Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

MEMORIA SU DISCO LOCALE (C:) Opzioni
jacopopisu
Inviato: Friday, March 12, 2010 7:09:21 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
OK grazie
r16
Inviato: Friday, March 12, 2010 7:43:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao jacopopisu .
Anche volendo, non si potrebbe levare le eventuali infezioni, in quanto, NON hai scaricato Combofix sul DESKTOP, come ti è stato indicato.
Per cui, devi disistallarlo così:

Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Poi lo devi riscaricare Combofix, (sul Desktop) fare la scansione, e ripostare il log.

@paolopa
Quando dai indicazioni, evidenzia e passaggi più importanti.
Esempio (ma non solo) devi mettere bene in evidenza, che il programma và scaricato sul desktop, che si deve disattivare l'antivirus, e chiudere la connessione.
Molti utenti, trascurano questi particolari importanti, oppure non ci fanno caso.
Ciao!Drool
paolopa
Inviato: Friday, March 12, 2010 8:30:26 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao r16,hai ragione....l avevo scritto ma evidentemente non è sufficente a volte...non disperare,vedrai che col tempo migliorero'....spero....forse...
non sono riuscito a trovare nulla sull infezione rilevata da mbam....ne sai qualcosa?
ciao e buona serata. :-)
jacopopisu
Inviato: Saturday, March 13, 2010 10:11:53 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
ComboFix 10-03-13.01 - Vista 13/03/2010 22.00.37.6.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3002.1762 [GMT 1:00]
Eseguito da: c:\users\Vista\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-02-13 al 2010-03-13 )))))))))))))))))))))))))))))))))))
.

