011 22:09:43.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3839.2730 [GMT 1:00]
Eseguito da: c:\users\giancarlo\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-12-19 al 2011-01-19 )))))))))))))))))))))))))))))))))))
.

2011-01-16 17:10 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-15 15:25 . 2011-01-15 19:19 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-15 15:25 . 2011-01-15 15:25 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-15 15:22 . 2011-01-15 15:23 -------- d-----w- c:\programdata\Hitman Pro
2011-01-14 22:42 . 2011-01-14 22:42 388096 ----a-r- c:\users\giancarlo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-14 22:42 . 2011-01-14 22:42 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-12 08:02 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:02 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:02 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 08:02 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 07:44 . 2010-12-03 19:54 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-01-11 07:44 . 2010-12-03 19:54 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\programdata\TreeCardGames
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\program files (x86)\123 Free Solitaire
2011-01-09 20:01 . 2011-01-09 20:07 -------- d-----w- c:\program files (x86)\Plobb
2011-01-08 09:42 . 2011-01-08 09:42 -------- d-----w- c:\users\giancarlo\AppData\Local\Adobe
2011-01-08 09:36 . 2011-01-08 09:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-08 08:55 . 2011-01-08 08:55 -------- d-----w- c:\programdata\McAfee
2011-01-06 23:01 . 2011-01-06 23:25 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-03 21:13 . 2011-01-03 21:13 -------- d-----w- c:\users\giancarlo\dwhelper
2010-12-28 20:27 . 2010-12-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 -------- d-----w- c:\program files (x86)\Java
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Uniblue
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-27 10:06 . 2010-12-27 10:06 -------- d-----w- c:\users\giancarlo\AppData\Local\PackageAware
2010-12-24 18:45 . 2010-12-24 18:45 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 18:54 . 2010-12-08 14:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-24 18:46 . 2010-12-15 20:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 17:09 . 2010-12-04 13:15 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-04 13:15 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 14:29 . 2010-12-08 14:29 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-25 09:42 . 2010-12-02 23:54 179464 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2010-11-24 08:18 . 2010-12-02 23:54 119688 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2010-11-17 09:20 . 2010-12-02 23:55 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-11-17 09:20 . 2010-12-02 23:55 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-11-04 06:35 . 2010-12-15 22:00 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 22:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 22:00 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 22:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 22:00 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 22:00 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 21:50 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 21:50 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 21:50 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 21:50 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 21:50 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 21:50 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 21:50 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:50 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 21:50 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:50 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 12:28 . 2010-12-17 21:02 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-27 05:06 . 2010-12-15 22:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 22:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-18_21.22.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-01-18 17:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-19 19:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-19 19:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-19 19:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 19:25 . 2011-01-19 19:38 48972 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-18 17:50 42322 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-19 19:38 42322 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-01 19:25 . 2011-01-19 19:38 11512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2698347344-3509447176-1861105731-1001_UserData.bin
+ 2010-12-01 18:09 . 2011-01-19 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:09 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:09 . 2011-01-18 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-01 18:09 . 2011-01-19 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-01 18:09 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:09 . 2011-01-19 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:12 . 2011-01-19 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:12 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-01 18:12 . 2011-01-19 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-01 18:12 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-18 17:48 . 2011-01-18 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-19 19:36 . 2011-01-19 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-18 17:48 . 2011-01-18 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-19 19:36 . 2011-01-19 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-01 22:25 . 2011-01-19 08:02 343274 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-09-03 10:17 . 2011-01-18 17:52 698776 c:\windows\system32\perfh010.dat
+ 2010-09-03 10:17 . 2011-01-19 19:41 698776 c:\windows\system32\perfh010.dat
+ 2009-07-14 02:36 . 2011-01-19 19:41 616254 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-18 17:52 616254 c:\windows\system32\perfh009.dat
- 2010-09-03 10:17 . 2011-01-18 17:52 127744 c:\windows\system32\perfc010.dat
+ 2010-09-03 10:17 . 2011-01-19 19:41 127744 c:\windows\system32\perfc010.dat
- 2009-07-14 02:36 . 2011-01-18 17:52 106376 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-19 19:41 106376 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-01-18 17:48 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-19 12:34 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-01-18 18:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-19 19:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2010-02-25 10:04 466944 ----a-w- c:\program files (x86)\WebPornoTV\adxloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 qcusbser;ACER USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-14 120960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
S2 AcerSyncServiceWinService;AcerSyncServiceWinService;c:\program files\Acer\AcerSync\AcerSyncService.exe [2010-04-14 205856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-01 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-01 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-01 186880]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - pctESPInject
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-03 09:47]

