ComboFix 11-04-17.03 - Administrator 18.04.2011  21:48:27.9.2 - x86
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!


(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Dati applicazioni\mazuki.dll
C:\WINDOWS\system32\Ijl11.dll


\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

(((((((((((((((((((((((((   Files Creati Da 2011-03-18 al 2011-04-18  )))))))))))))))))))))))))))))))))))


2011-04-18 18:33:18 . 2011-04-18 18:33:41    --------    d-----w-    C:\Documents and Settings\UpdatusUser
2011-04-18 18:33:17 . 2011-04-18 18:33:17    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2011-04-18 18:14:54 . 2011-04-08 05:14:00    944232    ----a-w-    C:\WINDOWS\system32\nvdispco3220140.dll
2011-04-18 18:14:54 . 2011-04-08 05:14:00    855656    ----a-w-    C:\WINDOWS\system32\nvgenco322060.dll
2011-04-18 18:14:02 . 2011-04-08 05:14:00    4111232    ----a-w-    C:\WINDOWS\system32\SET327.tmp
2011-04-18 18:14:02 . 2011-04-08 05:14:00    2027008    ----a-w-    C:\WINDOWS\system32\SET32B.tmp
2011-04-18 11:35:27 . 2011-04-18 11:35:27    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\NVIDIA
2011-04-18 11:28:15 . 2011-04-18 11:28:15    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-18 11:28:01 . 2011-04-18 11:37:49    --------    d--h--w-    C:\Documents and Settings\All Users\Dati applicazioni\ArcSoft
2011-04-18 11:24:51 . 2011-04-18 13:53:18    --------    d-----w-    C:\Programmi\ArcSoft
2011-04-18 11:24:51 . 2011-04-18 13:50:15    --------    d-----w-    C:\Programmi\File comuni\ArcSoft
2011-04-18 11:23:21 . 2011-04-18 11:47:38    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\ArcSoft
2011-04-16 17:35:32 . 2011-04-16 17:35:32    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\Elephant Games
2011-04-16 17:35:32 . 2011-04-16 17:35:32    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Elephant Games
2011-04-14 23:21:08 . 2011-04-14 23:21:08    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\SunRay Games
2011-04-13 20:42:04 . 2011-04-13 20:42:04    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2011-04-13 20:41:17 . 2011-04-13 20:41:17    --------    d-----w-    C:\Programmi\Yuna Software
2011-04-13 20:34:07 . 2011-04-13 20:34:07    --------    d-----w-    C:\Programmi\Secway
2011-04-13 20:24:39 . 2011-04-13 20:24:39    --------    d-----w-    C:\Programmi\Microsoft
2011-04-13 20:24:10 . 2011-04-13 20:24:34    --------    d-----w-    C:\Programmi\Windows Live
2011-04-13 16:52:08 . 2011-04-17 13:08:45    --------    d-----w-    C:\Documents and Settings\Administrator\Tracing
2011-04-12 23:24:26 . 2011-04-12 23:24:26    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Axialis
2011-04-12 23:24:20 . 2011-04-13 00:02:16    --------    d-----w-    C:\Programmi\Axialis
2011-04-12 23:24:10 . 2011-04-13 00:02:09    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Axialis
2011-04-12 16:52:01 . 2011-04-12 16:52:01    --------    d-----w-    C:\Programmi\File comuni\Spigot
2011-04-11 18:10:32 . 2011-04-11 18:10:32    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\AltrixSoft
2011-04-11 18:10:22 . 2011-04-11 18:12:26    --------    d-----w-    C:\Programmi\File comuni\AltrixSoft
2011-04-11 17:08:50 . 2011-04-11 17:10:07    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\RaimaRadioPro
2011-04-11 17:08:45 . 2011-04-11 17:09:41    --------    d-----w-    C:\Programmi\RarmaRadio
2011-04-10 02:59:14 . 2011-04-10 02:59:14    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-04-10 02:55:07 . 2011-04-10 02:58:02    --------    d-----w-    C:\Programmi\DriverUpdate
2011-04-10 02:53:55 . 2011-04-10 02:53:55    --------    d-----w-    C:\Programmi\Downloaded Installers
2011-04-09 22:54:03 . 2011-04-10 00:37:44    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Skunk Studios
2011-04-09 20:54:23 . 2011-04-09 20:55:16    --------    d-----w-    C:\Programmi\MultiExtractor
2011-04-09 20:54:16 . 2011-04-09 20:54:35    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\MultiExtractor
2011-04-08 14:10:42 . 2011-04-08 14:14:59    --------    d-----w-    C:\Programmi\Chainz Galaxy
2011-04-07 09:40:57 . 2011-04-07 09:40:57    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Yahoo!
2011-04-06 19:33:16 . 2011-04-06 19:33:16    --------    d-----w-    C:\WINDOWS\Sun
2011-04-06 15:04:13 . 2011-04-06 21:39:04    --------    d-----w-    C:\Zylom Games
2011-04-06 14:10:47 . 2011-04-06 14:10:49    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\unlimited illegal v1.4 16 05476 200938-499-41
2011-04-06 13:47:07 . 2011-04-06 13:47:07    --------    d-----w-    C:\Programmi\File comuni\Java
2011-04-06 13:46:46 . 2011-04-06 13:46:10    73728    ----a-w-    C:\WINDOWS\system32\javacpl.cpl
2011-04-03 04:26:29 . 2011-04-03 04:26:29    --------    d-----w-    C:\Documents and Settings\Administrator\Saved Games
2011-04-03 01:28:06 . 2011-04-03 01:28:06    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\EA Core
2011-04-03 00:58:35 . 2011-04-03 00:58:35    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2011-04-03 00:23:08 . 2011-04-03 00:23:08    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Remove_Empty_Directories
2011-04-03 00:22:35 . 2011-04-03 00:22:35    --------    d-----w-    C:\WINDOWS\system32\wbem\mof
2011-04-02 23:39:00 . 2011-04-02 23:39:02    --------    d-----w-    C:\Programmi\Remove Empty Directories
2011-03-31 00:38:14 . 2011-03-31 00:38:14    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\Electronic Arts
2011-03-29 15:23:55 . 2011-03-29 15:23:55    --------    d-----w-    C:\Programmi\Auslogics
2011-03-29 11:57:46 . 2011-03-29 11:57:46    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Megamedia
2011-03-29 11:57:36 . 2011-03-29 11:57:36    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\Megamedia
2011-03-29 11:57:18 . 2011-03-29 11:57:18    --------    d-----w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia
2011-03-25 18:37:52 . 2011-03-25 19:13:01    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\PC Tools Performance Toolkit
2011-03-23 21:33:46 . 2011-03-23 21:33:46    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\ShinyTales
2011-03-23 21:22:50 . 2011-03-23 21:22:50    --------    d-----w-    C:\Documents and Settings\All Users\Dati applicazioni\MythPeople
2011-03-23 19:52:14 . 2011-03-23 19:52:14    --------    d-----w-    C:\Documents and Settings\Administrator\Dati applicazioni\Anthropics
2011-03-23 19:18:53 . 2011-03-23 19:19:10    --------    d-----w-    C:\Programmi\Portrait Professional Studio 9
2011-03-22 21:54:18 . 2011-03-22 21:54:18    0    ----a-w-    C:\Documents and Settings\All Users\Dati applicazioni\xml15E2.tmp
2011-03-22 21:54:17 . 2011-03-22 21:54:17    0    ----a-w-    C:\Documents and Settings\All Users\Dati applicazioni\xml15DF.tmp
2011-03-22 21:54:16 . 2011-03-22 21:54:17    14177    ----a-w-    C:\Documents and Settings\All Users\Dati applicazioni\xml15DD.tmp
2011-03-22 21:54:14 . 2011-03-22 21:54:16    8114    ----a-w-    C:\Documents and Settings\All Users\Dati applicazioni\xml15DB.tmp
2011-03-22 21:41:44 . 2011-03-22 21:41:44    --------    d-----w-    C:\Programmi\SiSoftware
2011-03-21 14:38:28 . 2011-03-21 14:38:29    --------    d-----w-    C:\WINDOWS\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-21 14:30:44 . 2011-03-21 14:30:44    --------    d-----w-    C:\WINDOWS\system32\xlive
2011-03-21 14:30:43 . 2011-03-21 14:32:26    --------    d-----w-    C:\Programmi\Microsoft Games for Windows - LIVE
2011-03-21 00:19:55 . 2011-03-21 00:20:03    --------    d-----w-    C:\Programmi\7-Zip
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-08 05:14:00 . 2010-04-04 14:19:25    61440    ----a-w-    C:\WINDOWS\system32\OpenCL.dll
2011-04-08 05:14:00 . 2010-04-04 14:19:24    2074216    ----a-w-    C:\WINDOWS\system32\nvcuvenc.dll
2011-04-08 05:14:00 . 2010-04-04 14:19:21    13000704    ----a-w-    C:\WINDOWS\system32\nvcompiler.dll
2011-04-08 05:14:00 . 2009-03-27 08:03:00    5210112    ----a-w-    C:\WINDOWS\system32\nvcuda.dll
2011-04-08 05:14:00 . 2009-03-27 08:03:00    2770536    ----a-w-    C:\WINDOWS\system32\nvcuvid.dll
2011-04-08 05:14:00 . 2009-03-27 08:03:00    14856192    ----a-w-    C:\WINDOWS\system32\nvoglnt.dll
2011-04-08 05:14:00 . 2009-03-27 08:03:00    12501600    ----a-w-    C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-04-06 13:46:09 . 2010-05-11 14:36:39    472808    ----a-w-    C:\WINDOWS\system32\deployJava1.dll
2011-04-06 13:13:46 . 2011-02-11 19:03:01    557328    ----a-w-    C:\WINDOWS\system32\DAO360.DLL
2011-04-02 14:01:46 . 2009-12-09 06:24:54    5302    ----a-w-    C:\WINDOWS\system32\PerfStringBackup.TMP
2011-03-24 21:24:40 . 2009-04-23 20:08:03    29480    ------w-    C:\WINDOWS\system32\msxml3a.dll
2011-03-24 21:24:39 . 2003-02-21 03:42:22    353576    ------w-    C:\WINDOWS\system32\msvcr71.dll
2011-03-24 21:24:38 . 2003-03-18 19:14:52    505128    ------w-    C:\WINDOWS\system32\msvcp71.dll
2011-03-15 10:08:12 . 2011-03-15 10:08:12    0    ------w-    C:\WINDOWS\system32\REN4D92.tmp
2011-03-10 19:00:18 . 2011-03-11 04:08:38    835480    ----a-w-    C:\WINDOWS\system32\nvgenco322040.dll
2011-03-10 19:00:18 . 2011-03-11 04:08:37    938904    ----a-w-    C:\WINDOWS\system32\nvdispco322090.dll
2011-03-10 19:00:16 . 2009-03-27 08:03:00    6407808    ------w-    C:\WINDOWS\system32\nv4_disp.dll
2011-03-10 19:00:16 . 2009-03-27 08:03:00    1974272    ------w-    C:\WINDOWS\system32\nvapi.dll
2011-02-22 06:38:44 . 2011-02-22 06:38:44    86016    ------w-    C:\WINDOWS\system32\frapsvid.dll
2011-02-06 10:40:42 . 2011-02-06 10:40:43    93696    ------w-    C:\WINDOWS\system32\EP1KSSP.DLL
2011-02-06 10:40:42 . 2011-02-06 10:40:43    178176    ------w-    C:\WINDOWS\system32\ep1k_certd.exe
2011-02-06 10:40:42 . 2011-02-06 10:40:43    12288    ------w-    C:\WINDOWS\system32\ep1ksrv.exe
2011-02-06 10:40:41 . 2011-02-06 10:40:42    446464    ------w-    C:\WINDOWS\system32\EP1CSP32.DAT
2011-02-06 10:40:41 . 2011-02-06 10:40:42    24064    ------w-    C:\WINDOWS\system32\JEPSAI20.DLL
2011-02-06 10:40:41 . 2011-02-06 10:40:42    180224    ------w-    C:\WINDOWS\system32\EP1CSP32.DLL
2011-02-06 10:40:41 . 2011-02-06 10:40:42    165888    ------w-    C:\WINDOWS\system32\EP1PK111.DLL
2011-02-06 10:40:41 . 2011-02-06 10:40:19    95232    ------w-    C:\WINDOWS\system32\EP1KDL20.DLL
2011-02-06 10:40:19 . 2011-02-06 10:40:19    81920    ------w-    C:\WINDOWS\system32\EPSMODU.DLL
2011-02-06 10:40:19 . 2011-02-06 10:40:19    81920    ------w-    C:\WINDOWS\system32\EPASMOD.DLL
2011-02-06 10:40:19 . 2011-02-06 10:40:19    69632    ------w-    C:\WINDOWS\system32\EPSMODUE.DLL
2011-02-06 10:40:19 . 2011-02-06 10:40:19    53248    ------w-    C:\WINDOWS\system32\EPASSMDFULL.DLL
2011-02-06 10:40:19 . 2011-02-06 10:40:19    45056    ------w-    C:\WINDOWS\system32\EPASSMD.DLL
2011-02-06 10:40:18 . 2011-02-06 10:40:19    4608    ------w-    C:\WINDOWS\system32\ft1kco.dll
2011-02-06 10:40:18 . 2011-02-06 10:40:19    22272    ------w-    C:\WINDOWS\system32\drivers\eps1k.sys
2011-02-06 10:40:18 . 2011-02-06 10:40:18    9856    ------w-    C:\WINDOWS\system32\drivers\usbic1k.SYS
2011-02-06 10:40:18 . 2011-02-06 10:40:18    8832    ------w-    C:\WINDOWS\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28:44 . 2010-02-18 23:28:57    774144    ----a-w-    C:\Programmi\RngInterstitial.dll