2010-03-13 21:06 . 2010-03-13 21:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-13 21:06 . 2010-03-13 21:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 18:56 . 2010-03-12 19:38 150849 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-12 18:45 . 2010-03-12 18:45 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-12 18:45 . 2010-03-12 19:38 -------- d-----w- c:\program files\COMODO
2010-03-12 18:37 . 2010-03-12 18:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 18:37 . 2010-03-12 18:37 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 18:37 . 2010-03-12 18:37 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 18:37 . 2010-03-12 18:37 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 18:37 . 2010-03-13 15:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\program files\AVG
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\programdata\avg9
2010-03-12 17:01 . 2010-03-13 21:06 -------- d-----w- c:\users\Vista\AppData\Local\temp
2010-03-11 16:51 . 2010-03-11 16:51 -------- d-----w- c:\users\Vista\AppData\Roaming\Malwarebytes
2010-03-11 16:50 . 2010-03-12 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 16:50 . 2010-03-11 16:50 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 16:32 . 2010-03-10 19:06 -------- d-----w- c:\users\Vista\AppData\Local\CrashDumps
2010-03-04 17:27 . 2010-03-04 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\users\Vista\AppData\Local\Apple_Inc
2010-03-04 16:24 . 2010-03-04 16:24 -------- d-----w- c:\users\Public\CyberLink
2010-03-02 18:56 . 2010-03-02 18:56 -------- d-----w- c:\program files\Trend Micro
2010-02-24 15:24 . 2010-02-24 15:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-02-24 14:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:20 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:19 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:19 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:19 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:19 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:19 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:19 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 20:23 . 2010-02-24 15:24 -------- d--h--w- c:\users\Vista\AppData\Roaming\sys
2010-02-21 20:39 . 2010-02-21 20:39 -------- d-----w- c:\users\Vista\AppData\Roaming\java
2010-02-21 20:39 . 2010-02-21 20:39 45056 ---ha-w- c:\users\Vista\AppData\Roaming\java\msnmsgs.exe
2010-02-21 20:39 . 2010-02-21 20:40 45056 ----a-w- c:\users\Vista\AppData\Roaming\msnmsgs.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 20:34 . 2009-05-16 16:12 -------- d-----w- c:\users\Vista\AppData\Roaming\uTorrent
2010-03-13 20:31 . 2009-02-25 11:22 102816 ----a-w- c:\users\Vista\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 18:32 . 2009-05-29 18:21 -------- d-----w- c:\programdata\Norton
2010-03-12 18:27 . 2008-08-01 06:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:42 . 2008-08-01 06:27 -------- d-----w- c:\programdata\WildTangent
2010-03-11 18:13 . 2009-03-22 08:25 -------- d-----w- c:\programdata\Lx_cats
2010-03-11 15:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 19:53 . 2008-08-01 15:35 665702 ----a-w- c:\windows\system32\perfh010.dat
2010-03-10 19:53 . 2008-08-01 15:35 121302 ----a-w- c:\windows\system32\perfc010.dat
2010-03-10 19:05 . 2009-03-23 11:45 -------- d-----w- c:\program files\Sparta - La Battaglia delle Termopili
2010-03-06 18:04 . 2009-05-28 12:18 122 ----a-w- c:\users\Vista\AppData\Roaming\wklnhst.dat
2010-03-04 17:24 . 2009-02-25 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-04 17:17 . 2008-08-01 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 17:15 . 2008-08-01 07:17 -------- d-----w- c:\program files\Java
2010-03-04 17:08 . 2008-08-01 06:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-04 17:05 . 2008-08-01 06:59 -------- d-----w- c:\program files\CyberLink
2010-03-04 16:24 . 2009-03-23 11:09 -------- d-----w- c:\users\Vista\AppData\Roaming\CyberLink
2010-03-04 06:43 . 2008-08-01 07:08 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-02 15:51 . 2009-03-08 15:16 5972 ----a-w- c:\users\Vista\AppData\Local\d3d9caps.dat
2010-03-02 14:05 . 2009-05-29 18:20 -------- d-----w- c:\programdata\NortonInstaller
2010-02-24 15:24 . 2009-02-25 11:14 102816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 12:28 . 2010-03-06 11:23 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-09 20:58 . 2009-08-20 19:11 -------- d-----w- c:\program files\uTorrent
2010-02-08 21:00 . 2010-02-08 21:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-08 21:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-08 20:39 . 2010-02-08 20:39 -------- d-----w- c:\program files\Bonjour
2010-02-08 20:33 . 2008-08-01 06:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 19:34 . 2010-02-08 19:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft.NET
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-08 19:31 . 2010-02-08 19:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-08 19:22 . 2008-08-01 06:42 -------- d-----w- c:\program files\Microsoft Works
2010-02-08 18:29 . 2009-03-19 18:15 -------- d-----w- c:\program files\Google
2010-02-07 16:46 . 2010-02-07 16:46 123788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 16:46 . 2009-06-16 10:14 -------- d-----w- c:\users\Vista\AppData\Roaming\Apple Computer
2010-02-07 16:11 . 2010-02-07 16:10 -------- d-----w- c:\program files\iTunes
2010-02-07 16:10 . 2010-02-07 16:10 -------- d-----w- c:\program files\iPod
2010-02-07 16:10 . 2009-06-16 10:11 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:02 . 2010-02-07 16:02 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:51 . 2010-03-06 11:23 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-29 18:48 . 2010-01-29 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-24 20:22 . 2008-08-01 06:01 -------- d-----w- c:\programdata\Symantec
2010-01-22 14:13 . 2009-03-05 17:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-22 13:49 . 2009-03-05 16:55 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-20 14:26 . 2010-01-20 14:26 -------- d-----w- c:\program files\MSECache
2010-01-18 16:36 . 2010-01-18 16:34 -------- d-----w- c:\program files\Opera
2010-01-06 15:38 . 2010-02-24 14:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:53 . 2009-08-28 07:09 89 ----a-w- c:\users\Vista\AppData\Local\lredjwn.bat
