ciao! ecco il risultato della scansione con combofix:
ComboFix 09-02-26.02 - Marco 2009-02-27 8.58.53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3068.1958 [GMT 1:00]
Eseguito da: c:\users\Marco\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mmnw26e.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\w32apiw.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-01-27 al 2009-02-27 )))))))))))))))))))))))))))))))))))
.
2009-02-26 11:37 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-26 11:37 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-26 11:37 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-26 11:37 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-25 22:54 . 2009-02-25 22:54 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-25 22:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-25 20:25 . 2009-02-27 08:54 <DIR> d-------- c:\users\Marco\AppData\Roaming\OnlineArmor
2009-02-25 20:25 . 2009-02-25 20:25 <DIR> d-------- c:\users\All Users\OnlineArmor
2009-02-25 20:25 . 2009-02-25 20:25 <DIR> d-------- c:\programdata\OnlineArmor
2009-02-25 20:25 . 2009-02-25 20:25 <DIR> d----c--- c:\program files\Tall Emu
2009-02-25 20:25 . 2008-10-07 00:09 178,376 --a------ c:\windows\System32\drivers\OADriver.sys
2009-02-25 20:25 . 2008-10-07 00:09 30,920 --a------ c:\windows\System32\drivers\OAmon.sys
2009-02-25 20:25 . 2008-10-07 00:09 29,384 --a------ c:\windows\System32\drivers\OAnet.sys
2009-02-25 19:42 . 2009-02-25 19:42 <DIR> d-------- c:\users\Marco\AppData\Roaming\Uniblue
2009-02-25 18:45 . 2009-02-25 18:45 <DIR> d----c--- c:\program files\Trend Micro
2009-02-25 13:33 . 2009-02-25 13:33 <DIR> d----c--- c:\program files\Alwil Software
2009-02-25 13:33 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-25 12:21 . 2009-02-25 12:21 <DIR> d-------- c:\users\Marco\AppData\Roaming\Design Science
2009-02-25 12:17 . 2009-02-25 12:17 <DIR> d----c--- c:\program files\MathType
2009-02-24 20:36 . 2009-02-24 20:37 <DIR> d----c--- c:\program files\QuickTime
2009-02-24 20:27 . 2009-02-24 20:27 <DIR> d-------- c:\users\Marco\AppData\Roaming\Apple Computer
2009-02-24 20:26 . 2009-02-24 20:26 <DIR> d-------- c:\users\All Users\Apple Computer
2009-02-24 20:26 . 2009-02-24 20:26 <DIR> d-------- c:\programdata\Apple Computer
2009-02-24 20:26 . 2009-02-24 20:26 <DIR> d----c--- c:\program files\Bonjour
2009-02-24 20:25 . 2009-02-24 20:25 <DIR> d-------- c:\users\All Users\Apple
2009-02-24 20:25 . 2009-02-24 20:25 <DIR> d-------- c:\programdata\Apple
2009-02-24 20:25 . 2009-02-24 20:25 <DIR> d----c--- c:\program files\Apple Software Update
2009-02-18 20:15 . 2009-02-18 20:49 <DIR> d----c--- c:\program files\CdCoverCreator
2009-02-16 12:44 . 2004-03-28 20:40 84,480 --a------ c:\windows\System32\drivers\z10xmdm.sys
2009-02-16 12:44 . 2004-03-28 20:41 77,440 --a------ c:\windows\System32\drivers\z10xmgmt.sys
2009-02-16 12:44 . 2004-03-28 20:42 75,456 --a------ c:\windows\System32\drivers\z10xobex.sys
2009-02-16 12:44 . 2004-03-28 20:39 52,352 --a------ c:\windows\System32\drivers\z10xbus.sys
2009-02-16 12:44 . 2004-03-28 20:42 6,144 --a------ c:\windows\System32\drivers\z10xcmnt.sys
2009-02-16 12:44 . 2004-03-28 20:42 6,144 --a------ c:\windows\System32\drivers\z10xcm.sys
2009-02-16 12:44 . 2004-03-28 20:40 6,064 --a------ c:\windows\System32\drivers\z10xmdfl.sys
2009-02-16 12:44 . 2004-03-28 20:38 5,744 --a------ c:\windows\System32\drivers\z10xwhnt.sys
2009-02-16 12:44 . 2004-03-28 20:38 5,744 --a------ c:\windows\System32\drivers\z10xwh.sys
2009-02-15 15:43 . 2009-02-15 15:51 <DIR> d----c--- c:\program files\PhotoScape