2011-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-15 22:36]

2011-01-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 23:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2009-11-25 11:47 444752 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCxdm924YYIT&ptb=P8DG.mNP1EJifUmQxFjPMw
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {9B7A7F8F-14D6-42B4-A371-65E8F51EC128} = 80.88.171.16,80.88.161.2
FF - ProfilePath - c:\users\giancarlo\AppData\Roaming\Mozilla\Firefox\Profiles\57mqs1hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithProgids]
"=¯-_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\.* ¯*i%]
@Allowed: (Read) (RestrictedCode)
@="=¯-_auto_file"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\ ¯*i%_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-01-19 22:15:23
ComboFix-quarantined-files.txt 2011-01-19 21:15
ComboFix2.txt 2011-01-18 21:23

Pre-Run: 233.980.145.664 byte disponibili
Post-Run: 233.928.794.112 byte disponibili

- - End Of File - - 7A65489ED4115C0AD9F3AFA031755A3D

ComboFix 11-01-19.01 - giancarlo 20/01/2011 0:18.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3839.2877 [GMT 1:00]
Eseguito da: c:\users\giancarlo\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-12-19 al 2011-01-19 )))))))))))))))))))))))))))))))))))
.

2011-01-16 17:10 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-15 15:25 . 2011-01-15 19:19 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-15 15:25 . 2011-01-15 15:25 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-01-15 15:22 . 2011-01-15 15:23 -------- d-----w- c:\programdata\Hitman Pro
2011-01-14 22:42 . 2011-01-14 22:42 388096 ----a-r- c:\users\giancarlo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-14 22:42 . 2011-01-14 22:42 -------- d-----w- c:\program files (x86)\Trend Micro
2011-01-12 08:02 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:02 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:02 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 08:02 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:02 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:02 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:02 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 07:44 . 2010-12-03 19:54 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-01-11 07:44 . 2010-12-03 19:54 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\programdata\TreeCardGames
2011-01-09 20:48 . 2011-01-09 20:48 -------- d-----w- c:\program files (x86)\123 Free Solitaire
2011-01-09 20:01 . 2011-01-09 20:07 -------- d-----w- c:\program files (x86)\Plobb
2011-01-08 09:42 . 2011-01-08 09:42 -------- d-----w- c:\users\giancarlo\AppData\Local\Adobe
2011-01-08 09:36 . 2011-01-08 09:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-08 08:55 . 2011-01-08 08:55 -------- d-----w- c:\programdata\McAfee
2011-01-06 23:01 . 2011-01-06 23:25 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-03 21:13 . 2011-01-03 21:13 -------- d-----w- c:\users\giancarlo\dwhelper
2010-12-28 20:27 . 2010-12-28 20:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-28 20:26 . 2010-12-28 20:26 -------- d-----w- c:\program files (x86)\Java
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\users\giancarlo\AppData\Roaming\Uniblue
2010-12-27 10:07 . 2010-12-27 10:07 -------- d-----w- c:\program files (x86)\Uniblue
2010-12-27 10:06 . 2010-12-27 10:06 -------- d-----w- c:\users\giancarlo\AppData\Local\PackageAware
2010-12-24 18:45 . 2010-12-24 18:45 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-25 18:54 . 2010-12-08 14:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-24 18:46 . 2010-12-15 20:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-12-20 17:09 . 2010-12-04 13:15 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-04 13:15 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 14:29 . 2010-12-08 14:29 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-25 09:42 . 2010-12-02 23:54 179464 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2010-11-24 08:18 . 2010-12-02 23:54 119688 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2010-11-17 09:20 . 2010-12-02 23:55 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-11-17 09:20 . 2010-12-02 23:55 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-11-04 06:35 . 2010-12-15 22:00 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 22:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 22:00 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 22:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 22:00 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 22:00 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 22:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 21:50 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 21:50 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 21:50 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 21:50 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 21:50 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 21:50 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 21:50 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:50 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 21:50 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:50 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 12:28 . 