2010-01-02 06:38 . 2010-01-22 06:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 06:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 06:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 16:14 . 2009-09-20 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-03-13_20.48.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-19 13:08 . 2009-06-19 13:08 59904 c:\windows\Installer\1759b59.msi
+ 2009-10-03 12:32 . 2009-10-03 12:32 22016 c:\windows\Installer\1370458.msi
+ 2009-10-03 12:31 . 2009-10-03 12:31 27136 c:\windows\Installer\1370423.msi
+ 2008-07-29 21:44 . 2008-07-29 21:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-31 03:25 . 2008-07-31 03:25 442880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ita\vs_setup.msi
+ 2009-03-20 09:48 . 2009-03-20 09:48 183808 c:\windows\Installer\fbdac.msp
+ 2008-08-01 06:31 . 2008-08-01 06:31 431104 c:\windows\Installer\e50a3.msi
+ 2009-02-12 11:00 . 2009-02-12 11:00 549888 c:\windows\Installer\d236cfe.msp
+ 2009-03-05 16:51 . 2009-03-05 16:51 140288 c:\windows\Installer\cc269.msi
+ 2009-03-05 16:51 . 2009-03-05 16:51 202752 c:\windows\Installer\cc263.msi
+ 2010-02-07 16:00 . 2010-02-07 16:00 796672 c:\windows\Installer\b66afb.msi
+ 2009-12-05 11:39 . 2009-12-05 11:39 323072 c:\windows\Installer\aca87e.msi
+ 2009-12-05 11:39 . 2009-12-05 11:39 188416 c:\windows\Installer\aca857.msi
+ 2009-11-25 12:09 . 2009-11-25 12:09 429568 c:\windows\Installer\98403.msi
+ 2009-09-20 09:08 . 2009-09-20 09:08 537600 c:\windows\Installer\8e1b85.msi
+ 2009-07-30 10:33 . 2009-07-30 10:33 248832 c:\windows\Installer\44223.msi
+ 2009-05-29 01:01 . 2009-05-29 01:01 432640 c:\windows\Installer\43b5f79.msi
+ 2008-12-13 07:58 . 2008-12-13 07:58 754688 c:\windows\Installer\3c53daf.msp
+ 2009-05-30 12:48 . 2009-05-30 12:48 648192 c:\windows\Installer\3c53da4.msi
+ 2010-02-08 20:34 . 2010-02-08 20:34 438784 c:\windows\Installer\2e4c51.msi
+ 2009-11-19 04:51 . 2009-11-19 04:51 849408 c:\windows\Installer\2cf5e0.msp
+ 2009-11-19 04:51 . 2009-11-19 04:51 856064 c:\windows\Installer\2cf5df.msp
+ 2010-02-08 19:32 . 2010-02-08 19:32 582144 c:\windows\Installer\29b40f6.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 582144 c:\windows\Installer\29b40e2.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 588288 c:\windows\Installer\29b40dc.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 599040 c:\windows\Installer\29b40d6.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 594432 c:\windows\Installer\29b40d0.msi
+ 2010-02-08 19:31 . 2010-02-08 19:31 582144 c:\windows\Installer\29b40b8.msi
+ 2009-10-25 18:11 . 2009-10-25 18:11 424448 c:\windows\Installer\27e4772.msi
+ 2008-08-01 07:11 . 2008-08-01 07:11 683008 c:\windows\Installer\23f3d4.msi
+ 2008-11-26 09:30 . 2008-11-26 09:30 369664 c:\windows\Installer\23ab5.msi
+ 2008-11-26 09:30 . 2008-11-26 09:30 370176 c:\windows\Installer\23aaf.msi
+ 2008-11-26 09:30 . 2008-11-26 09:30 371200 c:\windows\Installer\23aa9.msi
+ 2009-05-30 05:28 . 2009-05-30 05:28 753152 c:\windows\Installer\231d5ab.msi
+ 2010-03-04 17:16 . 2010-03-04 17:16 180224 c:\windows\Installer\22c8ee3.msi
+ 2009-08-26 14:55 . 2009-08-26 14:55 119296 c:\windows\Installer\1d75dfe.msi
+ 2009-06-19 13:09 . 2009-06-19 13:09 152576 c:\windows\Installer\1759bdd.msi
+ 2009-06-19 13:08 . 2009-06-19 13:08 107008 c:\windows\Installer\1759b4b.msi
+ 2009-06-19 13:08 . 2009-06-19 13:08 301056 c:\windows\Installer\1759b44.msi
+ 2009-10-03 12:32 . 2009-10-03 12:32 763904 c:\windows\Installer\1370482.msi
+ 2009-10-03 12:32 . 2009-10-03 12:32 430080 c:\windows\Installer\137044f.msi
+ 2009-10-03 12:31 . 2009-10-03 12:31 155648 c:\windows\Installer\1370432.msi
+ 2010-02-09 19:33 . 2010-02-09 19:33 836096 c:\windows\Installer\128ed05.msi
+ 2009-06-16 10:12 . 2009-06-16 10:12 1549312 c:\windows\Installer\feac36.msi
+ 2010-02-07 16:11 . 2010-02-07 16:11 4449280 c:\windows\Installer\b67540.msi
+ 2010-02-07 16:06 . 2010-02-07 16:06 9473024 c:\windows\Installer\b66da2.msi
+ 2010-02-07 15:58 . 2010-02-07 15:58 1679872 c:\windows\Installer\b66aeb.msi
+ 2010-03-10 13:49 . 2010-03-10 13:49 5527040 c:\windows\Installer\6c5429.msp
+ 2008-11-26 10:10 . 2008-11-26 10:10 1370112 c:\windows\Installer\513eb.msi
+ 2008-11-26 10:07 . 2008-11-26 10:07 5038592 c:\windows\Installer\513e7.msi
+ 2008-11-26 10:07 . 2008-11-26 10:07 1760768 c:\windows\Installer\513e3.msi
+ 2010-02-08 20:39 . 2010-02-08 20:39 1659392 c:\windows\Installer\2e4c56.msi
+ 2009-11-19 04:51 . 2009-11-19 04:51 1121280 c:\windows\Installer\2cf5de.msp
+ 2010-02-08 19:32 . 2010-02-08 19:32 1745408 c:\windows\Installer\29b4102.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 1742848 c:\windows\Installer\29b40fc.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 1744896 c:\windows\Installer\29b40f0.msi
+ 2010-02-08 19:32 . 2010-02-08 19:32 1732608 c:\windows\Installer\29b40e8.msi
+ 2010-02-08 19:31 . 2010-02-08 19:31 2043904 c:\windows\Installer\29b40ca.msi
+ 2010-02-08 19:31 . 2010-02-08 19:31 1733632 c:\windows\Installer\29b40c4.msi
+ 2010-02-08 19:31 . 2010-02-08 19:31 1732096 c:\windows\Installer\29b40be.msi
+ 2010-02-08 19:30 . 2010-02-08 19:30 2793472 c:\windows\Installer\29b40b2.msi
+ 2008-08-01 07:13 . 2008-08-01 07:13 1292800 c:\windows\Installer\23f418.msi
+ 2010-03-04 17:27 . 2010-03-04 17:27 3966464 c:\windows\Installer\22c9b61.msi
+ 2009-09-27 16:21 . 2009-09-27 16:21 3310592 c:\windows\Installer\1f36b5f.msi
+ 2008-08-01 07:17 . 2008-08-01 07:17 1902080 c:\windows\Installer\1ee2f.msi
+ 2008-08-01 07:17 . 2008-08-01 07:17 1440256 c:\windows\Installer\1ee2a.msi
+ 2009-09-27 16:07 . 2009-09-27 16:07 1825280 c:\windows\Installer\1e87750.msi
+ 2008-08-01 06:42 . 2008-08-01 06:42 8383488 c:\windows\Installer\17d3c6.msi
+ 2008-08-01 07:09 . 2007-01-19 11:21 16768512 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2010-02-08 19:37 . 2010-02-08 19:37 25497088 c:\windows\Installer\29b410f.msi
+ 2009-02-25 13:15 . 2009-02-25 13:15 16405504 c:\windows\Downloaded Installations\{F7B40667-AB77-4399-B806-55931DB2248F}\ACDSee 7.0 PowerPack.msi
+ 2008-08-01 07:12 . 2008-08-01 07:12 13168640 c:\windows\Downloaded Installations\{14DE2A3C-7324-4049-8D1B-0810C328113B}\HP Doc Viewer.msi
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-09 319280]
"Google Update"="c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-12 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,69,91,4b,5f,52,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1384446576-1961234908-3673197661-1000]
"EnableNotificationsRef"=dword:00000001