(((((((((((((((((((((((((((((   SnapShot@2011-04-02_17.14.28   )))))))))))))))))))))))))))))))))))))))))

+ 2011-04-13 14:40:37 . 2011-04-13 14:40:37    45304              C:\WINDOWS\WinSxS\x86_Update_318d21d4b0463a3b_1.1.3.0_x-ww_46a5f7d3\Update.exe
+ 2011-04-18 19:35:44 . 2011-04-18 19:35:44    16384              C:\WINDOWS\temp\Perflib_Perfdata_708.dat
+ 2011-04-18 19:35:33 . 2011-04-18 19:35:33    16384              C:\WINDOWS\temp\Perflib_Perfdata_160.dat
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    32768              C:\WINDOWS\system32\tstream.dll
- 2008-09-03 13:04:16 . 2007-11-30 04:39:40    18808              C:\WINDOWS\system32\spmsg.dll
+ 2008-09-03 13:04:16 . 2007-11-30 03:39:40    18808              C:\WINDOWS\system32\spmsg.dll
+ 2010-04-16 20:12:18 . 2010-04-16 20:12:18    48464              C:\WINDOWS\system32\sirenacm.dll
+ 2011-04-18 18:16:56 . 2011-03-10 19:00:18    61440              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\OpenCL.dll
- 2011-03-11 04:09:46 . 2010-10-22 06:23:30    61440              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\OpenCL.dll
- 2011-01-07 18:58:20 . 2011-01-07 18:58:20    81920              C:\WINDOWS\system32\nvwddi.dll
+ 2011-04-07 20:16:34 . 2011-04-07 20:16:34    81920              C:\WINDOWS\system32\nvwddi.dll
+ 2008-04-14 12:00:00 . 2008-05-19 04:33:20    18944              C:\WINDOWS\system32\msisip.dll
- 2008-04-14 12:00:00 . 2008-05-19 05:33:20    18944              C:\WINDOWS\system32\msisip.dll
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    53248              C:\WINDOWS\system32\EZTW32.dll
- 2008-05-19 04:33:20 . 2008-05-19 05:33:20    18944              C:\WINDOWS\system32\dllcache\msisip.dll
+ 2008-05-19 04:33:20 . 2008-05-19 04:33:20    18944              C:\WINDOWS\system32\dllcache\msisip.dll
+ 2011-04-06 13:13:36 . 2011-04-06 13:13:36    32768              C:\WINDOWS\system32\Base64.dll
+ 2011-04-06 13:13:35 . 2011-04-06 13:13:35    81920              C:\WINDOWS\system32\aspapi.dll
+ 2011-04-13 20:24:34 . 2011-04-13 20:24:34    27136              C:\WINDOWS\Installer\f5424d4.msi
+ 2011-04-13 20:24:17 . 2011-04-13 20:24:17    83456              C:\WINDOWS\Installer\f5424c8.msi
+ 2011-04-13 20:24:12 . 2011-04-13 20:24:12    58880              C:\WINDOWS\Installer\f5424c2.msi
+ 2011-04-13 20:24:28 . 2011-04-13 20:24:28    61272              C:\WINDOWS\Installer\{C3C640B8-95B6-40AE-A058-BE4896CD3010}\IconWlc.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:03    35088              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:34    35088              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:02    18704              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    18704              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    20240              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:02    20240              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-04-13 20:25:00 . 2011-04-13 20:25:00    80395              C:\WINDOWS\Installer\{39AE27EE-A148-48A3-B98D-35498C4D9719}\MsblIco.Exe
+ 2011-04-13 14:40:37 . 2011-04-13 14:40:37    40184              C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar\1.1.0.0__318d21d4b0463a3b\QuickStoresToolbar.dll
+ 2011-04-13 14:40:37 . 2011-04-13 14:40:37    45304              C:\WINDOWS\assembly\GAC_32\Update\1.1.3.0__318d21d4b0463a3b\Update.exe
+ 2011-04-09 22:53:41 . 2011-04-09 22:53:41    4096              C:\WINDOWS\d3dx.dat
+ 2008-03-04 01:17:16 . 2008-03-04 01:17:16    655872              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcr90.dll
+ 2008-03-04 01:17:14 . 2008-03-04 01:17:14    572928              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcp90.dll
+ 2008-03-03 19:52:34 . 2008-03-03 19:52:34    225280              C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcm90.dll
+ 2011-04-06 13:13:51 . 2011-04-06 13:13:51    139264              C:\WINDOWS\system32\vbSendMail.dll
+ 2011-04-18 18:18:26 . 2011-03-10 19:00:18    835480              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvgenco32.dll
+ 2011-04-18 18:16:44 . 2011-03-10 19:00:18    256868              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvdrsdb.bin
+ 2011-04-18 18:18:26 . 2011-03-10 19:00:18    938904              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvdispco32.dll
+ 2011-04-18 18:16:44 . 2011-03-10 19:00:16    145920              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\dbInstaller.exe
+ 2011-04-07 20:16:24 . 2011-04-07 20:16:24    155752              C:\WINDOWS\system32\nvsvc32.exe
- 2011-01-07 18:58:36 . 2011-01-07 18:58:36    126976              C:\WINDOWS\system32\nvrszht.dll
+ 2011-04-07 20:16:30 . 2011-04-07 20:16:30    126976              C:\WINDOWS\system32\nvrszht.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    229376              C:\WINDOWS\system32\nvrszhc.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    229376              C:\WINDOWS\system32\nvrszhc.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    258048              C:\WINDOWS\system32\nvrstr.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    258048              C:\WINDOWS\system32\nvrstr.dll
- 2011-01-07 18:58:36 . 2011-01-07 18:58:36    253952              C:\WINDOWS\system32\nvrsth.dll
+ 2011-04-07 20:16:30 . 2011-04-07 20:16:30    253952              C:\WINDOWS\system32\nvrsth.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    253952              C:\WINDOWS\system32\nvrssv.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    253952              C:\WINDOWS\system32\nvrssv.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    258048              C:\WINDOWS\system32\nvrssl.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    258048              C:\WINDOWS\system32\nvrssl.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    258048              C:\WINDOWS\system32\nvrssk.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    258048              C:\WINDOWS\system32\nvrssk.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    270336              C:\WINDOWS\system32\nvrsru.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    270336              C:\WINDOWS\system32\nvrsru.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    270336              C:\WINDOWS\system32\nvrsptb.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    270336              C:\WINDOWS\system32\nvrsptb.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    274432              C:\WINDOWS\system32\nvrspt.dll
- 2011-01-07 18:58:30 . 2011-01-07 18:58:30    274432              C:\WINDOWS\system32\nvrspt.dll
- 2011-01-07 18:58:30 . 2011-01-07 18:58:30    258048              C:\WINDOWS\system32\nvrspl.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    258048              C:\WINDOWS\system32\nvrspl.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    253952              C:\WINDOWS\system32\nvrsno.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    253952              C:\WINDOWS\system32\nvrsno.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    274432              C:\WINDOWS\system32\nvrsnl.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    274432              C:\WINDOWS\system32\nvrsnl.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    266240              C:\WINDOWS\system32\nvrsko.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    266240              C:\WINDOWS\system32\nvrsko.dll
- 2011-01-07 18:58:30 . 2011-01-07 18:58:30    270336              C:\WINDOWS\system32\nvrsja.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    270336              C:\WINDOWS\system32\nvrsja.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    282624              C:\WINDOWS\system32\nvrsit.dll
- 2011-01-07 18:58:30 . 2011-01-07 18:58:30    282624              C:\WINDOWS\system32\nvrsit.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    262144              C:\WINDOWS\system32\nvrshu.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    262144              C:\WINDOWS\system32\nvrshu.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    331776              C:\WINDOWS\system32\nvrshe.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    331776              C:\WINDOWS\system32\nvrshe.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    286720              C:\WINDOWS\system32\nvrsfr.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    286720              C:\WINDOWS\system32\nvrsfr.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    249856              C:\WINDOWS\system32\nvrsfi.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    249856              C:\WINDOWS\system32\nvrsfi.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    274432              C:\WINDOWS\system32\nvrsesm.dll
