ciao e grazie d tutto. t pubblico il risultato d combofix
ComboFix 09-09-05.02 - Marianna 06/09/2009 11.54.50.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3322.2109 [GMT 2:00]
Eseguito da: c:\users\Marianna\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1948431211-3050332703-2278588361-1000
c:\$recycle.bin\S-1-5-21-3604261989-2896841484-46377786-500
c:\recycler\S-1-5-21-57989841-261903793-839522115-1003
c:\users\Administrator\AppData\Roaming\m
c:\users\Administrator\AppData\Roaming\m\data.oct
c:\users\Administrator\AppData\Roaming\m\list.oct
c:\users\Administrator\AppData\Roaming\m\shared\-usuarios.lycos.es-scratchupload].zip
c:\users\Administrator\AppData\Roaming\m\shared\007 Google PageRank Checker 1.zip
c:\users\Administrator\AppData\Roaming\m\shared\Acupressure Guide (Smartphone) 3.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Advanced CSV Converter 1.40.zip
c:\users\Administrator\AppData\Roaming\m\shared\Ali Landry 7 Screensaver 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Aoork DVD2MP4 Home 3.0.88 Build 218b.zip
c:\users\Administrator\AppData\Roaming\m\shared\ArcSoft Media Card Companion 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Atmosphere Lite 5.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\AutoSound 1.1.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\Avast.Professional.Edition.v4.6.603.Incl.Keygen-Acme.zip
c:\users\Administrator\AppData\Roaming\m\shared\AVG.ewido.anti.spyware.free.zip
c:\users\Administrator\AppData\Roaming\m\shared\AVI To WMV Converter 1.20 (Key+Serial).zip
c:\users\Administrator\AppData\Roaming\m\shared\BackUpFilesTool 1002.zip
c:\users\Administrator\AppData\Roaming\m\shared\BATE 1.0.0.30 (Cracked).zip
c:\users\Administrator\AppData\Roaming\m\shared\Beyond Remote 2.5.1.455.zip
c:\users\Administrator\AppData\Roaming\m\shared\Blood Pressure Tracker Plugin 2.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\bScreen 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Capture Text 2.4.zip
c:\users\Administrator\AppData\Roaming\m\shared\CD Autorun Creator 4.6 (Cracked).zip
c:\users\Administrator\AppData\Roaming\m\shared\Chinese Poker 1.0.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\CRM Logical Database Diagrams 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Cross-Database Comparator Pro 5.0 (Key+Serial).zip
c:\users\Administrator\AppData\Roaming\m\shared\CTI Data Connector 2.3 (Cracked).zip
c:\users\Administrator\AppData\Roaming\m\shared\Dark Files 4.0.1.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\Desktop Calendar Pro 1.5.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\Diablo II Screensaver 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Digital Photos Screensaver Maker 3.1.0.2 [Cracked].zip
c:\users\Administrator\AppData\Roaming\m\shared\DiskFinder 1.03.zip
c:\users\Administrator\AppData\Roaming\m\shared\Doom 3 Temple Maze map.zip
c:\users\Administrator\AppData\Roaming\m\shared\DrudgeSiren 0.2.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\DrWeb.v4.32.key.zip
c:\users\Administrator\AppData\Roaming\m\shared\DTgrafic Bus Stop 3 1.2.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\ebay Listing Database 1.0.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\eBay UK Search Gadget.zip
c:\users\Administrator\AppData\Roaming\m\shared\Eldoradio WebCam Radio 1.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\Emulator from IE7 to IE6 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\English to Hebrew Dictionary 5.7.zip
c:\users\Administrator\AppData\Roaming\m\shared\Eurora3D Graphical Engine 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Exchanger XML Editor 2.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\EZ Backup Excel Pro 6.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\EZ WMV TO MPEG Converter 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\FlashCharts v2.0 2.0 Key.zip
c:\users\Administrator\AppData\Roaming\m\shared\Flexible Cursor 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Football Pool 7.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Fugawi GPS Mapping Software 3.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\FutCalc - Futures Calculator 9.1 [Cracked].zip
c:\users\Administrator\AppData\Roaming\m\shared\HiClock Pro 3.19 (Patch).zip
c:\users\Administrator\AppData\Roaming\m\shared\High Def Picture Album 2007.zip
c:\users\Administrator\AppData\Roaming\m\shared\Iceland Toolbar for Firefox 1.5.0.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\IE Lock 1.07.zip
c:\users\Administrator\AppData\Roaming\m\shared\IM Lock Home Edition 2.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\Index Your Files - Home! 3.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\JukeANator Digital Jukebox 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\K's Castles Screensaver.zip