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000Core.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000UA.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-08 c:\windows\Tasks\HPCeeScheduleForVista.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 13:14]

2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{F233B6AA-D954-4DF7-9560-114012602893}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ActiveSetup-{1D1BADC6-EAC7-0CCD-03A7-EDF22BE6FCD8} - c:\users\Vista\AppData\Roaming\sys\winfinder.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 22:06
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP0000008EE0E28C3CE4DA3B9A 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-03-13 22:08:41
ComboFix-quarantined-files.txt 2010-03-13 21:08
ComboFix2.txt 2010-03-13 20:50

Pre-Run: 115.636.756.480 byte disponibili
Post-Run: 115.607.363.584 byte disponibili

- - End Of File - - 778050BA91FBA503F68BD0D5C105A67B
r16
Inviato: Saturday, March 13, 2010 11:00:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::
File::
c:\windows\TEMP\TMP0000008EE0E28C3CE4DA3B9A

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
paolopa
Inviato: Sunday, March 14, 2010 7:04:20 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
@r16:un informazione se non disturbo:il fatto che nella prima scansione con combo non siano stati trovati file nascosti e nella seconda si,dipende da dove era posizionato combo?oppura magari dal fatto che avendolo riscaricato era piu' aggiornato?
sto solo cercando di capire qualcosina in piu'....buona domenica e grazie.
jacopopisu
Inviato: Sunday, March 14, 2010 8:36:57 AM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
scusa r16,
ma quando trascino il file di testo su combofix devo disattivare la connessione e l'antivirus??
grazie
r16
Inviato: Sunday, March 14, 2010 9:10:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì.
jacopopisu
Inviato: Monday, March 15, 2010 8:31:26 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
ComboFix 10-03-14.06 - Vista 15/03/2010 20.14.59.7.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3002.1885 [GMT 1:00]
Eseguito da: c:\users\Vista\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Vista\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\TEMP\TMP0000008EE0E28C3CE4DA3B9A"
.

((((((((((((((((((((((((( Files Creati Da 2010-02-15 al 2010-03-15 )))))))))))))))))))))))))))))))))))
.

2010-03-15 19:20 . 2010-03-15 19:22 -------- d-----w- c:\users\Vista\AppData\Local\temp
2010-03-15 19:20 . 2010-03-15 19:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-15 19:20 . 2010-03-15 19:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 13:54 . 2010-03-14 14:10 -------- d-----w- c:\programdata\Solidshield
2010-03-14 13:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-03-14 13:28 . 2010-03-14 18:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-14 13:27 . 2010-03-14 13:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 13:27 . 2010-03-14 13:37 -------- d-----w- c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2010-03-14 13:27 . 2010-03-14 13:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-12 18:56 . 2010-03-12 19:38 150849 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-12 18:45 . 2010-03-12 18:45 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-12 18:45 . 2010-03-12 19:38 -------- d-----w- c:\program files\COMODO
2010-03-12 18:37 . 2010-03-12 18:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 18:37 . 2010-03-12 18:37 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 18:37 . 2010-03-12 18:37 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 18:37 . 2010-03-12 18:37 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 18:37 . 2010-03-15 14:37 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\program files\AVG
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\programdata\avg9
2010-03-11 16:51 . 2010-03-11 16:51 -------- d-----w- c:\users\Vista\AppData\Roaming\Malwarebytes
2010-03-11 16:50 . 2010-03-12 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 16:50 . 2010-03-11 16:50 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 16:32 . 2010-03-14 19:06 -------- d-----w- c:\users\Vista\AppData\Local\CrashDumps
2010-03-04 17:27 . 2010-03-04 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\users\Vista\AppData\Local\Apple_Inc
2010-03-04 16:24 . 2010-03-04 16:24 -------- d-----w- c:\users\Public\CyberLink
2010-03-02 18:56 . 2010-03-02 18:56 -------- d-----w- c:\program files\Trend Micro
2010-02-24 15:24 . 2010-02-24 15:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-02-24 14:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:20 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:19 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:19 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:19 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:19 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:19 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:19 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 20:23 . 2010-02-24 15:24 -------- d--h--w- c:\users\Vista\AppData\Roaming\sys
2010-02-21 20:39 . 2010-02-21 20:39 -------- d-----w- c:\users\Vista\AppData\Roaming\java
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 19:22 . 2009-05-16 16:12 -------- d-----w- c:\users\Vista\AppData\Roaming\uTorrent
2010-03-14 18:17 . 2009-03-23 11:45 -------- d-----w- c:\program files\Sparta - La Battaglia delle Termopili
2010-03-14 18:07 . 2008-08-01 15:35 665702 ----a-w- c:\windows\system32\perfh010.dat
2010-03-14 18:07 . 2008-08-01 15:35 121302 ----a-w- c:\windows\system32\perfc010.dat
2010-03-14 14:13 . 2008-08-01 06:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 20:31 . 2009-02-25 11:22 102816 ----a-w- c:\users\Vista\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 18:32 . 2009-05-29 18:21 -------- d-----w- c:\programdata\Norton
2010-03-12 18:27 . 2008-08-01 06:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:42 . 2008-08-01 06:27 -------- d-----w- c:\programdata\WildTangent
2010-03-11 18:13 . 2009-03-22 08:25 -------- d-----w- c:\programdata\Lx_cats
2010-03-11 15:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-06 18:04 . 2009-05-28 12:18 122 ----a-w- c:\users\Vista\AppData\Roaming\wklnhst.dat
2010-03-04 17:24 . 2009-02-25 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-04 17:17 . 2008-08-01 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 17:15 . 2008-08-01 07:17 -------- d-----w- c:\program files\Java
2010-03-04 17:05 . 2008-08-01 06:59 -------- d-----w- c:\program files\CyberLink
2010-03-04 16:24 . 2009-03-23 11:09 -------- d-----w- c:\users\Vista\AppData\Roaming\CyberLink
2010-03-04 06:43 . 2008-08-01 07:08 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-02 15:51 . 2009-03-08 15:16 5972 ----a-w- c:\users\Vista\AppData\Local\d3d9caps.dat
2010-03-02 14:05 . 2009-05-29 18:20 -------- d-----w- c:\programdata\NortonInstaller
2010-02-24 15:24 . 2009-02-25 11:14 102816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 12:28 . 2010-03-06 11:23 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-21 20:40 . 2010-02-21 20:39 45056 ----a-w- c:\users\Vista\AppData\Roaming\msnmsgs.exe
2010-02-21 20:40 . 2010-02-21 20:39 45056 ----a-w- c:\users\Vista\AppData\Roaming\msnmsgs.exe
2010-02-21 20:39 . 2010-02-21 20:39 45056 ---ha-w- c:\users\Vista\AppData\Roaming\java\msnmsgs.exe
2010-02-09 20:58 . 2009-08-20 19:11 -------- d-----w- c:\program files\uTorrent
2010-02-08 21:00 . 2010-02-08 21:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-08 21:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-08 20:39 . 2010-02-08 20:39 -------- d-----w- c:\program files\Bonjour
2010-02-08 20:33 . 2008-08-01 06:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 19:34 . 2010-02-08 19:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft.NET
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-08 19:31 . 2010-02-08 19:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-08 19:22 . 2008-08-01 06:42 -------- d-----w- c:\program files\Microsoft Works
2010-02-08 18:29 . 2009-03-19 18:15 -------- d-----w- c:\program files\Google
2010-02-07 16:46 . 2010-02-07 16:46 123788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 16:46 . 2009-06-16 10:14 -------- d-----w- c:\users\Vista\AppData\Roaming\Apple Computer
2010-02-07 16:11 . 2010-02-07 16:10 -------- d-----w- c:\program files\iTunes
2010-02-07 16:10 . 2010-02-07 16:10 -------- d-----w- c:\program files\iPod
2010-02-07 16:10 . 2009-06-16 10:11 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:02 . 2010-02-07 16:02 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:51 . 2010-03-06 11:23 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-29 18:48 . 2010-01-29 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-24 20:22 . 2008-08-01 06:01 -------- d-----w- c:\programdata\Symantec
2010-01-22 14:13 . 2009-03-05 17:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-22 13:49 . 2009-03-05 16:55 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-20 14:26 . 2010-01-20 14:26 -------- d-----w- c:\program files\MSECache
2010-01-18 16:36 . 2010-01-18 16:34 -------- d-----w- c:\program files\Opera
2010-01-06 15:38 . 2010-02-24 14:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:53 . 2009-08-28 07:09 89 ----a-w- c:\users\Vista\AppData\Local\lredjwn.bat
2010-01-02 06:38 . 2010-01-22 06:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 06:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 06:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 16:14 . 2009-09-20 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-09 319280]
"Google Update"="c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,69,91,4b,5f,52,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1384446576-1961234908-3673197661-1000]
"EnableNotificationsRef"=dword:00000001