- 2011-01-07 18:58:36 . 2011-01-07 18:58:36    274432              C:\WINDOWS\system32\nvrsesm.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    282624              C:\WINDOWS\system32\nvrses.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    282624              C:\WINDOWS\system32\nvrses.dll
- 2011-01-07 18:58:36 . 2011-01-07 18:58:36    249856              C:\WINDOWS\system32\nvrseng.dll
+ 2011-04-07 20:16:30 . 2011-04-07 20:16:30    249856              C:\WINDOWS\system32\nvrseng.dll
- 2011-01-07 18:58:36 . 2011-01-07 18:58:36    282624              C:\WINDOWS\system32\nvrsel.dll
+ 2011-04-07 20:16:30 . 2011-04-07 20:16:30    282624              C:\WINDOWS\system32\nvrsel.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    278528              C:\WINDOWS\system32\nvrsde.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    278528              C:\WINDOWS\system32\nvrsde.dll
+ 2011-04-07 20:16:28 . 2011-04-07 20:16:28    253952              C:\WINDOWS\system32\nvrsda.dll
- 2011-01-07 18:58:34 . 2011-01-07 18:58:34    253952              C:\WINDOWS\system32\nvrsda.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    249856              C:\WINDOWS\system32\nvrscs.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    249856              C:\WINDOWS\system32\nvrscs.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    335872              C:\WINDOWS\system32\nvrsar.dll
- 2011-01-07 18:58:32 . 2011-01-07 18:58:32    335872              C:\WINDOWS\system32\nvrsar.dll
- 2011-01-07 18:58:12 . 2011-01-07 18:58:12    111208              C:\WINDOWS\system32\nvmctray.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    111208              C:\WINDOWS\system32\nvmctray.dll
- 2011-01-07 18:58:12 . 2011-01-07 18:58:12    277608              C:\WINDOWS\system32\nvmccs.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    277608              C:\WINDOWS\system32\nvmccs.dll
+ 2010-11-20 19:50:37 . 2011-04-18 18:21:37    259604              C:\WINDOWS\system32\nvdrsdb1.bin
+ 2010-11-20 19:50:40 . 2011-04-18 18:21:42    259604              C:\WINDOWS\system32\nvdrsdb0.bin
- 2011-01-07 18:58:12 . 2011-01-07 18:58:12    145000              C:\WINDOWS\system32\nvcolor.exe
+ 2011-04-07 20:16:24 . 2011-04-07 20:16:24    145000              C:\WINDOWS\system32\nvcolor.exe
+ 2008-04-14 12:00:00 . 2008-05-19 04:33:20    332800              C:\WINDOWS\system32\msihnd.dll
- 2008-04-14 12:00:00 . 2008-05-19 05:33:20    332800              C:\WINDOWS\system32\msihnd.dll
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    229452              C:\WINDOWS\system32\mls_set4.dll
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    118784              C:\WINDOWS\system32\LMCHART1.dll
+ 2011-04-06 13:46:45 . 2011-04-06 13:46:10    157472              C:\WINDOWS\system32\javaws.exe
- 2011-03-15 10:08:12 . 2011-02-02 20:40:39    157472              C:\WINDOWS\system32\javaws.exe
- 2011-03-15 10:08:12 . 2011-02-02 20:40:38    145184              C:\WINDOWS\system32\javaw.exe
+ 2011-04-06 13:46:45 . 2011-04-06 13:46:10    145184              C:\WINDOWS\system32\javaw.exe
+ 2011-04-06 13:46:45 . 2011-04-06 13:46:10    145184              C:\WINDOWS\system32\java.exe
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    118784              C:\WINDOWS\system32\f23dll.dll
+ 2011-04-07 20:16:34 . 2011-04-07 20:16:34    580200              C:\WINDOWS\system32\easyUpdatusAPIU.dll
- 2011-01-07 18:58:14 . 2011-01-07 18:58:14    580200              C:\WINDOWS\system32\easyUpdatusAPIU.dll
- 2008-05-19 04:33:20 . 2008-05-19 05:33:20    332800              C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2008-05-19 04:33:20 . 2008-05-19 04:33:20    332800              C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2011-04-13 20:34:08 . 2011-04-13 20:34:08    701952              C:\WINDOWS\Installer\f5424e6.msi
+ 2011-04-13 20:25:00 . 2011-04-13 20:25:00    429056              C:\WINDOWS\Installer\f5424e2.msi
+ 2011-04-13 20:24:39 . 2011-04-13 20:24:39    155648              C:\WINDOWS\Installer\f5424da.msi
+ 2011-04-13 20:24:28 . 2011-04-13 20:24:28    149504              C:\WINDOWS\Installer\f5424ce.msi
+ 2011-04-13 20:24:05 . 2011-04-13 20:24:05    107008              C:\WINDOWS\Installer\f5424bc.msi
+ 2011-04-06 13:47:08 . 2011-04-06 13:47:08    180224              C:\WINDOWS\Installer\4e4c5c2.msi
+ 2011-04-06 13:46:05 . 2011-04-06 13:46:05    675840              C:\WINDOWS\Installer\4e4c5bc.msi
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    888080              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:03    888080              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:01    272648              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    272648              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:00:59    922384              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    922384              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:00:57    845584              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:32    845584              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:01:00    217864              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:33    217864              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:32    184080              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:00:57    184080              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-06-28 15:09:41 . 2011-04-03 01:00:56    159504              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-06-28 15:09:41 . 2010-07-14 16:28:32    159504              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-04-10 02:55:23 . 2011-04-10 02:55:23    385024              C:\WINDOWS\Installer\{4613F39B-AE3E-42D8-840E-190945136EA6}\Icon.exe
+ 2011-04-06 13:13:50 . 2011-04-06 13:13:51    1236992              C:\WINDOWS\system32\tspell11en.dll
+ 2011-04-18 18:17:53 . 2011-03-10 19:00:18    2294198              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvdata.bin
+ 2011-04-18 18:17:49 . 2011-03-10 19:00:18    2918504              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvcuvid.dll
+ 2011-04-18 18:17:46 . 2011-03-10 19:00:18    2252904              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvcuvenc.dll
+ 2011-04-18 18:17:26 . 2011-03-10 19:00:18    4984832              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvcuda.dll
+ 2011-04-18 18:16:57 . 2011-03-10 19:00:16    1974272              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvapi.dll
+ 2011-04-18 18:16:45 . 2011-03-10 19:00:16    9925408              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nv4_mini.sys
+ 2011-04-18 18:16:56 . 2011-03-10 19:00:16    6407808              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nv4_disp.dll
+ 2010-04-04 14:19:20 . 2011-04-08 05:14:00    2116894              C:\WINDOWS\system32\nvdata.bin
+ 2008-04-14 12:00:00 . 2008-05-19 04:33:20    4445184              C:\WINDOWS\system32\msi.dll
- 2008-04-14 12:00:00 . 2008-05-19 05:33:20    4445184              C:\WINDOWS\system32\msi.dll
- 2008-05-19 04:33:20 . 2008-05-19 05:33:20    4445184              C:\WINDOWS\system32\dllcache\msi.dll
+ 2008-05-19 04:33:20 . 2008-05-19 04:33:20    4445184              C:\WINDOWS\system32\dllcache\msi.dll
+ 2011-04-06 13:13:41 . 2011-04-06 13:13:41    1380352              C:\WINDOWS\system32\comchartdir.dll
+ 2011-04-06 13:13:31 . 2011-04-06 13:13:31    1822720              C:\WINDOWS\system32\chartdir41.dll
+ 2011-04-10 02:55:22 . 2011-04-10 02:55:22    1463808              C:\WINDOWS\Installer\173442cc.msi
+ 2010-06-28 15:09:40 . 2011-04-03 01:00:56    1172240              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-06-28 15:09:40 . 2010-07-14 16:28:32    1172240              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-06-28 15:09:40 . 2010-07-14 16:28:32    1165584              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-06-28 15:09:40 . 2011-04-03 01:00:55    1165584              C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-04-18 18:17:56 . 2011-03-10 19:00:18    14675968              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvoglnt.dll
+ 2011-04-18 18:21:52 . 2011-03-10 19:00:18    62485312              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\NvCPLSetupInt.exe
+ 2011-04-18 18:17:00 . 2011-03-10 19:00:16    13004800              C:\WINDOWS\system32\ReinstallBackups\0111\DriverFiles\nvcompiler.dll
+ 2011-04-07 20:16:26 . 2011-04-07 20:16:26    13891176              C:\WINDOWS\system32\nvcpl.dll
+ 2009-03-27 08:03:00 . 2011-04-08 05:14:00    12501600              C:\WINDOWS\system32\dllcache\nv4_mini.sys
- 2009-06-10 08:27:01 . 2011-04-02 16:22:39    3863412768              C:\WINDOWS\system32\drivers\fidbox.dat
+ 2009-06-10 08:27:01 . 2011-04-18 19:32:13    3863412768              C:\WINDOWS\system32\drivers\fidbox.dat