c:\users\Administrator\AppData\Roaming\m\shared\Kaspersky Anti-Virus Update - 15 May 2008.zip
c:\users\Administrator\AppData\Roaming\m\shared\Kaspersky.Firewall.1.7.130.zip
c:\users\Administrator\AppData\Roaming\m\shared\KidsWatch Time Control Standard 3.5 [KeyGen].zip
c:\users\Administrator\AppData\Roaming\m\shared\LangPad - Dutch Characters.zip
c:\users\Administrator\AppData\Roaming\m\shared\Least Squares Fit Routine 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\LED-Bar 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Limited Availability Employee Schedulers 1.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\LogSurveil 1.0.1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\MalwareSweeper Popup Sweeper 5.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\MassProMailer 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Max2k Clock 1.02.zip
c:\users\Administrator\AppData\Roaming\m\shared\MaxType PRO Typing Tutor 2.8.28.zip
c:\users\Administrator\AppData\Roaming\m\shared\McAfee.GroupShield.v6.0.for.Microsoft.Exchange.crack.zip
c:\users\Administrator\AppData\Roaming\m\shared\Merlin DataCompass 2.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Microsoft WorldWide Telescope 2.2.32.1 Autumnal Equinox Beta.zip
c:\users\Administrator\AppData\Roaming\m\shared\MoonDriver 2.3.7.zip
c:\users\Administrator\AppData\Roaming\m\shared\Mp3DJ 1.7.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\MPEG4 Direct Maker 6.2.0 Build 212.zip
c:\users\Administrator\AppData\Roaming\m\shared\Multiple File Find Replace Buddy 2.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\New Mail Plus 1.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\Night Flight Screeensaver 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Norton Internet Security 2008 Beta With Crack.zip
c:\users\Administrator\AppData\Roaming\m\shared\Online Functions - Exchange Rates 2.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\Optimism 2.6.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Oracle2Excel 2006.zip
c:\users\Administrator\AppData\Roaming\m\shared\Outlook Express Key 6.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\P2P Messenger 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\PassMark Sleeper 2.3 Build 1003.zip
c:\users\Administrator\AppData\Roaming\m\shared\PC on Flash 2.1 With Crack.zip
c:\users\Administrator\AppData\Roaming\m\shared\PDF Explorer 1.5.0.57 Key.zip
c:\users\Administrator\AppData\Roaming\m\shared\PDFDoc Scout library 1.11.zip
c:\users\Administrator\AppData\Roaming\m\shared\PhpFreeChat 1.0 beta6.zip
c:\users\Administrator\AppData\Roaming\m\shared\PianoFX STUDIO 4.0 (Patch).zip
c:\users\Administrator\AppData\Roaming\m\shared\PicoStick 0.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\Portable EF Talk Scriber 1.50.zip
c:\users\Administrator\AppData\Roaming\m\shared\PrintData 1.3g (Key+Serial).zip
c:\users\Administrator\AppData\Roaming\m\shared\PSP Shuffle 1.2.3031.31772.zip
c:\users\Administrator\AppData\Roaming\m\shared\Quick Internet Cleaner 2.74.zip
c:\users\Administrator\AppData\Roaming\m\shared\Range Software package 1.2.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\RB TimeTracker 4.4.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\REAL SQL Server 1.0 (KeyGen).zip
c:\users\Administrator\AppData\Roaming\m\shared\RegistryClear 2008.2131820.zip
c:\users\Administrator\AppData\Roaming\m\shared\RipBot264 1.11.5.zip
c:\users\Administrator\AppData\Roaming\m\shared\SciDAVis 0.1.3.zip
c:\users\Administrator\AppData\Roaming\m\shared\Sea Lion Screensaver 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\SEAL Guardian 1.3.zip
c:\users\Administrator\AppData\Roaming\m\shared\SidToName 2.00.00.zip
c:\users\Administrator\AppData\Roaming\m\shared\SipTar CDR CallShop online billing 20060910.zip
c:\users\Administrator\AppData\Roaming\m\shared\SnapByte Flash Studio ActiveX DLL 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\SoftCollection Video Capture Library For .NET 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Spanish PenReader 6.0.24.3425.zip
c:\users\Administrator\AppData\Roaming\m\shared\SpySubtract Pro 2.51.zip
c:\users\Administrator\AppData\Roaming\m\shared\Sudoku Game and Solver 1.8.zip
c:\users\Administrator\AppData\Roaming\m\shared\SyncEXP 1.91.zip
c:\users\Administrator\AppData\Roaming\m\shared\Tabbed Notepad 1.0.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\TAS-HMITalk ActiveX 8.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Tempjoes Easypress 5.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\Terra 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\The Laugh Gadget 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Theme Installer 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\Tinnitus Masker Pro 2.1.zip