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-14 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000Core.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000UA.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-08 c:\windows\Tasks\HPCeeScheduleForVista.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 13:14]

2010-03-15 c:\windows\Tasks\User_Feed_Synchronization-{F233B6AA-D954-4DF7-9560-114012602893}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 20:22
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Vista\AppData\Local\Temp\GURB7F8.tmp 0 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85CBC1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83516d24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x85cbc1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-15 20:29:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-15 19:29
ComboFix2.txt 2010-03-13 21:08
ComboFix3.txt 2010-03-13 20:50

Pre-Run: 114.960.007.168 byte disponibili
Post-Run: 115.112.235.008 byte disponibili

- - End Of File - - 422E7E6DBF5D16272C926E88DEA9E547
r16
Inviato: Tuesday, March 16, 2010 2:15:46 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\users\Vista\AppData\Local\Temp\GURB7F8.tmp


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
jacopopisu
Inviato: Tuesday, March 16, 2010 3:39:26 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
ComboFix 10-03-15.05 - Vista 16/03/2010 15.22.51.8.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3002.1999 [GMT 1:00]
Eseguito da: c:\users\Vista\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Vista\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino

FILE ::
"c:\users\Vista\AppData\Local\Temp\GURB7F8.tmp"
.

((((((((((((((((((((((((( Files Creati Da 2010-02-16 al 2010-03-16 )))))))))))))))))))))))))))))))))))
.