-- Snapshot per reimpostare la data corrente --

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16:10    64000    ----a-w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 13:59:43 192512]
"egui"="C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 14:06:24 2054360]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2010-09-07 16:40:30 43608]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2010-09-07 16:40:30 1976920]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 10:21:24 847872]
"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 15:45:14 821144]
"CanonSolutionMenuEx"="C:\Programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 09:18:54 1185112]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 20:16:26 111208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-04-07 20:16:26 13891176]
"nwiz"="C:\Programmi\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 00:57:14 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 25088]

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - C:\Programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "C:\Programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 18:33:23 511344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 08:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13:40    64592    ----a-w-    c:\Programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17:26    4743240    ----a-w-    C:\Program Files\360Amigo\360Amigo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16:50    165144    ----a-w-    C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10:47    402432    ----a-w-    C:\Programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39:49    323392    ----a-w-    C:\Programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52:58    86016    ----a-w-    C:\Programmi\ClamWin\bin\ClamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36:48    13561856    ----a-w-    C:\Programmi\Driver Checker\DriverChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32:48    1352272    ----a-w-    C:\Programmi\Logitech\SetPointP\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23:05    133104    ----atw-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44:34    31072    ----a-w-    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30:35    687104    ----a-w-    C:\WINDOWS\is-QOJPR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08:46    963976    ----a-w-    C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08:56    443728    ----a-w-    C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38:42    64000    ----a-w-    C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50:42    155648    ------w-    C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42:47    2937528    ----a-w-    C:\Programmi\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51:32    25088    ------r-    C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49:28    249064    ----a-w-    C:\Programmi\File comuni\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37:14    517096    ----a-w-    C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28:56    247144    ----a-w-    C:\Documents and Settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03:52    222504    ----a-w-    C:\Programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07:40    199752    ----a-w-    C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05:24    77824    ------w-    C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="C:\Programmi\DriverUpdate\DriverUpdate.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"C:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"C:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"C:\\Programmi\\mIRC\\mirc.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"C:\\Programmi\\FreePOPs\\freepopsd.exe"=
"C:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"C:\\xampp\\apache\\bin\\httpd.exe"=
"C:\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Programmi\\Steam\\Steam.exe"=
"C:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"C:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"C:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"C:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"C:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"C:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"C:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1069:TCP"= 1069:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 as6eio;as6eio;C:\WINDOWS\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 15:20:18 1483072]
R3 EagleXNt;EagleXNt;C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 10:10:02 3276800]
R3 gwiopm;gwiopm;C:\Programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des [2010-05-03 22:21:00 3604720]
R3 Revoflt;Revoflt;C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 10:20:54 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 23:10:50 93848]
R3 SASENUM;SASENUM;C:\Programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 08:05:56 7408]
R3 SwitchBoard;SwitchBoard;C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 11:34:32 10064]
R3 XDva343;XDva343;C:\WINDOWS\system32\XDva343.sys [x]
S0 pxscan;pxscan;C:\WINDOWS\System32\drivers\pxscan.sys [2010-01-06 16:50:21 22024]
S0 pxsec;pxsec;C:\WINDOWS\System32\drivers\pxsec.sys [2010-01-06 16:50:21 27656]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);C:\WINDOWS\system32\DRIVERS\tdrpm147.sys [2009-06-12 12:54:35 971232]
S0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-03 13:42:30 16896]
S0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-03 13:42:34 53248]
S1 ehdrv;ehdrv;C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-10-01 14:06:40 108792]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-01 14:07:30 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;C:\WINDOWS\system32\DRIVERS\05165413.sys [2008-07-08 12:54:02 148496]
S1 SASDIFSV;SASDIFSV;C:\Programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 08:05:54 9968]
S1 SASKUTIL;SASKUTIL;C:\Programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 04:33:03 74480]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe [2008-04-14 12:00:00 14336]
S2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2009-12-19 22:00:00 29416]
S2 ekrn;ESET Service;C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 14:06:52 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 16:09:10 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2010-08-24 17:30:18 10448]
S2 nlsX86cc;NLS Service;C:\WINDOWS\system32\NLSSRV32.EXE [2010-06-11 09:16:10 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 05:14:00 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-07-15 13:02:30 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 00:25:20 66944]
S2 TomTomHOMEService;TomTomHOMEService;C:\Documents and Settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 12:29:00 92008]
S3 ft1kEnum;usb Card Device 1000;C:\WINDOWS\system32\DRIVERS\ic1kenum.sys [2011-02-06 10:40:18 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 13:02:41 56960]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;C:\WINDOWS\system32\DRIVERS\usbic1k.sys [2011-02-06 10:40:18 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 11:56:04 17792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

Contenuto della cartella 'Scheduled Tasks'

2011-04-18 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- C:\Programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04:18 . 2010-09-16 14:04:18]

2011-04-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2009-06-18 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23:08 . 2008-10-09 17:23:05]


------- Scansione supplementare -------

uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://C:\Programmi\MiPony\Browser\IEContext.htm
LSP: C:\Documents and Settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - C:\Programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Simp - (no file)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 6399

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19.04.2011 21:55:10
mbam-log-2011-04-19 (21-55-10).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 319838
Tempo trascorso: 2 ore, 27 minuti, 47 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 25

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\administrator\Desktop\Fabio\driverupdate.v2.2.4118.505.winall.incl.patcher-ypogeios\ypogeios\ygs-patch.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\file penna blu\ultraiso.pe.v9.3.6.2750\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\programmi\box, mara-fix v1.3\Eset fix.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\winrar.v3.93.keyfile.maker.only-fff\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\incredimail\Data\Licenses\licmngr_del.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programmi\Adobe\acrobat 10.0\Acrobat\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003767.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003795.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003797.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003812.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0003814.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP14\A0004344.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP21\A0005529.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006148.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006155.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP24\A0006953.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP30\A0011466.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP30\A0011468.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002281.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002284.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP5\A0002288.EXE (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003079.EXE (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003085.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003089.exe (Trojan.Bumat) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e74dbc23-9ae9-4109-9096-5e1f6f46b735}\RP8\A0003095.exe (Trojan.Bumat) -> Quarantined and deleted successfully.