2009-02-14 14:37 . 2009-02-25 23:05 <DIR> d-------- c:\users\Marco\AppData\Roaming\AIMP
2009-02-14 14:37 . 2009-02-24 15:49 <DIR> d----c--- c:\program files\AIMP2
2009-02-14 12:00 . 2009-02-14 12:00 <DIR> d----c--- c:\program files\AviSynth 2.5
2009-02-14 11:59 . 2009-02-14 11:59 <DIR> d----c--- c:\program files\Gabest
2009-02-14 11:59 . 2009-02-14 12:00 <DIR> d----c--- c:\program files\AutoGK
2009-02-14 09:54 . 2009-02-23 12:36 <DIR> d-------- c:\users\Marco\.dvdcss
2009-02-13 19:21 . 2009-02-13 19:36 <DIR> d-------- c:\users\Marco\AppData\Roaming\InfraRecorder
2009-02-12 15:08 . 2009-02-14 10:00 <DIR> d----c--- c:\program files\SimpleDivX
2009-02-12 15:02 . 2009-02-12 15:02 <DIR> d----c--- c:\program files\XviD
2009-02-11 19:27 . 2009-02-11 19:27 <DIR> d-------- c:\users\All Users\is-6FLUM
2009-02-11 19:27 . 2009-02-11 19:27 <DIR> d-------- c:\programdata\is-6FLUM
2009-02-11 19:26 . 2009-02-12 00:21 5,597,216 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-11 19:26 . 2009-02-12 00:21 67,712 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-11 17:57 . 2007-03-08 00:51 129,784 --------- c:\windows\System32\pxafs.dll
2009-02-10 20:27 . 2009-02-10 20:27 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-02-10 20:27 . 2009-02-10 20:27 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-02-10 20:26 . 2009-02-10 20:26 <DIR> d-------- c:\users\Marco\AppData\Roaming\SUPERAntiSpyware.com
2009-02-10 20:26 . 2009-02-26 12:10 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-02-10 20:25 . 2009-02-10 20:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-10 13:19 . 2009-02-10 13:19 250 --a------ c:\windows\gmer.ini
2009-02-10 13:08 . 2009-02-10 13:08 142,096 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-02-10 12:58 . 2009-02-10 12:58 <DIR> d-------- c:\users\Marco\Pavark
2009-02-09 18:43 . 2009-02-09 18:43 <DIR> d-------- c:\users\Marco\AppData\Roaming\Daoisoft
2009-02-09 18:00 . 2009-02-09 18:00 <DIR> d-------- c:\users\Marco\AppData\Roaming\nCleaner
2009-02-09 18:00 . 2009-02-09 18:00 <DIR> d----c--- c:\program files\NKProds
2009-02-08 16:49 . 2009-02-15 16:03 <DIR> d----c--- c:\program files\Defraggler
2009-02-08 15:08 . 2009-02-08 15:08 114 --a------ c:\windows\CerberusSecurityGuard.ini
2009-02-08 10:32 . 2009-02-08 10:32 <DIR> d-------- c:\users\Marco\AppData\Roaming\Malwarebytes
2009-02-08 10:32 . 2009-02-08 10:32 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-08 10:32 . 2009-02-08 10:32 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-08 10:32 . 2009-02-26 15:34 360 --a------ c:\windows\System32\BIN_STRSBW.SPT
2009-02-08 10:24 . 2009-02-26 14:31 <DIR> d-------- c:\users\Marco\AppData\Roaming\Spyware Terminator
2009-02-08 10:24 . 2009-02-17 15:34 <DIR> d-------- c:\users\All Users\Spyware Terminator
2009-02-08 10:24 . 2009-02-17 15:34 <DIR> d-------- c:\programdata\Spyware Terminator
2009-02-08 10:24 . 2009-02-25 12:15 <DIR> d----c--- c:\program files\Spyware Terminator
2009-02-08 10:24 . 2009-02-27 08:46 <DIR> d----c--- c:\program files\Crawler
2009-02-08 10:24 . 2009-02-08 10:24 142,592 --a--c--- c:\windows\System32\drivers\sp_rsdrv2.sys
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 13:48 . 2009-02-06 13:48 <DIR> d----c--- C:\OnlineArmor
2009-02-06 13:35 . 2009-02-06 14:42 <DIR> d-------- c:\users\Marco\AppData\Roaming\GlarySoft
2009-02-06 13:30 . 2009-02-26 16:30 <DIR> d----c--- c:\program files\Glary Utilities
2009-02-05 12:12 . 2009-02-09 10:32 <DIR> d-------- c:\windows\UltraDefrag
2009-02-05 11:59 . 2009-02-05 11:59 <DIR> d-------- c:\users\Marco\AppData\Roaming\Auslogics
