Si ,lo rileva ad ogni scansione.
Ti allego qui il log Combofix
ComboFix 13-04-26.01 - paolo 26/04/2013 23.42.32.22.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2220 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo\Desktop\combofix13-03-27.01.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Outpost Firewall Pro *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
.
La copia infetta di c:\windows\system32\samsrv.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\ServicePackFiles\i386\samsrv.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-26 al 2013-04-26 )))))))))))))))))))))))))))))))))))
.
.
2013-04-26 10:35 . 2013-04-26 10:35 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\SolidDocuments
2013-04-26 07:16 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{7C2965AC-976E-4FC2-A61B-2E1A753ED808}\mpengine.dll
2013-04-26 06:51 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-25 21:22 . 2013-04-25 21:22 -------- d-----w- c:\programmi\7-Zip
2013-04-24 05:59 . 2013-04-24 06:19 -------- d-----w- C:\combofix13-03-27.01
2013-04-21 20:23 . 2013-04-21 20:23 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Sun
2013-04-21 20:20 . 2013-04-21 20:20 -------- d-----w- c:\programmi\File comuni\Java
2013-04-21 20:19 . 2013-04-21 20:19 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-21 20:19 . 2013-04-21 20:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-21 08:59 . 2013-04-21 08:59 -------- d-----w- c:\programmi\Poedit
2013-04-20 14:33 . 2013-04-20 14:33 -------- d-----w- c:\windows\Downloaded Installations
2013-04-20 10:56 . 2013-04-20 10:56 -------- d-sh--w- c:\documents and settings\paolo\UserData
2013-04-19 20:53 . 2013-04-19 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sophos
2013-04-19 20:53 . 2013-04-19 20:53 73728 ----a-r- c:\documents and settings\paolo\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-19 20:53 . 2013-04-19 20:53 73728 ----a-r- c:\documents and settings\paolo\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-19 20:53 . 2013-04-19 20:53 73728 ----a-r- c:\documents and settings\paolo\Dati applicazioni\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-19 20:53 . 2013-04-19 20:53 -------- d-----w- c:\programmi\Sophos
2013-04-19 13:29 . 2013-04-19 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Wincert
2013-04-19 13:28 . 2013-04-19 13:28 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\KingTranslate
2013-04-19 13:27 . 2013-04-19 13:29 -------- d-----w- c:\programmi\KingTranslate
2013-04-19 13:02 . 2013-04-19 13:02 -------- d-----w- c:\programmi\GKFX FX - CFDs
2013-04-19 12:23 . 2013-04-19 12:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MetaQuotes
2013-04-19 07:33 . 2013-04-19 07:33 -------- d-----w- c:\programmi\OfflinePennyPuncher
2013-04-19 06:26 . 2013-04-19 06:26 -------- d-----w- c:\programmi\iPod
2013-04-19 06:26 . 2013-04-19 06:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-17 21:51 . 2013-04-17 23:26 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\com.webdimensions.viralvideocuratorpro
2013-04-17 21:50 . 2013-04-17 23:26 -------- d-----w- c:\programmi\Web Dimensions
2013-04-15 23:58 . 2013-04-22 00:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallMate
2013-04-15 15:40 . 2013-04-15 15:44 -------- d-----w- c:\programmi\TIAB
2013-04-14 21:21 . 2013-04-14 21:21 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Pixarra
2013-04-14 21:06 . 2013-04-14 21:06 -------- d-----w- c:\programmi\Pixarra
2013-04-14 20:36 . 2013-04-14 20:36 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Ambient Design
2013-04-12 07:59 . 2013-04-12 07:59 -------- d-----w- c:\programmi\Microsoft Agent
2013-04-11 20:07 . 2013-04-11 20:07 -------- d-----w- c:\programmi\Innovative Solutions
2013-04-11 19:49 . 2013-04-11 19:50 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin7.dll
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin6.dll
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin5.dll
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin4.dll
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin3.dll
2013-04-11 14:37 . 2013-04-11 14:37 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin2.dll
2013-04-11 14:37 . 2013-04-11 14:36 159744 ----a-w- c:\programmi\Internet Explorer\Plugin\npqtplugin.dll
2013-04-11 12:34 . 2011-08-22 15:07 354416 ----a-w- c:\windows\system32\vmnetdhcp.exe
2013-04-11 12:34 . 2011-08-22 15:06 432752 ----a-w- c:\windows\system32\vmnat.exe
2013-04-11 12:34 . 2011-08-22 15:06 25712 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-04-11 12:34 . 2011-08-22 15:07 783472 ----a-w- c:\windows\system32\vnetlib.dll
2013-04-11 12:33 . 2013-04-11 12:33 -------- d-----w- c:\programmi\VMware
2013-04-11 12:32 . 2013-04-11 12:33 -------- d-----w- c:\programmi\File comuni\VMware
2013-04-10 16:17 . 2013-04-10 16:38 -------- d-----w- c:\programmi\Acapela Group
2013-04-09 15:49 . 2013-04-09 15:49 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\ElevatedDiagnostics
2013-04-09 15:17 . 2013-04-09 15:21 -------- d-----w- c:\programmi\NextUp Talker
2013-04-09 15:07 . 2013-04-09 15:07 -------- d-----w- c:\programmi\Microsoft Speech SDK 5.1