2011/04/19 22:33:36.0250 2240    TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/19 22:33:36.0875 2240    ================================================================================
2011/04/19 22:33:36.0875 2240    SystemInfo:
2011/04/19 22:33:36.0875 2240    
2011/04/19 22:33:36.0875 2240    OS Version: 5.1.2600 ServicePack: 3.0
2011/04/19 22:33:36.0875 2240    Product type: Workstation
2011/04/19 22:33:36.0875 2240    ComputerName: COMPUTER-A04070
2011/04/19 22:33:36.0875 2240    UserName: Administrator
2011/04/19 22:33:36.0875 2240    Windows directory: C:\WINDOWS
2011/04/19 22:33:36.0875 2240    System windows directory: C:\WINDOWS
2011/04/19 22:33:36.0875 2240    Processor architecture: Intel x86
2011/04/19 22:33:36.0875 2240    Number of processors: 2
2011/04/19 22:33:36.0875 2240    Page size: 0x1000
2011/04/19 22:33:36.0875 2240    Boot type: Normal boot
2011/04/19 22:33:36.0875 2240    ================================================================================
2011/04/19 22:33:37.0000 2240    !crdlk
2011/04/19 22:33:37.0078 2240    Initialize success
2011/04/19 22:33:39.0015 4436    ================================================================================
2011/04/19 22:33:39.0015 4436    Scan started
2011/04/19 22:33:39.0015 4436    Mode: Manual;
2011/04/19 22:33:39.0015 4436    ================================================================================
2011/04/19 22:33:50.0375 4436    ================================================================================
2011/04/19 22:33:50.0375 4436    Scan finished
2011/04/19 22:33:50.0375 4436    ================================================================================

ComboFix 11-04-19.01 - Administrator 19.04.2011  23:29:56.10.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Downloaded Installers
c:\programmi\Downloaded Installers\{4613F39B-AE3E-42D8-840E-190945136EA6}\setup.msi
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((   Files Creati Da 2011-03-19 al 2011-04-19  )))))))))))))))))))))))))))))))))))
.
.
2011-04-19 12:47 . 2011-04-19 12:47    53248    ----a-r-    c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-19 12:46 . 2011-04-19 12:46    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Logishrd
2011-04-19 12:43 . 2011-04-19 12:45    --------    d-----w-    c:\programmi\Logitech
2011-04-19 12:39 . 2011-04-19 12:46    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Logitech
2011-04-19 12:36 . 2006-02-06 13:54    24064    ----a-r-    c:\windows\system32\PostProc.dll
2011-04-19 12:36 . 2001-09-19 11:47    765952    ----a-r-    c:\windows\system\crlds3d.dll
2011-04-19 12:36 . 2006-04-27 04:42    93824    ----a-r-    c:\windows\system32\drivers\aeaudio.sys
2011-04-19 12:36 . 2006-03-17 16:18    392960    ----a-r-    c:\windows\system32\drivers\senfilt.sys
2011-04-19 12:36 . 2006-06-27 11:43    245760    ----a-r-    c:\windows\system32\drivers\ADIHdAud.sys
2011-04-18 18:33 . 2011-04-18 18:33    --------    d-----w-    c:\documents and settings\UpdatusUser
2011-04-18 18:33 . 2011-04-18 18:33    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2011-04-18 18:14 . 2011-04-08 05:14    944232    ----a-w-    c:\windows\system32\nvdispco3220140.dll
2011-04-18 18:14 . 2011-04-08 05:14    855656    ----a-w-    c:\windows\system32\nvgenco322060.dll
2011-04-18 18:14 . 2011-04-08 05:14    4111232    ----a-w-    c:\windows\system32\SET327.tmp
2011-04-18 18:14 . 2011-04-08 05:14    2027008    ----a-w-    c:\windows\system32\SET32B.tmp
2011-04-18 11:35 . 2011-04-18 11:35    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\NVIDIA
2011-04-18 11:28 . 2011-04-18 11:28    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-18 11:28 . 2011-04-18 11:37    --------    d--h--w-    c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:53    --------    d-----w-    c:\programmi\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:50    --------    d-----w-    c:\programmi\File comuni\ArcSoft
2011-04-18 11:23 . 2011-04-18 11:47    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\ArcSoft
2011-04-16 17:35 . 2011-04-16 17:35    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Elephant Games
2011-04-16 17:35 . 2011-04-16 17:35    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Elephant Games
2011-04-14 23:21 . 2011-04-14 23:21    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\SunRay Games
2011-04-13 20:42 . 2011-04-13 20:42    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2011-04-13 20:41 . 2011-04-13 20:41    --------    d-----w-    c:\programmi\Yuna Software
2011-04-13 20:34 . 2011-04-13 20:34    --------    d-----w-    c:\programmi\Secway
2011-04-13 20:24 . 2011-04-13 20:24    --------    d-----w-    c:\programmi\Microsoft
2011-04-13 20:24 . 2011-04-13 20:24    --------    d-----w-    c:\programmi\Windows Live
2011-04-13 16:52 . 2011-04-19 15:00    --------    d-----w-    c:\documents and settings\Administrator\Tracing
2011-04-12 23:24 . 2011-04-12 23:24    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Axialis
2011-04-12 23:24 . 2011-04-13 00:02    --------    d-----w-    c:\programmi\Axialis
2011-04-12 23:24 . 2011-04-13 00:02    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Axialis
2011-04-12 16:52 . 2011-04-12 16:52    --------    d-----w-    c:\programmi\File comuni\Spigot
2011-04-11 18:10 . 2011-04-11 18:10    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\AltrixSoft
2011-04-11 18:10 . 2011-04-11 18:12    --------    d-----w-    c:\programmi\File comuni\AltrixSoft
2011-04-11 17:08 . 2011-04-11 17:10    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\RaimaRadioPro
2011-04-11 17:08 . 2011-04-11 17:09    --------    d-----w-    c:\programmi\RarmaRadio
2011-04-10 02:59 . 2011-04-10 02:59    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-04-10 02:55 . 2011-04-10 02:58    --------    d-----w-    c:\programmi\DriverUpdate
2011-04-09 22:54 . 2011-04-10 00:37    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Skunk Studios
2011-04-09 20:54 . 2011-04-09 20:55    --------    d-----w-    c:\programmi\MultiExtractor
2011-04-09 20:54 . 2011-04-09 20:54    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\MultiExtractor
2011-04-08 14:10 . 2011-04-08 14:14    --------    d-----w-    c:\programmi\Chainz Galaxy
2011-04-07 09:40 . 2011-04-07 09:40    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Yahoo!
2011-04-06 19:33 . 2011-04-06 19:33    --------    d-----w-    c:\windows\Sun
2011-04-06 15:04 . 2011-04-06 21:39    --------    d-----w-    C:\Zylom Games
2011-04-06 14:10 . 2011-04-06 14:10    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\unlimited illegal v1.4 16 05476 200938-499-41
2011-04-06 13:47 . 2011-04-06 13:47    --------    d-----w-    c:\programmi\File comuni\Java
2011-04-06 13:46 . 2011-04-06 13:46    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-04-03 04:26 . 2011-04-03 04:26    --------    d-----w-    c:\documents and settings\Administrator\Saved Games
2011-04-03 01:28 . 2011-04-03 01:28    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\EA Core
2011-04-03 00:58 . 2011-04-03 00:58    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2011-04-03 00:23 . 2011-04-03 00:23    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Remove_Empty_Directories
2011-04-03 00:22 . 2011-04-03 00:22    --------    d-----w-    c:\windows\system32\wbem\mof
2011-04-02 23:39 . 2011-04-02 23:39    --------    d-----w-    c:\programmi\Remove Empty Directories
2011-03-31 00:38 . 2011-03-31 00:38    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2011-03-29 15:23 . 2011-03-29 15:23    --------    d-----w-    c:\programmi\Auslogics
2011-03-29 11:57 . 2011-03-29 11:57    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57    --------    d-----w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia
2011-03-25 18:37 . 2011-03-25 19:13    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\PC Tools Performance Toolkit
2011-03-23 21:33 . 2011-03-23 21:33    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\ShinyTales
2011-03-23 21:22 . 2011-03-23 21:22    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\MythPeople
2011-03-23 19:52 . 2011-03-23 19:52    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Anthropics
2011-03-23 19:18 . 2011-03-23 19:19    --------    d-----w-    c:\programmi\Portrait Professional Studio 9
2011-03-22 21:54 . 2011-03-22 21:54    0    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\xml15E2.tmp
2011-03-22 21:54 . 2011-03-22 21:54    0    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\xml15DF.tmp
2011-03-22 21:54 . 2011-03-22 21:54    14177    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\xml15DD.tmp
2011-03-22 21:54 . 2011-03-22 21:54    8114    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\xml15DB.tmp
2011-03-22 21:41 . 2011-03-22 21:41    --------    d-----w-    c:\programmi\SiSoftware
2011-03-21 14:38 . 2011-03-21 14:38    --------    d-----w-    c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-21 14:30 . 2011-03-21 14:30    --------    d-----w-    c:\windows\system32\xlive
2011-03-21 14:30 . 2011-03-21 14:32    --------    d-----w-    c:\programmi\Microsoft Games for Windows - LIVE
2011-03-21 00:19 . 2011-03-21 00:20    --------    d-----w-    c:\programmi\7-Zip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 13:46 . 2010-05-11 14:36    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03    557328    ----a-w-    c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24    5302    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08    29480    ------w-    c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42    353576    ------w-    c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14    505128    ------w-    c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08    0    ------w-    c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08    835480    ----a-w-    c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08    938904    ----a-w-    c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19    61440    ----a-w-    c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19    2252904    ----a-w-    c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03    4984832    ----a-w-    c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03    2918504    ----a-w-    c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03    14675968    ----a-w-    c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19    13004800    ----a-w-    c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03    9925408    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03    6407808    ----a-w-    c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03    1974272    ----a-w-    c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26    81920    ----a-w-    c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26    277608    ----a-w-    c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26    13881448    ----a-w-    c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26    111208    ----a-w-    c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26    580200    ----a-w-    c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26    155752    ----a-w-    c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26    145000    ----a-w-    c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26    331776    ----a-w-    c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26    286720    ----a-w-    c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26    262144    ----a-w-    c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26    229376    ----a-w-    c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26    126976    ----a-w-    c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26    335872    ----a-w-    c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26    278528    ----a-w-    c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26    266240    ----a-w-    c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38    86016    ------w-    c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40    93696    ------w-    c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40    178176    ------w-    c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40    12288    ------w-    c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40    446464    ------w-    c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40    24064    ------w-    c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40    180224    ------w-    c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40    165888    ------w-    c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40    95232    ------w-    c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40    81920    ------w-    c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40    81920    ------w-    c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40    69632    ------w-    c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40    53248    ------w-    c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40    45056    ------w-    c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40    4608    ------w-    c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40    22272    ------w-    c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40    9856    ------w-    c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40    8832    ------w-    c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28    774144    ----a-w-    c:\programmi\RngInterstitial.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 12:00 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\SevenMizer\old\comres.dll
[-] 2008-04-14 12:00 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . 899C00F3EE822D7871F5948A1E088DC2 . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[7] 2010-05-04 . 77968988F8D07572499D9181B47E2B12 . 3603456 . . [7.00.6000.21264] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-03-11 . 42CCADED3A3430D0A96C3C2077DA79B4 . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[7] 2009-10-29 . 6A23746C85468A631B25050C59C2CA14 . 3602432 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-08-29 . 68B859DDC8FF192D9FFC02229B6BE355 . 3600384 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-01-16 . 872E162F24BD5AF017D6F0BE1AC417EB . 3593728 . . [7.00.6000.20753] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
.
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[7] 2010-05-04 . 4CD4DB297B3D6D83F04BE7912B946428 . 841216 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-03-11 . 776681CB75D9DE5EF363FFDEA8D7DA97 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[7] 2009-10-29 . 24A9BC124187E37A2BE67DFE5BB1A681 . 841216 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[7] 2009-08-29 . EFC043E6C9D34BA3B22CE51347F08D32 . 840704 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[7] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[7] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
.
[-] 2008-04-14 . F2F479CD6EB8DC808B5DAF2C9F3A3C8D . 1561600 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
.
[7] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\hnetcfg.dll
[-] 2008-04-14 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[7] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\iexplore.exe
[-] 2010-04-16 . 163987977BFA1784DF8D662048FF8970 . 724248 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
.
[7] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16    64000    ----a-w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13    64592    ----a-w-    c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17    4743240    ----a-w-    c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16    165144    ----a-w-    c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10    402432    ----a-w-    c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39    323392    ----a-w-    c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52    86016    ----a-w-    c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36    13561856    ----a-w-    c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32    1352272    ----a-w-    c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23    133104    ----atw-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44    31072    ----a-w-    c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30    687104    ----a-w-    c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08    963976    ----a-w-    c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08    443728    ----a-w-    c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38    64000    ----a-w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50    155648    ------w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42    2937528    ----a-w-    c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51    25088    ------r-    c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49    249064    ----a-w-    c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37    517096    ----a-w-    c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28    247144    ----a-w-    c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03    222504    ----a-w-    c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07    199752    ----a-w-    c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05    77824    ------w-    c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-01-06 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-01-06 27656]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-Simp - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87118821-B996-BE12-BBCA-B6BDF39E5A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpnmffeooajilkcafhegojfckkhekkbkg"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,
   6f,64,6e,6b,66,62,64,67,00,00
"pafncffijobobldilcdhknhghadjfdoo"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,6f,
   64,6e,6b,66,62,64,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1916)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2011-04-20  00:03:57
ComboFix-quarantined-files.txt  2011-04-19 22:03
.
Pre-Run: 59'216'257'024 byte disponibili
Post-Run: 59'188'068'352 byte disponibili
.
- - End Of File - - 6DB88C39ECD50DBFA8743EF01D03E40D