2009-02-04 21:18 . 2009-02-04 21:18 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-03 14:57 . 2009-02-23 10:46 <DIR> d-------- c:\users\Marco\AppData\Roaming\avidemux
2009-02-03 14:57 . 2009-02-03 14:57 <DIR> d----c--- c:\program files\Avidemux 2.4
2009-02-03 09:33 . 2009-02-23 10:50 <DIR> d-------- c:\users\Marco\AppData\Roaming\gtk-2.0
2009-02-02 16:27 . 2009-02-03 13:50 262,144 --a------ c:\windows\System32\wrap_oal.dll
2009-02-02 16:27 . 2009-02-03 13:50 86,016 --a------ c:\windows\System32\OpenAL32.dll
2009-02-02 15:23 . 2009-02-02 15:23 <DIR> d-------- c:\users\Marco\.thumbnails
2009-02-02 13:33 . 2009-02-26 12:07 <DIR> d-------- c:\users\Marco\.gimp-2.6
2009-02-02 13:33 . 2009-02-02 13:33 <DIR> d-------- c:\users\Marco\.gegl-0.0
2009-02-02 13:30 . 2009-02-02 13:31 <DIR> d----c--- c:\program files\GIMP-2.0
2009-02-01 15:03 . 2009-01-29 11:47 20,632 --a------ c:\windows\System32\dopdfmn6.dll
2009-02-01 15:03 . 2009-01-29 11:47 18,072 --a------ c:\windows\System32\dopdfmi6.dll
2009-02-01 15:03 . 2008-10-13 15:23 7,533 --a------ c:\windows\System32\dopdf6.ctm
2009-02-01 15:02 . 2009-02-01 15:02 <DIR> d----c--- c:\program files\Softland
2009-01-31 17:17 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-31 17:17 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-31 17:17 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-31 17:17 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-31 17:17 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-31 17:17 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-31 17:17 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-31 17:17 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-31 17:11 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-31 17:11 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-31 17:11 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 17:10 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-31 17:10 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-28 21:21 . 2009-02-14 10:15 <DIR> d-------- c:\users\Marco\AppData\Roaming\ImgBurn
2009-01-28 21:21 . 2009-01-28 21:22 <DIR> d----c--- c:\program files\ImgBurn
2009-01-28 16:00 . 2009-02-06 14:39 <DIR> d-------- c:\users\Marco\AppData\Roaming\DVD Flick
2009-01-28 15:59 . 2009-01-28 15:59 <DIR> d----c--- c:\program files\DVD Flick
2009-01-28 15:59 . 1998-06-24 00:00 164,144 --a------ c:\windows\System32\comct232.ocx
2009-01-28 15:59 . 2003-01-26 13:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2009-01-28 15:59 . 2007-08-31 18:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2009-01-28 15:59 . 2008-08-31 13:27 28,672 --a------ c:\windows\System32\mousewheel.ocx
2009-01-28 15:46 . 2009-01-28 15:46 <DIR> d-------- c:\users\Marco\.thumb
2009-01-28 15:45 . 2009-01-28 15:45 <DIR> d----c--- c:\program files\DVDStyler
2009-01-28 15:19 . 2009-01-28 15:19 203,776 --a------ c:\windows\System32\clrviddc.dll
2009-01-28 11:39 . 2009-01-28 11:39 <DIR> d----c--- c:\program files\DemoForge
2009-01-28 11:36 . 2007-12-21 14:12 1,719,336 --a------ c:\users\All Users\YugmaSE-Uninstaller.exe
2009-01-28 11:36 . 2007-12-21 14:12 1,719,336 --a------ c:\programdata\YugmaSE-Uninstaller.exe
2009-01-27 14:01 . 2009-01-27 14:01 1,381,376 --a------ c:\windows\System32\vcl70.bpl
2009-01-27 14:01 . 2009-01-27 14:01 778,240 --a------ c:\windows\System32\rtl70.bpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 07:44 42,559 ----a-w c:\users\All Users\nvModes.dat
2009-02-27 07:44 42,559 ----a-w c:\programdata\nvModes.dat
2009-02-26 14:34 --------- dc----w c:\program files\CDBurnerXP