c:\users\Administrator\AppData\Roaming\m\shared\ToggleDeskIcons 1.0.zip
c:\users\Administrator\AppData\Roaming\m\shared\TradeBolt 3.2.94.zip
c:\users\Administrator\AppData\Roaming\m\shared\TweakXP.com Tweaking Utility 1.6 build 4.9.zip
c:\users\Administrator\AppData\Roaming\m\shared\UnPacker 1.3.2.1856.zip
c:\users\Administrator\AppData\Roaming\m\shared\vielklang 1.0.2.zip
c:\users\Administrator\AppData\Roaming\m\shared\Visio Utilities 1.3.22.zip
c:\users\Administrator\AppData\Roaming\m\shared\Warcraft III - The Swamp City map.zip
c:\users\Administrator\AppData\Roaming\m\shared\WebAllow 3.01.zip
c:\users\Administrator\AppData\Roaming\m\shared\Webroot Pop Up Washer 2.5 Crack.zip
c:\users\Administrator\AppData\Roaming\m\shared\WinStock 1.19.0 [Patch].zip
c:\users\Administrator\AppData\Roaming\m\srvlist.oct
c:\users\Marianna\AppData\Local\zfamquye.dat
c:\users\Marianna\AppData\Local\zfamquye.exe
c:\users\Marianna\AppData\Local\zfamquye_nav.dat
c:\users\Marianna\AppData\Local\zfamquye_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-08-06 al 2009-09-06 )))))))))))))))))))))))))))))))))))
.

2009-09-06 10:00 . 2009-09-06 10:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-06 08:46 . 2009-09-06 08:46 -------- d-----w- c:\program files\Common Files\PCSuite
2009-09-06 08:45 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-06 08:44 . 2009-09-06 08:44 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-05 12:59 . 2009-09-05 12:59 -------- d-----w- c:\program files\AVG
2009-09-05 12:55 . 2009-09-05 13:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-05 12:55 . 2009-09-05 12:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-05 12:24 . 2009-09-05 12:24 -------- d-----w- c:\users\Marianna\AppData\Local\Packard Bell
2009-09-04 10:45 . 2009-09-04 10:45 -------- d-----w- c:\users\Marianna\AppData\Roaming\Symantec
2009-09-03 14:33 . 2009-09-03 14:33 680 ----a-w- c:\users\Marianna\AppData\Local\d3d9caps.dat
2009-09-03 14:16 . 2009-09-03 14:16 -------- d-----w- c:\program files\Trend Micro
2009-09-03 10:05 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 10:05 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-31 08:37 . 2009-08-31 08:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-29 01:06 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 09:57 . 2009-08-21 09:57 -------- d-----w- c:\users\Marianna\AppData\Roaming\DivX
2009-08-17 02:51 . 2009-08-17 02:51 680 ----a-w- c:\users\Administrator.PC-gionnyx\AppData\Local\d3d9caps.dat
2009-08-15 09:12 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-15 09:12 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-15 09:11 . 2009-08-15 09:11 -------- d-----w- c:\program files\iPod
2009-08-15 09:11 . 2009-08-15 09:12 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-15 09:11 . 2009-08-15 09:12 -------- d-----w- c:\program files\iTunes
2009-08-15 09:08 . 2009-08-15 09:09 -------- d-----w- c:\program files\QuickTime
2009-08-15 08:58 . 2009-08-15 08:58 -------- d-----w- c:\users\Administrator.PC-gionnyx\AppData\Roaming\DivX
2009-08-15 08:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 08:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 08:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 08:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 08:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 08:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 08:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 08:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-14 15:57 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-14 15:57 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-14 15:50 . 2009-08-14 15:50 -------- d-----w- c:\users\Administrator.PC-gionnyx\AppData\Roaming\Vodafone
2009-08-13 12:43 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 12:43 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 12:42 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 12:42 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 12:42 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 12:42 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 09:52 . 2008-10-18 22:29 671010 ----a-w- c:\windows\system32\perfh010.dat
2009-09-06 09:52 . 2008-10-18 22:29 123620 ----a-w- c:\windows\system32\perfc010.dat
2009-09-06 09:46 . 2009-07-29 19:10 94 ----a-w- c:\users\Marianna\AppData\Local\wmeukc.bat
2009-09-06 08:46 . 2009-02-28 18:25 -------- d-----w- c:\program files\Common Files\Nokia
2009-09-06 08:46 . 2009-02-28 18:20 -------- d-----w- c:\program files\Nokia
2009-09-05 20:44 . 2009-06-25 10:03 -------- d-----w- c:\users\Marianna\AppData\Roaming\Skype
2009-09-05 14:07 . 2009-06-25 10:04 -------- d-----w- c:\users\Marianna\AppData\Roaming\skypePM