2011/04/20 00:09:50.0968 0544    TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 00:09:51.0593 0544    ================================================================================
2011/04/20 00:09:51.0593 0544    SystemInfo:
2011/04/20 00:09:51.0593 0544    
2011/04/20 00:09:51.0593 0544    OS Version: 5.1.2600 ServicePack: 3.0
2011/04/20 00:09:51.0593 0544    Product type: Workstation
2011/04/20 00:09:51.0593 0544    ComputerName: COMPUTER-A04070
2011/04/20 00:09:51.0593 0544    UserName: Administrator
2011/04/20 00:09:51.0593 0544    Windows directory: C:\WINDOWS
2011/04/20 00:09:51.0593 0544    System windows directory: C:\WINDOWS
2011/04/20 00:09:51.0593 0544    Processor architecture: Intel x86
2011/04/20 00:09:51.0593 0544    Number of processors: 2
2011/04/20 00:09:51.0593 0544    Page size: 0x1000
2011/04/20 00:09:51.0593 0544    Boot type: Normal boot
2011/04/20 00:09:51.0593 0544    ================================================================================
2011/04/20 00:09:51.0828 0544    !crdlk
2011/04/20 00:09:51.0828 0544    Initialize success
2011/04/20 00:09:54.0312 2128    ================================================================================
2011/04/20 00:09:54.0312 2128    Scan started
2011/04/20 00:09:54.0312 2128    Mode: Manual;
2011/04/20 00:09:54.0312 2128    ================================================================================
2011/04/20 00:10:05.0312 2128    ================================================================================
2011/04/20 00:10:05.0312 2128    Scan finished
2011/04/20 00:10:05.0312 2128    ================================================================================
2011/04/20 00:10:10.0625 3548    Deinitialize success