2009-02-26 13:42 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-26 13:14 --------- d-----w c:\programdata\Babylon
2009-02-26 11:06 --------- d-----w c:\users\Marco\AppData\Roaming\Skype
2009-02-26 11:05 --------- d-----w c:\users\Marco\AppData\Roaming\skypePM
2009-02-26 10:40 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 18:28 --------- d-----w c:\program files\PeerGuardian2
2009-02-23 11:33 --------- d-----w c:\users\Marco\AppData\Roaming\dvdcss
2009-02-23 11:08 --------- d---a-w c:\programdata\TEMP
2009-02-23 11:07 --------- d-----w c:\program files\SpywareBlaster
2009-02-23 09:50 --------- d-----w c:\users\Marco\AppData\Roaming\Audacity
2009-02-17 14:46 --------- d-----w c:\program files\EasyBits For Kids
2009-02-14 16:50 --------- d-----w c:\programdata\Lavasoft
2009-02-12 12:21 --------- dc----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-02-11 09:15 --------- d-----w c:\program files\Windows Mail
2009-02-11 09:12 --------- d-----w c:\program files\Google
2009-02-10 14:33 --------- dc----w c:\program files\a-squared Free
2009-02-10 12:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 14:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-04 22:57 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-04 20:18 --------- d-----w c:\programdata\Skype
2009-02-04 20:18 --------- d-----r c:\program files\Skype
2009-02-02 15:06 3,063,561 ----a-w c:\users\All Users\MobileTV.exe
2009-02-02 15:06 3,063,561 ----a-w c:\programdata\MobileTV.exe
2009-01-28 18:28 --------- d-----w c:\programdata\CyberLink
2009-01-28 18:28 --------- d-----w c:\program files\CyberLink
2009-01-28 18:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-25 21:10 179,200 ----a-w c:\windows\System32\xvidvfw.dll
2009-01-25 15:52 --------- d-----w c:\users\Marco\AppData\Roaming\progeSOFT
2009-01-25 15:40 --------- dc----w c:\program files\progeSOFT
2009-01-25 14:48 --------- dc----w c:\program files\A9Tech
2009-01-25 12:30 --------- d-----w c:\users\Marco\AppData\Roaming\RibbonSoft
2009-01-24 09:33 --------- dc----w c:\program files\Windows Live Safety Center
2009-01-23 10:42 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-19 21:43 --------- d-----w c:\users\Marco\AppData\Roaming\Qualcomm
2009-01-19 11:48 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-19 11:39 --------- d-----w c:\users\Marco\AppData\Roaming\AVS4YOU
2009-01-17 14:41 --------- d-----w c:\users\Marco\AppData\Roaming\vlc
2009-01-17 12:52 --------- d-----w c:\users\Marco\AppData\Roaming\IObit
2009-01-17 12:52 --------- d-----w c:\program files\IObit
2009-01-17 08:11 --------- dc----w c:\program files\Mozilla Thunderbird
2009-01-16 18:41 --------- d-----w c:\users\Marco\AppData\Roaming\Thunderbird
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-14 22:51 2,864,396 ----a-w c:\users\All Users\MPV.exe
2009-01-14 22:51 2,864,396 ----a-w c:\programdata\MPV.exe
2009-01-14 22:50 --------- d-----w c:\programdata\WildTangent
2009-01-14 22:40 2,989,660 ----a-w c:\users\All Users\DVD.exe
2009-01-14 22:40 2,989,660 ----a-w c:\programdata\DVD.exe
2009-01-14 22:40 2,331,174 ----a-w c:\users\All Users\Karaoke.exe
2009-01-14 22:40 2,331,174 ----a-w c:\programdata\Karaoke.exe
2009-01-14 22:40 2,231,606 ----a-w c:\users\All Users\Games.exe
2009-01-14 22:40 2,231,606 ----a-w c:\programdata\Games.exe
2009-01-14 22:40 --------- d-----w c:\programdata\ITA
2009-01-14 14:27 --------- dc----w c:\program files\Microsoft
2009-01-14 14:24 --------- dc----w c:\program files\Windows Live SkyDrive
2009-01-14 14:24 --------- d-----w c:\program files\Windows Live