2009-09-05 13:22 . 2009-04-02 16:33 -------- d-----w- c:\programdata\Installations
2009-09-05 12:35 . 2008-10-18 13:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-05 12:35 . 2009-07-03 19:57 -------- d-----w- c:\program files\Spyware Doctor
2009-09-05 12:31 . 2008-10-18 13:17 -------- d-----w- c:\program files\Symantec
2009-09-05 12:31 . 2008-10-18 13:17 -------- d-----w- c:\programdata\Symantec
2009-09-01 01:45 . 2009-09-01 01:45 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-31 08:37 . 2008-10-18 13:27 -------- d-----w- c:\programdata\Microsoft Help
2009-08-29 01:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-21 19:15 . 2009-03-21 09:57 -------- d-----w- c:\users\Administrator.PC-gionnyx\AppData\Roaming\skypePM
2009-08-17 13:55 . 2009-03-21 08:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-17 13:50 . 2009-03-21 09:56 -------- d-----w- c:\users\Administrator.PC-gionnyx\AppData\Roaming\Skype
2009-08-15 09:11 . 2009-02-21 11:00 -------- d-----w- c:\program files\Common Files\Apple
2009-08-15 09:04 . 2009-02-21 11:00 -------- d-----w- c:\programdata\Apple
2009-08-01 11:27 . 2009-08-01 11:27 -------- d-----w- c:\programdata\DVD Shrink
2009-07-18 16:06 . 2009-07-29 10:11 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 13:22 . 2009-07-18 13:22 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-18 13:20 . 2009-07-18 13:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 09:46 . 2009-07-29 10:11 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-09 10:16 . 2009-07-09 10:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-07-09 10:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-18 22:13 . 2009-05-03 14:59 90192 ----a-w- c:\users\Marianna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 19:22 . 2009-03-20 16:54 90192 ----a-w- c:\users\Administrator.PC-gionnyx\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 15:24 . 2009-07-15 12:16 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 12:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 12:16 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 12:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-18 22:23 . 2008-10-18 22:42 65536 --sha-w- c:\windows\OEM\mp\boot\bootstat.dat
2008-10-18 22:33 . 2008-10-18 22:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\users\Marianna\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"ASuite"="c:\users\Administrator.PC-gionnyx\Desktop\Lupo PenSuite v6.74 Full\Launcher\ASuite.exe" [2008-05-24 457728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8EEDFD61-07A0-4C8A-A268-CFCEE724D78B}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{96208090-418B-40F1-8954-D09A274E36F6}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{C39A53C3-CF98-4F65-963E-9BB8101FE28B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E76CA04-D274-4A75-836F-BDDE278B5B77}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E5B8DFE-EB59-4A4F-845F-828FD9BE5164}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D7151C5C-C21A-4F44-985A-AF5596AB5EBB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D3591F0-65A9-42E3-B3B0-6FAFF58BD2B4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5E430BE6-642F-4F5E-835B-E42CAD793970}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{050A8C25-1ECE-4D7A-B47A-C517356A8057}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2C4F55A2-B392-4E49-86C2-5DBE495AF10F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EAF2F837-1D20-43C0-8205-7A52D221B215}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{FFB05B56-74C4-4299-9413-901AADB4CCD0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"TCP Query User{8A69E91F-36B4-4D22-8D5E-D67C5F002968}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{4599495C-5036-4CB2-A8C7-712CD3AC2BD6}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"TCP Query User{B87DE77D-77B0-4C98-9351-1B0B93F36124}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{06D342F7-C083-49F9-8F90-F04A77914E04}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{0D3890C0-E67D-47CC-ABD3-9701E8A16B8E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{CA923C01-2932-47D7-BA74-A23FBC79228B}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"{DA8CAFA3-B2C7-4771-A514-1D5F1E83C892}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{6729C781-D061-4032-919C-0C0194159836}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{FF94E0E9-EA4A-42B1-8E03-6C0237DA4793}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{159C32DF-3F02-4372-AD45-71DEC9F400E1}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{8610E505-C7E3-4FA6-AA60-3879228C05B3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CE9AEC53-FFBE-4874-B999-9C31F882DF6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1CE2CEB1-E5DA-4028-AED5-3905EE96EAB8}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{8CC08906-A123-4156-8D14-935CB58B2E02}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"{201FC59A-8561-44C1-A23A-7563D5D737A9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{56DC0FB9-46FE-469F-8467-509FB1D6A5D3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{105FD679-4B3F-4AEC-8660-FC24383C3D97}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{95F95DDE-1ECF-48AB-9B42-0BE28FE42F0C}c:\\program files\\revconnect\\dcplusplus.exe"= UDP:c:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{23F617EC-873E-4A04-9642-33E16B9875F5}c:\\program files\\revconnect\\dcplusplus.exe"= TCP:c:\program files\revconnect\dcplusplus.exe:DC++