2010-03-16 14:29 . 2010-03-16 14:29 -------- d-----w- c:\users\Vista\AppData\Local\temp
2010-03-16 14:29 . 2010-03-16 14:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-16 14:29 . 2010-03-16 14:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 13:54 . 2010-03-14 14:10 -------- d-----w- c:\programdata\Solidshield
2010-03-14 13:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-03-14 13:28 . 2010-03-14 18:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-14 13:27 . 2010-03-14 13:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-14 13:27 . 2010-03-14 13:37 -------- d-----w- c:\users\Vista\AppData\Roaming\DAEMON Tools Lite
2010-03-14 13:27 . 2010-03-14 13:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-12 18:56 . 2010-03-12 19:38 150849 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-12 18:45 . 2010-03-12 18:45 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-12 18:45 . 2010-03-12 19:38 -------- d-----w- c:\program files\COMODO
2010-03-12 18:37 . 2010-03-12 18:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 18:37 . 2010-03-12 18:37 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 18:37 . 2010-03-12 18:37 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 18:37 . 2010-03-12 18:37 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 18:37 . 2010-03-16 14:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\program files\AVG
2010-03-12 18:37 . 2010-03-12 18:37 -------- d-----w- c:\programdata\avg9
2010-03-11 16:51 . 2010-03-11 16:51 -------- d-----w- c:\users\Vista\AppData\Roaming\Malwarebytes
2010-03-11 16:50 . 2010-03-12 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 16:50 . 2010-03-11 16:50 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 16:32 . 2010-03-14 19:06 -------- d-----w- c:\users\Vista\AppData\Local\CrashDumps
2010-03-04 17:27 . 2010-03-04 17:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\users\Vista\AppData\Local\Apple_Inc
2010-03-04 16:24 . 2010-03-04 16:24 -------- d-----w- c:\users\Public\CyberLink
2010-03-02 18:56 . 2010-03-02 18:56 -------- d-----w- c:\program files\Trend Micro
2010-02-24 15:24 . 2010-02-24 15:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-02-24 14:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:20 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:19 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:19 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:19 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:19 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:19 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:19 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 14:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 20:23 . 2010-02-24 15:24 -------- d--h--w- c:\users\Vista\AppData\Roaming\sys
2010-02-21 20:39 . 2010-02-21 20:39 -------- d-----w- c:\users\Vista\AppData\Roaming\java
2010-02-21 20:39 . 2010-02-21 20:39 45056 ---ha-w- c:\users\Vista\AppData\Roaming\java\msnmsgs.exe
2010-02-21 20:39 . 2010-02-21 20:40 45056 ----a-w- c:\users\Vista\AppData\Roaming\msnmsgs.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 14:21 . 2009-05-16 16:12 -------- d-----w- c:\users\Vista\AppData\Roaming\uTorrent
2010-03-14 18:17 . 2009-03-23 11:45 -------- d-----w- c:\program files\Sparta - La Battaglia delle Termopili
2010-03-14 18:07 . 2008-08-01 15:35 665702 ----a-w- c:\windows\system32\perfh010.dat
2010-03-14 18:07 . 2008-08-01 15:35 121302 ----a-w- c:\windows\system32\perfc010.dat
2010-03-14 14:13 . 2008-08-01 06:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 20:31 . 2009-02-25 11:22 102816 ----a-w- c:\users\Vista\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 18:32 . 2009-05-29 18:21 -------- d-----w- c:\programdata\Norton
2010-03-12 18:27 . 2008-08-01 06:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:42 . 2008-08-01 06:27 -------- d-----w- c:\programdata\WildTangent
2010-03-11 18:13 . 2009-03-22 08:25 -------- d-----w- c:\programdata\Lx_cats
2010-03-11 15:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-06 18:04 . 2009-05-28 12:18 122 ----a-w- c:\users\Vista\AppData\Roaming\wklnhst.dat
2010-03-04 17:24 . 2009-02-25 13:16 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-04 17:17 . 2008-08-01 07:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 17:15 . 2008-08-01 07:17 -------- d-----w- c:\program files\Java
2010-03-04 17:05 . 2008-08-01 06:59 -------- d-----w- c:\program files\CyberLink
2010-03-04 16:24 . 2009-03-23 11:09 -------- d-----w- c:\users\Vista\AppData\Roaming\CyberLink
2010-03-04 06:43 . 2008-08-01 07:08 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-02 15:51 . 2009-03-08 15:16 5972 ----a-w- c:\users\Vista\AppData\Local\d3d9caps.dat
2010-03-02 14:05 . 2009-05-29 18:20 -------- d-----w- c:\programdata\NortonInstaller
2010-02-24 15:24 . 2009-02-25 11:14 102816 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:57 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 12:28 . 2010-03-06 11:23 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-09 20:58 . 2009-08-20 19:11 -------- d-----w- c:\program files\uTorrent
2010-02-08 21:00 . 2010-02-08 21:00 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-08 21:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-08 21:00 . 2010-02-08 21:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-08 20:39 . 2010-02-08 20:39 -------- d-----w- c:\program files\Bonjour
2010-02-08 20:33 . 2008-08-01 06:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 19:34 . 2010-02-08 19:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft.NET
2010-02-08 19:33 . 2010-02-08 19:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-08 19:31 . 2010-02-08 19:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-08 19:22 . 2008-08-01 06:42 -------- d-----w- c:\program files\Microsoft Works
2010-02-08 18:29 . 2009-03-19 18:15 -------- d-----w- c:\program files\Google
2010-02-07 16:46 . 2010-02-07 16:46 123788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-07 16:46 . 2009-06-16 10:14 -------- d-----w- c:\users\Vista\AppData\Roaming\Apple Computer
2010-02-07 16:11 . 2010-02-07 16:10 -------- d-----w- c:\program files\iTunes
2010-02-07 16:10 . 2010-02-07 16:10 -------- d-----w- c:\program files\iPod
2010-02-07 16:10 . 2009-06-16 10:11 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 16:06 . 2010-02-07 16:06 -------- d-----w- c:\program files\QuickTime
2010-02-07 16:02 . 2010-02-07 16:02 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:51 . 2010-03-06 11:23 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-29 18:48 . 2010-01-29 18:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-24 20:22 . 2008-08-01 06:01 -------- d-----w- c:\programdata\Symantec
2010-01-22 14:13 . 2009-03-05 17:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-22 13:49 . 2009-03-05 16:55 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-20 14:26 . 2010-01-20 14:26 -------- d-----w- c:\program files\MSECache
2010-01-18 16:36 . 2010-01-18 16:34 -------- d-----w- c:\program files\Opera
2010-01-06 15:38 . 2010-02-24 14:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 10:53 . 2009-08-28 07:09 89 ----a-w- c:\users\Vista\AppData\Local\lredjwn.bat
2010-01-02 06:38 . 2010-01-22 06:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 06:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 06:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 06:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 16:14 . 2009-09-20 09:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-08-01 15:38 . 2008-08-01 15:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2010-03-13_21.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-14 13:46 . 2010-03-14 13:46 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80KOR.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80JPN.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ITA.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80FRA.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ESP.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHT.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80u.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 96256 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
+ 2010-03-14 13:51 . 2007-04-04 17:53 81768 c:\windows\System32\xinput1_3.dll
+ 2010-03-14 13:51 . 2006-07-28 08:30 62744 c:\windows\System32\xinput1_2.dll
+ 2010-03-14 13:51 . 2006-03-31 11:39 62672 c:\windows\System32\xinput1_1.dll
+ 2010-03-14 13:51 . 2009-03-16 13:18 69448 c:\windows\System32\XAPOFX1_3.dll