2009-01-14 14:15 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-13 22:51 --------- d-----w c:\users\Marco\AppData\Roaming\Canneverbe_Limited
2009-01-13 19:59 --------- d-----w c:\programdata\AOL
2009-01-12 11:36 --------- d-----w c:\users\Marco\AppData\Roaming\FastStone
2009-01-11 15:51 --------- dc----w c:\program files\7-Zip
2009-01-10 13:21 114 ----a-w c:\users\Marco\AppData\Roaming\wklnhst.dat
2009-01-09 18:10 --------- dc----w c:\program files\Tacmi
2009-01-09 17:51 --------- d-----w c:\programdata\NortonInstaller
2009-01-09 17:49 --------- dc----w c:\program files\PhotoFiltre
2009-01-08 23:01 629,760 ----a-w c:\windows\System32\xvidcore.dll
2009-01-06 10:37 --------- dc----w c:\program files\OO Software
2009-01-06 09:23 --------- d-----w c:\programdata\WLInstaller
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2009-01-05 13:16 --------- d-----w c:\program files\IDT
2009-01-02 20:36 --------- d-----w c:\programdata\NOS
2009-01-02 20:10 --------- d-----w c:\users\Marco\AppData\Roaming\Software Informer
2008-12-31 11:00 --------- d-----w c:\program files\TI Education
2008-12-29 12:52 --------- d-----w c:\users\Marco\AppData\Roaming\Babylon
2008-12-29 11:45 --------- d-----w c:\users\Marco\AppData\Roaming\Autodesk
2008-12-28 15:21 --------- d-----w c:\programdata\eMule
2008-12-28 15:21 --------- d-----w c:\program files\eMule
2008-12-28 13:22 32,744,421 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_28_14_12_29_full.dmp.zip
2008-12-28 11:48 --------- d-----w c:\programdata\CheckPoint
2008-12-28 11:37 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-28 10:55 --------- d-----w c:\programdata\Microsoft Help
2008-12-28 10:40 --------- d-----w c:\program files\MSBuild
2008-12-28 10:40 --------- d-----w c:\program files\Microsoft Works
2008-12-28 10:38 --------- d-----w c:\program files\Microsoft.NET
2008-12-28 10:35 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-28 09:47 --------- d-----w c:\program files\CCleaner
2008-12-21 21:46 351,744 ----a-w c:\windows\System32\avisynth.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-05 04:32 428,544 ----a-w c:\windows\System32\EncDec.dll
2008-12-05 04:32 293,376 ----a-w c:\windows\System32\psisdecd.dll
2008-12-03 19:23 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-02-08 2267136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6216192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\
0?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BB642A42-A2B9-4F6A-BC56-22B151318D1D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{79C727BF-3399-4183-893F-DDBC5CB129F1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{924CEBC5-39E1-4319-941F-8A3E89B36E07}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E1EC9654-9EEE-40E4-91BB-51F9019B2097}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{763A801C-7045-4156-90FE-65D858C0955D}"= UDP:c:\program files\eMule\emule.exe:eMule
"{8104747E-63F6-4E92-A4CD-7BE5D984E467}"= TCP:c:\program files\eMule\emule.exe:eMule
"{FA7E10F1-B4D6-4A0C-9566-7CAD9602E374}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DC9E7DF2-6453-4080-A916-0C2F93E1D2F1}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{321CE392-CE67-4B0B-9631-CD760CDC3B02}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{770B3A8E-BFF1-4C3C-A9F5-FBC583FBC685}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D689D3EF-CED1-40EA-9C01-8543D991667A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{865694B8-1A98-4E0A-9048-AABB0BC8FF12}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{AB023E61-D0DC-41AE-825F-C1416A00FFCA}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