"TCP Query User{5BBD4B25-9B06-457C-8DD2-1FBE199D1605}c:\\program files\\revconnect\\dcplusplus.exe"= UDP:c:\program files\revconnect\dcplusplus.exe:DC++
"UDP Query User{B2AA49DF-BFC2-4A07-90AE-A0C6504F5101}c:\\program files\\revconnect\\dcplusplus.exe"= TCP:c:\program files\revconnect\dcplusplus.exe:DC++
"{26039AE9-1A0F-48D0-BA5E-BDD2A12716A3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1EFFFDC0-A1DD-44A6-9FF9-4B9F512CE726}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4BB8998A-3193-4FBD-B0A3-70874B7352E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B9A30870-CC90-4152-8500-4025F7E1C247}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{94F0DF7F-8766-4013-8CAA-FDE3C70DA36F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AC261BA2-41D5-4CB4-BF81-C44C8C8CEC30}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A5C91A4C-E4B0-4BAE-B213-6B2B2AF9EED7}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{161F2EAB-3A97-4A25-9824-09CAE0D95BD5}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\WINDEasyConnect\\SwiApiMux.exe"= c:\program files\WINDEasyConnect\SwiApiMux.exe:*:Enabled:SwiApiMux

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 12.52.18 14336]
R3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [19/10/2008 0.23.28 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [22/08/2008 9.03.40 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12/06/2008 3.28.56 43608]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [18/10/2008 15.05.07 13976]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [26/02/2007 15.03.56 2217416]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 0.45.04 124832]
S2 gupdate1c9f4b38af9b776;Servizio di Google Update (gupdate1c9f4b38af9b776);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 12.07.09 133104]
S3 GoogleDesktopManager-071508-051939;Google Desktop Manager 5.7.807.15159;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18/10/2008 15.33.48 24064]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - AvgLdx86
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-06 c:\windows\Tasks\Garanzia estesa-gionnyx.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-18 09:13]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:06]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:06]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948431211-3050332703-2278588361-1001Core.job
- c:\users\Marianna\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 00:54]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1948431211-3050332703-2278588361-1001UA.job
- c:\users\Marianna\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-02 00:54]

2009-09-06 c:\windows\Tasks\Recovery DVD Creator-gionnyx.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-10-18 09:13]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-zfamquye - c:\users\marianna\appdata\local\zfamquye.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.trovarapido.com/?t=Q0907291654&s=h
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {094DEB9F-21B2-4884-A241-403753CA7EA6} = 213.230.155.10 213.230.130.222
TCP: {794AF226-9F42-4FA9-8514-2963C0D8A5F4} = 192.168.1.100
FF - ProfilePath - c:\users\Marianna\AppData\Roaming\Mozilla\Firefox\Profiles\3auxmwvz.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Marianna\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Marianna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 12:00
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft Internet Mail Message WLMail"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft Internet Mail VCard WLMail"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-1948431211-3050332703-2278588361-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-09-06 12.02.38
ComboFix-quarantined-files.txt 2009-09-06 10:02

Pre-Run: 36.959.027.200 byte disponibili
Post-Run: 45.044.101.120 byte disponibili

512 --- E O F --- 2009-09-04 19:51

Naturalmente avrà usato un programma p2p. C'è una quindicina tra crack e keygen. Ma la volete capire che i crack sono tutti infetti?

---

Grazie Shapiro ora il pc non da noie! Quali programmi?