ComboFix 11-04-19.06 - Administrator 20.04.2011  18:34:58.13.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
[i] ADS - WINDOWS: deleted 128 bytes in 2 streams. [/i]
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((   Files Creati Da 2011-03-20 al 2011-04-20  )))))))))))))))))))))))))))))))))))
.
.
2011-04-20 13:12 . 2011-04-20 13:12    76696    ----a-w-    c:\windows\system32\drivers\pxrts.sys
2011-04-20 13:12 . 2011-04-20 13:12    26096    ----a-w-    c:\windows\system32\drivers\pxkbf.sys
2011-04-20 12:09 . 2011-04-20 12:09    --------    d-----w-    c:\programmi\NoVirusThanks
2011-04-20 12:02 . 2011-04-20 12:02    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2011-04-20 11:50 . 2011-04-20 12:53    16968    ----a-w-    c:\windows\system32\drivers\hitmanpro35.sys
2011-04-20 11:50 . 2011-04-20 12:49    --------    d-----w-    c:\programmi\Hitman Pro 3.5
2011-04-20 11:50 . 2011-04-20 12:53    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\Hitman Pro
2011-04-20 01:39 . 2011-04-20 01:39    --------    d-----w-    c:\documents and settings\Administrator\Dati applicazioni\Mael
2011-04-20 01:31 . 2011-04-20 01:31    --------    d-----w-    c:\programmi\HxD
2011-04-20 00:41 . 2008-04-13 17:14    116224    ----a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2011-04-20 00:41 . 2001-08-30 21:08    23040    ----a-w-    c:\windows\system32\dllcache\xrxwbtmp.dll
2011-04-20 00:41 . 2008-04-13 17:14    18944    ----a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2011-04-20 00:41 . 2001-08-30 21:08    27648    ----a-w-    c:\windows\system32\dllcache\xrxftplt.exe
2011-04-20 00:41 . 2001-08-30 21:08    4608    ----a-w-    c:\windows\system32\dllcache\xrxflnch.exe
2011-04-20 00:41 . 2001-08-30 21:08    99865    ----a-w-    c:\windows\system32\dllcache\xlog.exe
2011-04-20 00:41 . 2001-08-17 18:11    16970    ----a-w-    c:\windows\system32\dllcache\xem336n5.sys
2011-04-20 00:41 . 2008-04-13 07:34    19455    ----a-w-    c:\windows\system32\dllcache\wvchntxx.sys
2011-04-20 00:41 . 2008-04-13 09:46    19200    ----a-w-    c:\windows\system32\dllcache\wstcodec.sys
2011-04-20 00:41 . 2008-04-13 17:13    8192    ----a-w-    c:\windows\system32\dllcache\wshirda.dll
2011-04-20 00:41 . 2008-04-13 07:34    12063    ----a-w-    c:\windows\system32\dllcache\wsiintxx.sys
2011-04-20 00:39 . 2008-04-13 09:36    8832    ----a-w-    c:\windows\system32\dllcache\wmiacpi.sys
2011-04-20 00:38 . 2008-04-13 07:35    154624    ----a-w-    c:\windows\system32\dllcache\wlluc48.sys
2011-04-20 00:38 . 2001-08-30 18:46    35402    ----a-w-    c:\windows\system32\dllcache\wlandrv2.sys
2011-04-20 00:38 . 2001-08-17 19:28    771581    ----a-w-    c:\windows\system32\dllcache\winacisa.sys
2011-04-20 00:38 . 2001-08-30 21:08    54272    ----a-w-    c:\windows\system32\dllcache\wiamsmud.dll
2011-04-20 00:38 . 2001-08-30 21:08    87040    ----a-w-    c:\windows\system32\dllcache\wiafbdrv.dll
2011-04-20 00:38 . 2008-04-14 12:00    41600    ----a-w-    c:\windows\system32\dllcache\weitekp9.dll
2011-04-20 00:38 . 2008-04-14 12:00    31360    ----a-w-    c:\windows\system32\dllcache\weitekp9.sys
2011-04-20 00:38 . 2008-04-13 16:49    32000    ----a-w-    c:\windows\system32\dllcache\wceusbsh.sys
2011-04-20 00:38 . 2008-04-13 07:34    23615    ----a-w-    c:\windows\system32\dllcache\wch7xxnt.sys
2011-04-20 00:38 . 2001-08-17 19:28    701386    ----a-w-    c:\windows\system32\dllcache\wdhaalba.sys
2011-04-20 00:38 . 2001-08-17 18:10    35871    ----a-w-    c:\windows\system32\dllcache\wbfirdma.sys
2011-04-20 00:36 . 2008-04-13 17:13    11325    ----a-w-    c:\windows\system32\dllcache\vchnt5.dll
2011-04-20 00:35 . 2001-08-30 21:08    28672    ----a-w-    c:\windows\system32\dllcache\umaxu40.dll
2011-04-20 00:34 . 2001-08-17 18:51    222336    ----a-w-    c:\windows\system32\dllcache\trid3dm.sys
2011-04-20 00:33 . 2008-04-14 12:00    13192    ----a-w-    c:\windows\system32\dllcache\tdasync.sys
2011-04-20 00:33 . 2001-08-17 19:49    30464    ----a-w-    c:\windows\system32\dllcache\tbatm155.sys
2011-04-20 00:33 . 2001-08-17 19:52    7040    ----a-w-    c:\windows\system32\dllcache\tandqic.sys
2011-04-20 00:33 . 2001-08-17 18:50    36640    ----a-w-    c:\windows\system32\dllcache\t2r4mini.sys
2011-04-20 00:33 . 2001-08-30 21:07    172768    ----a-w-    c:\windows\system32\dllcache\t2r4disp.dll
2011-04-20 00:33 . 2001-08-17 20:07    32640    ----a-w-    c:\windows\system32\dllcache\symc8xx.sys
2011-04-20 00:33 . 2001-08-17 20:07    16256    ----a-w-    c:\windows\system32\dllcache\symc810.sys
2011-04-20 00:33 . 2001-08-17 20:07    30688    ----a-w-    c:\windows\system32\dllcache\sym_u3.sys
2011-04-20 00:33 . 2001-08-17 20:07    28384    ----a-w-    c:\windows\system32\dllcache\sym_hi.sys
2011-04-20 00:33 . 2001-08-30 21:08    94293    ----a-w-    c:\windows\system32\dllcache\sxports.dll
2011-04-20 00:31 . 2001-08-30 21:08    24660    ----a-w-    c:\windows\system32\dllcache\spxupchk.dll
2011-04-20 00:30 . 2001-08-30 20:37    36937    ----a-w-    c:\windows\system32\dllcache\smcirda.sys
2011-04-20 00:29 . 2001-08-17 18:50    68608    ----a-w-    c:\windows\system32\dllcache\sis6306p.sys
2011-04-20 00:29 . 2001-08-30 21:07    252032    ----a-w-    c:\windows\system32\dllcache\sis300iv.dll
2011-04-20 00:29 . 2008-04-14 12:00    19456    ----a-w-    c:\windows\system32\dllcache\simptcp.dll
2011-04-20 00:29 . 2001-08-17 18:50    101760    ----a-w-    c:\windows\system32\dllcache\sis300ip.sys
2011-04-20 00:29 . 2008-04-13 17:13    3901    ----a-w-    c:\windows\system32\dllcache\siint5.dll
2011-04-20 00:28 . 2001-08-30 20:30    161792    ----a-w-    c:\windows\system32\dllcache\sgsmusb.sys
2011-04-20 00:28 . 2001-07-21 20:29    18400    ----a-w-    c:\windows\system32\dllcache\sgsmld.sys
2011-04-20 00:28 . 2001-08-17 18:51    98080    ----a-w-    c:\windows\system32\dllcache\sgiulnt5.sys
2011-04-20 00:28 . 2001-08-30 21:07    386560    ----a-w-    c:\windows\system32\dllcache\sgiul50.dll
2011-04-20 00:28 . 2001-08-17 18:19    36480    ----a-w-    c:\windows\system32\dllcache\sfmanm.sys
2011-04-20 00:28 . 2001-08-30 20:28    6912    ----a-w-    c:\windows\system32\dllcache\serscan.sys
2011-04-20 00:26 . 2001-08-17 18:50    41216    ----a-w-    c:\windows\system32\dllcache\s3mt3d.sys
2011-04-20 00:25 . 2008-04-13 09:23    13776    ----a-w-    c:\windows\system32\dllcache\recagent.sys
2011-04-20 00:24 . 2008-04-13 17:13    159232    ----a-w-    c:\windows\system32\dllcache\ptpusd.dll
2011-04-20 00:23 . 2001-08-17 20:07    5504    ----a-w-    c:\windows\system32\dllcache\perc2hib.sys
2011-04-20 00:22 . 2001-08-17 20:05    48000    ----a-w-    c:\windows\system32\dllcache\ovcam2.sys
2011-04-20 00:22 . 2001-08-17 20:05    25088    ----a-w-    c:\windows\system32\dllcache\ovca.sys
2011-04-20 00:22 . 2001-08-30 19:50    54826    ----a-w-    c:\windows\system32\dllcache\otcsercb.sys
2011-04-20 00:22 . 2001-08-30 19:50    44361    ----a-w-    c:\windows\system32\dllcache\otceth5.sys
2011-04-20 00:22 . 2001-08-17 18:12    27209    ----a-w-    c:\windows\system32\dllcache\otc06x5.sys
2011-04-20 00:22 . 2001-08-17 18:20    54528    ----a-w-    c:\windows\system32\dllcache\opl3sax.sys
2011-04-20 00:22 . 2008-04-13 09:46    61696    ----a-w-    c:\windows\system32\dllcache\ohci1394.sys
2011-04-20 00:21 . 2001-08-17 18:50    198144    ----a-w-    c:\windows\system32\dllcache\nv3.sys
2011-04-20 00:21 . 2001-08-30 21:07    123776    ----a-w-    c:\windows\system32\dllcache\nv3.dll
2011-04-20 00:21 . 2008-04-13 09:23    180360    ----a-w-    c:\windows\system32\dllcache\ntmtlfax.sys
2011-04-20 00:21 . 2001-08-17 18:49    51552    ----a-w-    c:\windows\system32\dllcache\ntgrip.sys
2011-04-20 00:20 . 2001-08-30 19:30    9472    ----a-w-    c:\windows\system32\dllcache\ntapm.sys
2011-04-20 00:20 . 2001-08-17 19:53    7552    ----a-w-    c:\windows\system32\dllcache\nsmmc.sys
2011-04-20 00:20 . 2008-04-14 12:00    45056    ----a-w-    c:\windows\system32\dllcache\nsepm.dll
2011-04-20 00:20 . 2008-04-13 09:54    28672    ----a-w-    c:\windows\system32\dllcache\nscirda.sys
2011-04-20 00:20 . 2001-08-17 18:20    87040    ----a-w-    c:\windows\system32\dllcache\nm6wdm.sys
2011-04-20 00:20 . 2001-08-17 18:20    126080    ----a-w-    c:\windows\system32\dllcache\nm5a2wdm.sys
2011-04-20 00:20 . 2008-04-14 12:00    53760    ----a-w-    c:\windows\system32\dllcache\nextlink.dll
2011-04-20 00:20 . 2001-08-17 18:12    32840    ----a-w-    c:\windows\system32\dllcache\ngrpci.sys
2011-04-20 00:20 . 2008-04-13 16:54    132695    ----a-w-    c:\windows\system32\dllcache\netwlan5.sys
2011-04-20 00:18 . 2008-04-13 07:34    452736    ----a-w-    c:\windows\system32\dllcache\mtxparhm.sys
2011-04-20 00:18 . 2001-08-17 18:50    103296    ----a-w-    c:\windows\system32\dllcache\mtxvideo.sys
2011-04-20 00:18 . 2008-04-13 17:13    1737856    ----a-w-    c:\windows\system32\dllcache\mtxparhd.dll
2011-04-20 00:18 . 2008-04-14 12:00    119808    ----a-w-    c:\windows\system32\dllcache\mtstocom.exe
2011-04-20 00:18 . 2008-04-13 09:23    1309184    ----a-w-    c:\windows\system32\dllcache\mtlstrm.sys
2011-04-20 00:18 . 2008-04-13 09:23    126686    ----a-w-    c:\windows\system32\dllcache\mtlmnt5.sys
2011-04-20 00:18 . 2008-04-13 09:39    5504    ----a-w-    c:\windows\system32\dllcache\mstee.sys
2011-04-20 00:18 . 2008-04-13 09:46    49024    ----a-w-    c:\windows\system32\dllcache\mstape.sys
2011-04-20 00:18 . 2001-08-17 19:48    12416    ----a-w-    c:\windows\system32\dllcache\msriffwv.sys
2011-04-20 00:17 . 2001-08-17 20:00    2944    ----a-w-    c:\windows\system32\dllcache\msmpu401.sys
2011-04-20 00:17 . 2008-04-14 12:00    40960    ----a-w-    c:\windows\system32\dllcache\msiregmv.exe
2011-04-20 00:17 . 2008-04-13 09:54    22016    ----a-w-    c:\windows\system32\dllcache\msircomm.sys
2011-04-20 00:17 . 2008-04-14 12:00    98304    ----a-w-    c:\windows\system32\dllcache\msir3jp.dll
2011-04-20 00:16 . 2001-08-17 20:02    35200    ----a-w-    c:\windows\system32\dllcache\msgame.sys
2011-04-20 00:16 . 2001-08-17 19:48    6016    ----a-w-    c:\windows\system32\dllcache\msfsio.sys
2011-04-20 00:16 . 2008-04-13 09:46    51200    ----a-w-    c:\windows\system32\dllcache\msdv.sys