{FFEFC95A-DC04-4193-8004-908B037F454B}"= UDP:c:\users\Marco\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{4356E205-1553-4A3B-A4A5-E903CC9F7645}"= TCP:c:\users\Marco\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{E3D82DAC-E201-44BD-B69D-EC9229257FD5}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5B91F60D-8335-45C4-B46F-A8D157D3A99D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{1E3EBDD1-CF40-4D42-B750-F22BB17EDAE2}c:\\flashcad\\flashcad.exe"= UDP:c:\flashcad\flashcad.exe:FlashCAD.exe
"UDP Query User{FEB80706-1932-4533-9F3D-5F1A55BBB675}c:\\flashcad\\flashcad.exe"= TCP:c:\flashcad\flashcad.exe:FlashCAD.exe
"{4FFCEAA4-2F09-4C9A-A079-5A453AFFB08A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{704A821A-D97A-434A-B86A-97C5B1D997ED}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-23 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-25 114768]
R1 OADevice;OADriver;c:\windows\System32\drivers\OADriver.sys [2009-02-25 178376]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [2009-02-25 30920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2009-02-08 142592]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2009/01/14 23:39:28];c:\program files\HP\QuickPlay\
000.fcl [2009-01-14 23:38:02 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-11-16 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-25 51792]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-18 24880]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2009-02-25 1402568]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-18 341328]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [2008-11-16 280192]
R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [2005-11-25 31896]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [2009-02-25 29384]
S2 gupdate1c9864b413563e8;Google Update Service (gupdate1c9864b413563e8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-02-25 3314688]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-18 193840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 z10xbus;Sony Ericsson driver (WDM);c:\windows\System32\drivers\z10xbus.sys [2009-02-16 52352]
S3 z10xmdfl;Sony Ericsson USB WMC Modem Filter;c:\windows\System32\drivers\z10xmdfl.sys [2009-02-16 6064]
S3 z10xmdm;Sony Ericsson USB WMC Modem Driver;c:\windows\System32\drivers\z10xmdm.sys [2009-02-16 84480]
S3 z10xmgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\z10xmgmt.sys [2009-02-16 77440]
S3 z10xobex;Sony Ericsson USB WMC OBEX Interface;c:\windows\System32\drivers\z10xobex.sys [2009-02-16 75456]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bea60355-f132-11dd-83ad-00238b0be2c4}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-02-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 17:10]
2009-02-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 23:03]
2009-02-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]
2009-02-24 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-02-23 15:40]
2009-02-27 c:\windows\Tasks\User_Feed_Synchronization-{C7567DEF-B536-480F-834C-694CA522B75E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\vkzzoy02.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1055551&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw=
1 file spostato/i.
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-27 09:01:03
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-02-27 9.02.38
ComboFix-quarantined-files.txt 2009-02-27 08:02:35
Pre-Run: 138.850.123.776 byte disponibili
Post-Run: 138,838,228,992 byte disponibili
406 --- E O F --- 2009-02-27 07:51:02