+ 2010-03-14 13:51 . 2008-10-15 06:03 70992 c:\windows\System32\XAPOFX1_2.dll
+ 2010-03-14 13:51 . 2008-07-30 05:20 68616 c:\windows\System32\XAPOFX1_1.dll
+ 2010-03-14 13:51 . 2008-05-30 13:17 65032 c:\windows\System32\XAPOFX1_0.dll
+ 2010-03-14 13:51 . 2009-03-16 13:18 22360 c:\windows\System32\X3DAudio1_6.dll
+ 2010-03-14 13:51 . 2008-10-15 06:03 23376 c:\windows\System32\X3DAudio1_5.dll
+ 2010-03-14 13:51 . 2008-05-30 13:17 25608 c:\windows\System32\X3DAudio1_4.dll
+ 2010-03-14 13:51 . 2008-03-05 15:00 25608 c:\windows\System32\X3DAudio1_3.dll
+ 2010-03-14 13:51 . 2007-10-22 02:37 17928 c:\windows\System32\X3DAudio1_2.dll
+ 2010-03-14 13:51 . 2007-03-05 11:42 15128 c:\windows\System32\x3daudio1_1.dll
+ 2010-03-14 13:51 . 2006-02-03 07:41 14032 c:\windows\System32\x3daudio1_0.dll
+ 2009-02-25 11:19 . 2010-03-16 14:20 10808 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1384446576-1961234908-3673197661-1000_UserData.bin
- 2008-11-26 09:25 . 2010-03-13 20:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-26 09:25 . 2010-03-15 19:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-26 09:25 . 2010-03-13 20:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-26 09:25 . 2010-03-15 19:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-31 17:05 . 2010-03-14 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-31 17:05 . 2010-03-11 14:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-31 17:05 . 2010-03-11 14:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-31 17:05 . 2010-03-14 15:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-31 17:05 . 2010-03-14 15:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-31 17:05 . 2010-03-11 14:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-16 12:50 . 2010-03-11 15:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 12:50 . 2010-03-14 14:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 12:50 . 2010-03-14 14:17 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 12:50 . 2010-03-11 15:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 12:50 . 2010-03-11 15:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-16 12:50 . 2010-03-14 14:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-14 13:51 . 2010-03-14 13:51 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-03-13 20:31 . 2010-03-13 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-16 14:18 . 2010-03-16 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-13 20:31 . 2010-03-13 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-16 14:18 . 2010-03-16 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-14 13:51 . 2009-03-16 13:18 517448 c:\windows\System32\XAudio2_4.dll
+ 2010-03-14 13:51 . 2008-10-15 06:03 514384 c:\windows\System32\XAudio2_3.dll
+ 2010-03-14 13:51 . 2008-07-30 05:20 509448 c:\windows\System32\XAudio2_2.dll
+ 2010-03-14 13:51 . 2008-05-30 13:19 507400 c:\windows\System32\XAudio2_1.dll
+ 2010-03-14 13:51 . 2008-03-05 15:03 479752 c:\windows\System32\XAudio2_0.dll
+ 2010-03-14 13:51 . 2009-03-16 13:18 235352 c:\windows\System32\xactengine3_4.dll
+ 2010-03-14 13:51 . 2008-10-15 06:03 235856 c:\windows\System32\xactengine3_3.dll
+ 2010-03-14 13:51 . 2008-07-30 05:20 238088 c:\windows\System32\xactengine3_2.dll
+ 2010-03-14 13:51 . 2008-05-30 13:18 238088 c:\windows\System32\xactengine3_1.dll
+ 2010-03-14 13:51 . 2008-03-05 15:03 238088 c:\windows\System32\xactengine3_0.dll
+ 2010-03-14 13:51 . 2007-07-19 23:57 267112 c:\windows\System32\xactengine2_9.dll
+ 2010-03-14 13:51 . 2007-06-20 19:46 266088 c:\windows\System32\xactengine2_8.dll
+ 2010-03-14 13:51 . 2007-04-04 17:55 261480 c:\windows\System32\xactengine2_7.dll
+ 2010-03-14 13:51 . 2007-01-24 14:27 255848 c:\windows\System32\xactengine2_6.dll
+ 2010-03-14 13:51 . 2006-12-08 11:02 251672 c:\windows\System32\xactengine2_5.dll
+ 2010-03-14 13:51 . 2006-09-28 15:05 237848 c:\windows\System32\xactengine2_4.dll
+ 2010-03-14 13:51 . 2006-07-28 08:30 236824 c:\windows\System32\xactengine2_3.dll
+ 2010-03-14 13:51 . 2006-05-31 06:24 230168 c:\windows\System32\xactengine2_2.dll
+ 2010-03-14 13:51 . 2007-10-22 02:39 267272 c:\windows\System32\xactengine2_10.dll
+ 2010-03-14 13:51 . 2006-03-31 11:39 229584 c:\windows\System32\xactengine2_1.dll
+ 2010-03-14 13:51 . 2006-02-03 07:42 230096 c:\windows\System32\xactengine2_0.dll
+ 2009-03-06 16:36 . 2010-03-16 14:11 318040 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-03-14 13:51 . 2009-03-09 14:27 453456 c:\windows\System32\d3dx10_41.dll
+ 2010-03-14 13:51 . 2008-10-15 05:22 452440 c:\windows\System32\d3dx10_40.dll
+ 2010-03-14 13:51 . 2008-07-10 10:01 467984 c:\windows\System32\d3dx10_39.dll
+ 2010-03-14 13:51 . 2008-05-30 13:11 467984 c:\windows\System32\d3dx10_38.dll
+ 2010-03-14 13:51 . 2008-02-05 22:07 462864 c:\windows\System32\d3dx10_37.dll
+ 2010-03-14 13:51 . 2007-10-02 08:56 444776 c:\windows\System32\d3dx10_36.dll
+ 2010-03-14 13:51 . 2007-07-19 17:14 444776 c:\windows\System32\d3dx10_35.dll
+ 2010-03-14 13:51 . 2007-05-16 15:45 443752 c:\windows\System32\d3dx10_34.dll
+ 2010-03-14 13:51 . 2007-03-15 15:57 443752 c:\windows\System32\d3dx10_33.dll
+ 2010-03-14 13:51 . 2006-11-29 12:06 440080 c:\windows\System32\d3dx10.dll
+ 2010-03-14 13:51 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 331264 c:\windows\Installer\1007a3.msi
- 2009-11-22 09:56 . 2009-11-22 09:56 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-22 09:56 . 2009-11-22 09:56 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
+ 2010-03-14 13:46 . 2010-03-14 13:46 1101824 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80.dll
+ 2010-03-14 13:51 . 2009-03-09 14:27 4178264 c:\windows\System32\D3DX9_41.dll
+ 2010-03-14 13:51 . 2008-10-15 05:22 4379984 c:\windows\System32\D3DX9_40.dll
+ 2010-03-14 13:51 . 2008-07-10 10:00 3851784 c:\windows\System32\D3DX9_39.dll
+ 2010-03-14 13:51 . 2008-05-30 13:11 3850760 c:\windows\System32\D3DX9_38.dll
+ 2010-03-14 13:51 . 2008-03-05 14:56 3786760 c:\windows\System32\D3DX9_37.dll
+ 2010-03-14 13:51 . 2007-10-12 14:14 3734536 c:\windows\System32\d3dx9_36.dll
+ 2010-03-14 13:51 . 2007-07-19 17:14 3727720 c:\windows\System32\d3dx9_35.dll
+ 2010-03-14 13:51 . 2007-05-16 15:45 3497832 c:\windows\System32\d3dx9_34.dll
+ 2010-03-14 13:51 . 2007-03-12 15:42 3495784 c:\windows\System32\d3dx9_33.dll
+ 2010-03-14 13:51 . 2006-11-29 12:06 3426072 c:\windows\System32\d3dx9_32.dll
+ 2010-03-14 13:51 . 2006-09-28 15:05 2414360 c:\windows\System32\d3dx9_31.dll
+ 2010-03-14 13:51 . 2006-03-31 11:40 2388176 c:\windows\System32\d3dx9_30.dll
+ 2010-03-14 13:51 . 2006-02-03 07:43 2332368 c:\windows\System32\d3dx9_29.dll
+ 2010-03-14 13:51 . 2005-12-05 17:09 2323664 c:\windows\System32\d3dx9_28.dll
+ 2010-03-14 13:49 . 2005-03-18 16:19 2337488 c:\windows\System32\d3dx9_25.dll
+ 2010-03-14 13:47 . 2005-02-05 18:45 2222800 c:\windows\System32\d3dx9_24.dll
+ 2010-03-14 13:51 . 2009-03-09 14:27 1846632 c:\windows\System32\D3DCompiler_41.dll
+ 2010-03-14 13:51 . 2008-10-15 05:22 2036576 c:\windows\System32\D3DCompiler_40.dll
+ 2010-03-14 13:51 . 2008-07-10 10:00 1493528 c:\windows\System32\D3DCompiler_39.dll
+ 2010-03-14 13:51 . 2008-05-30 13:11 1491992 c:\windows\System32\D3DCompiler_38.dll
+ 2010-03-14 13:51 . 2008-03-05 14:56 1420824 c:\windows\System32\D3DCompiler_37.dll
+ 2010-03-14 13:51 . 2007-10-12 14:14 1374232 c:\windows\System32\D3DCompiler_36.dll
+ 2010-03-14 13:51 . 2007-07-19 17:14 1358192 c:\windows\System32\D3DCompiler_35.dll
+ 2010-03-14 13:51 . 2007-05-16 15:45 1124720 c:\windows\System32\D3DCompiler_34.dll
+ 2010-03-14 13:51 . 2007-03-12 15:42 1123696 c:\windows\System32\D3DCompiler_33.dll
+ 2010-03-14 13:51 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-03-14 13:51 . 2010-03-14 13:51 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-06-03 19:42 . 2010-03-14 13:47 146602936 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-09 319280]
"Google Update"="c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c7,69,91,4b,5f,52,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1384446576-1961234908-3673197661-1000]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-14 691696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-03-12 242696]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-04-26 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000Core.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384446576-1961234908-3673197661-1000UA.job
- c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-12 16:04]