2011-04-20 00:16 . 2001-08-17 19:52    17280    ----a-w-    c:\windows\system32\dllcache\mraid35x.sys
2011-04-20 00:15 . 2008-04-13 09:46    15232    ----a-w-    c:\windows\system32\dllcache\mpe.sys
2011-04-20 00:15 . 2001-08-17 19:57    16128    ----a-w-    c:\windows\system32\dllcache\modemcsa.sys
2011-04-20 00:15 . 2001-08-17 19:52    6528    ----a-w-    c:\windows\system32\dllcache\miniqic.sys
2011-04-20 00:13 . 2008-04-13 16:54    607292    ----a-w-    c:\windows\system32\dllcache\ltmdmnt.sys
2011-04-20 00:12 . 2008-04-14 12:00    5632    ----a-w-    c:\windows\system32\dllcache\kbdth1.dll
2011-04-20 00:11 . 2001-08-30 21:07    90200    ----a-w-    c:\windows\system32\dllcache\io8ports.dll
2011-04-20 00:10 . 2001-08-30 21:07    372824    ----a-w-    c:\windows\system32\dllcache\iconf32.dll
2011-04-20 00:09 . 2008-04-14 12:00    10129408    ----a-w-    c:\windows\system32\dllcache\hwxkor.dll
2011-04-20 00:08 . 2001-08-17 19:52    5760    ----a-w-    c:\windows\system32\dllcache\hpt4qic.sys
2011-04-20 00:07 . 2008-04-14 12:00    36864    ----a-w-    c:\windows\system32\dllcache\hanjadic.dll
2011-04-20 00:06 . 2002-05-14 11:08    94208    ----a-w-    c:\windows\system32\dllcache\fpencode.dll
2011-04-20 00:05 . 2001-08-17 18:19    63360    ----a-w-    c:\windows\system32\dllcache\ess.sys
2011-04-20 00:04 . 2001-08-30 19:33    44615    ----a-w-    c:\windows\system32\dllcache\el515.sys
2011-04-20 00:04 . 2008-04-14 12:00    514587    ----a-w-    c:\windows\system32\dllcache\edb500.dll
2011-04-20 00:04 . 2001-08-17 18:12    19594    ----a-w-    c:\windows\system32\dllcache\e100isa4.sys
2011-04-20 00:04 . 2001-08-30 19:29    117760    ----a-w-    c:\windows\system32\dllcache\e100b325.sys
2011-04-20 00:04 . 2001-08-30 19:29    51743    ----a-w-    c:\windows\system32\dllcache\e1000nt5.sys
2011-04-20 00:04 . 2001-08-17 18:20    334208    ----a-w-    c:\windows\system32\dllcache\ds1wdm.sys
2011-04-20 00:04 . 2001-08-17 20:07    20192    ----a-w-    c:\windows\system32\dllcache\dpti2o.sys
2011-04-20 00:04 . 2001-08-17 18:12    28062    ----a-w-    c:\windows\system32\dllcache\dp83820.sys
2011-04-20 00:04 . 2001-08-30 19:20    23936    ----a-w-    c:\windows\system32\dllcache\dot4usb.sys
2011-04-20 00:04 . 2001-08-17 19:47    8704    ----a-w-    c:\windows\system32\dllcache\dot4scan.sys
2011-04-20 00:04 . 2008-04-13 09:39    206976    ----a-w-    c:\windows\system32\dllcache\dot4.sys
2011-04-20 00:04 . 2001-08-17 19:47    12928    ----a-w-    c:\windows\system32\dllcache\dot4prt.sys
2011-04-20 00:02 . 2001-08-30 21:07    111104    ----a-w-    c:\windows\system32\dllcache\dc260usd.dll
2011-04-20 00:01 . 2008-04-14 12:00    57399    ----a-w-    c:\windows\system32\dllcache\cplexe.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 13:12 . 2010-01-06 16:50    32008    ----a-w-    c:\windows\system32\drivers\pxscan.sys
2011-04-06 13:46 . 2010-05-11 14:36    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03    557328    ----a-w-    c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24    5302    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08    29480    ------w-    c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42    353576    ------w-    c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14    505128    ------w-    c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08    0    ------w-    c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08    835480    ----a-w-    c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08    938904    ----a-w-    c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19    61440    ----a-w-    c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19    2252904    ----a-w-    c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03    4984832    ----a-w-    c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03    2918504    ----a-w-    c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03    14675968    ----a-w-    c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19    13004800    ----a-w-    c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03    9925408    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03    6407808    ----a-w-    c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03    1974272    ----a-w-    c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26    81920    ----a-w-    c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26    277608    ----a-w-    c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26    13881448    ----a-w-    c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26    111208    ----a-w-    c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26    580200    ----a-w-    c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26    155752    ----a-w-    c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26    145000    ----a-w-    c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26    331776    ----a-w-    c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26    286720    ----a-w-    c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26    262144    ----a-w-    c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26    229376    ----a-w-    c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26    126976    ----a-w-    c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26    335872    ----a-w-    c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26    282624    ----a-w-    c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26    278528    ----a-w-    c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26    274432    ----a-w-    c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26    270336    ----a-w-    c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26    266240    ----a-w-    c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26    258048    ----a-w-    c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26    253952    ----a-w-    c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26    249856    ----a-w-    c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38    86016    ------w-    c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40    93696    ------w-    c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40    178176    ------w-    c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40    12288    ------w-    c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40    446464    ------w-    c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40    24064    ------w-    c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40    180224    ------w-    c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40    165888    ------w-    c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40    95232    ------w-    c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40    81920    ------w-    c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40    81920    ------w-    c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40    69632    ------w-    c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40    53248    ------w-    c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40    45056    ------w-    c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40    4608    ------w-    c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40    22272    ------w-    c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40    9856    ------w-    c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40    8832    ------w-    c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28    774144    ----a-w-    c:\programmi\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16    64000    ----a-w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13    64592    ----a-w-    c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17    4743240    ----a-w-    c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16    165144    ----a-w-    c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10    402432    ----a-w-    c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39    323392    ----a-w-    c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52    86016    ----a-w-    c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36    13561856    ----a-w-    c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32    1352272    ----a-w-    c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23    133104    ----atw-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44    31072    ----a-w-    c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30    687104    ----a-w-    c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08    963976    ----a-w-    c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08    443728    ----a-w-    c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38    64000    ----a-w-    c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50    155648    ------w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42    2937528    ----a-w-    c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51    25088    ------r-    c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49    249064    ----a-w-    c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37    517096    ----a-w-    c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28    247144    ----a-w-    c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03    222504    ----a-w-    c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07    199752    ----a-w-    c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05    77824    ------w-    c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-04-20 32008]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-04-20 76696]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-04-20 26096]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\programmi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\ASTSRV.EXE
c:\windows\system32\crypserv.exe
c:\programmi\Canon\IJPLM\IJPLMSVC.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Ora fine scansione: 2011-04-20  19:03:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2011-04-20 17:03
ComboFix2.txt  2011-04-20 15:50
ComboFix3.txt  2011-04-20 04:08
ComboFix4.txt  2011-04-19 22:03
.
Pre-Run: 65'546'600'448 byte disponibili
Post-Run: 65'534'447'616 byte disponibili
.
- - End Of File - - C685CB39933D3839238F744E17C10C1F