2010-12-17 21:02 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-27 05:06 . 2010-12-15 22:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 22:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-18_21.22.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-19 23:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-18 17:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-19 23:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-18 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-19 23:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 19:25 . 2011-01-19 23:17 49086 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-19 23:17 42338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-01 19:25 . 2011-01-19 23:17 11536 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2698347344-3509447176-1861105731-1001_UserData.bin
- 2010-12-01 18:09 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-01 18:09 . 2011-01-19 23:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-01 18:09 . 2011-01-19 23:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-01 18:09 . 2011-01-18 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-01 18:09 . 2011-01-19 23:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-01 18:09 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 18:12 . 2011-01-19 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 18:12 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-01 18:12 . 2011-01-19 23:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-01 18:12 . 2011-01-18 17:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-18 17:48 . 2011-01-18 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-19 23:16 . 2011-01-19 23:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-19 23:16 . 2011-01-19 23:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-18 17:48 . 2011-01-18 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-01 22:25 . 2011-01-19 08:02 343274 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-09-03 10:17 . 2011-01-19 23:20 698776 c:\windows\system32\perfh010.dat
- 2010-09-03 10:17 . 2011-01-18 17:52 698776 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2011-01-18 17:52 616254 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-19 23:20 616254 c:\windows\system32\perfh009.dat
- 2010-09-03 10:17 . 2011-01-18 17:52 127744 c:\windows\system32\perfc010.dat
+ 2010-09-03 10:17 . 2011-01-19 23:20 127744 c:\windows\system32\perfc010.dat
- 2009-07-14 02:36 . 2011-01-18 17:52 106376 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-19 23:20 106376 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-01-18 17:48 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-19 23:15 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-01-18 18:30 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-01-19 21:59 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2010-02-25 10:04 466944 ----a-w- c:\program files (x86)\WebPornoTV\adxloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 qcusbser;ACER USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-14 120960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-04-08 243744]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
S2 AcerSyncServiceWinService;AcerSyncServiceWinService;c:\program files\Acer\AcerSync\AcerSyncService.exe [2010-04-14 205856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-01 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-01 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-01 186880]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - pctESPInject
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-12-03 09:47]

2011-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-15 22:36]

2011-01-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 23:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b879dc47-7f5a-4973-a570-1e03a60c7c02}]
2009-11-25 11:47 444752 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCxdm924YYIT&ptb=P8DG.mNP1EJifUmQxFjPMw
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {9B7A7F8F-14D6-42B4-A371-65E8F51EC128} = 80.88.171.16,80.88.161.2
FF - ProfilePath - c:\users\giancarlo\AppData\Roaming\Mozilla\Firefox\Profiles\57mqs1hi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=it&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¯*i%\OpenWithProgids]
"=¯-_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\.* ¯*i%]
@Allowed: (Read) (RestrictedCode)
@="=¯-_auto_file"

[HKEY_USERS\S-1-5-21-2698347344-3509447176-1861105731-1001_Classes\ ¯*i%_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-01-20 00:24:59
ComboFix-quarantined-files.txt 2011-01-19 23:24
ComboFix2.txt 2011-01-19 21:15
ComboFix3.txt 2011-01-18 21:23

Pre-Run: 232.055.250.944 byte disponibili
Post-Run: 232.000.958.464 byte disponibili

- - End Of File - - 0065F5E9D6668FF494334916BE9CBEAA

grazie r16 ho fatto tutto come suggerito. il problema che avevo postato inizialmente il 12/01/11 nel forum vin 7 però rimane. continuo qui o riprendo dal forum win7?