2010-03-08 c:\windows\Tasks\HPCeeScheduleForVista.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 13:14]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{F233B6AA-D954-4DF7-9560-114012602893}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 15:29
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-03-16 15:32:09
ComboFix-quarantined-files.txt 2010-03-16 14:32
ComboFix2.txt 2010-03-15 19:29
ComboFix3.txt 2010-03-13 21:08
ComboFix4.txt 2010-03-13 20:50

Pre-Run: 115.650.338.816 byte disponibili
Post-Run: 115.626.786.816 byte disponibili

- - End Of File - - 40BE31024CA27432AFF8252A32CF1A3B
r16
Inviato: Tuesday, March 16, 2010 3:41:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Riscontri problemi?
jacopopisu
Inviato: Tuesday, March 16, 2010 4:25:46 PM
Rank: AiutAmico

Iscritto dal : 3/2/2010
Posts: 38
per adesso non riscontro niente di anomalo
scusa ma per la protezione del mio PC basta AVG
o mi serve qualcos'altro?
Grazie mille
r16
Inviato: Tuesday, March 16, 2010 4:40:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per avere una protezione decente, io consiglio questi software:

Antivirus. (se ti trovi bene con AVG, tieni quello, ricorda solo, di tenerlo sempre aggiornato)

Malwarebytes. (aggiornarlo sempre prima di ogni scansione)

Superantispyware:
http://www.aiutamici.com/software?ID=11397
lo configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg

Firewall:
http://www.aiutamici.com/software?ID=80361

Messo così, hai una buona protezione di base.
Il resto dipende da te.
Ciao.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.