2013-04-09 11:41 . 2013-04-09 11:41 -------- d-----w- c:\programmi\placemat
2013-04-08 18:30 . 2013-04-08 18:34 -------- d-----w- c:\programmi\Dream Aquarium
2013-04-08 08:40 . 2013-04-08 08:40 -------- d-----w- c:\documents and settings\All Users\Adobe
2013-04-06 09:03 . 2013-04-26 06:59 -------- d-----w- c:\programmi\FBLeadster
2013-04-06 08:40 . 2013-04-06 08:42 -------- d-----w- c:\programmi\CCleaner
2013-04-04 10:40 . 2013-04-04 10:40 -------- d-sh--w- c:\documents and settings\paolo\IECompatCache
2013-04-04 10:29 . 2013-04-04 10:29 -------- d-----w- c:\programmi\Nuance
2013-04-03 23:50 . 2013-04-03 23:50 -------- d-----w- c:\programmi\BabylonToolbar
2013-04-03 23:29 . 2013-04-04 10:40 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\Nuance
2013-04-03 23:12 . 2013-04-03 23:12 -------- d-----w- c:\programmi\File comuni\IVA
2013-04-03 23:11 . 2013-04-04 10:32 -------- d-----w- c:\programmi\File comuni\Nuance
2013-04-03 21:03 . 2013-04-03 21:03 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2013-04-03 16:13 . 2013-04-03 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2013-04-03 15:00 . 2013-04-03 16:49 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2013-04-03 13:45 . 2013-04-15 01:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ftw
2013-04-03 13:41 . 2013-04-15 01:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\copypart
2013-04-03 12:48 . 2013-04-03 12:48 -------- d-----w- C:\archive_db
2013-04-03 12:31 . 2013-04-15 01:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\complexbackup
2013-04-03 11:29 . 2012-12-05 08:50 785800 ----a-w- c:\windows\system32\drivers\SandBox.sys
2013-04-03 11:29 . 2012-12-03 10:49 285280 ----a-w- c:\windows\system32\drivers\afwcore.sys
2013-04-03 11:29 . 2012-09-03 18:20 33888 ----a-w- c:\windows\system32\drivers\afw.sys
2013-04-03 11:29 . 2013-04-03 11:29 -------- d-----w- c:\programmi\Agnitum
2013-04-02 14:13 . 2013-04-02 14:13 -------- d-----w- c:\programmi\Cepstral
2013-03-31 19:48 . 2013-03-31 19:51 -------- d-----w- c:\programmi\Visual Slideshow
2013-03-31 18:24 . 2013-03-31 18:24 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\facebookpostMain
2013-03-31 18:24 . 2013-03-31 18:24 -------- d-----w- c:\programmi\FB Lead System
2013-03-30 16:09 . 2013-03-30 16:09 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Configure
2013-03-30 16:09 . 2013-04-05 12:09 -------- d-----w- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Maker3D
2013-03-28 11:17 . 2013-04-09 11:40 -------- d-----w- c:\documents and settings\paolo\Dati applicazioni\placemat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-21 20:19 . 2011-07-01 13:13 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-21 20:19 . 2010-04-27 19:10 788896 -c--a-w- c:\windows\system32\deployJava1.dll
2013-04-20 11:41 . 2012-09-08 12:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-20 11:41 . 2012-09-08 12:22 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 12:50 . 2010-10-08 07:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33 . 2011-05-06 00:29 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 05:47 . 2013-03-26 09:08 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-03-15 05:47 . 2013-03-26 09:08 6074368 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:47 . 2013-03-26 09:08 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-03-15 05:47 . 2010-01-12 10:03 2733344 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:47 . 2010-01-12 10:03 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:47 . 2010-01-12 10:03 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 05:47 . 2008-10-07 05:33 7745536 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:47 . 2008-10-07 05:33 4079104 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-15 05:47 . 2008-10-07 05:33 2490368 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:47 . 2008-10-07 05:33 19689472 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-15 05:47 . 2008-10-07 05:33 10713024 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-15 02:59 . 2010-04-03 18:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-03-15 02:59 . 2010-04-03 18:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-03-15 02:59 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-03-15 02:59 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-03-15 02:59 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-03-15 02:59 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-03-15 02:59 . 2010-04-03 18:22 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-03-15 02:59 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-03-15 02:59 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-03-15 02:59 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-03-15 02:59 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-03-15 02:59 . 2010-04-03 18:22 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-03-15 02:59 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-03-15 02:59 . 2010-04-03 18:22 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-03-15 02:59 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-03-15 02:59 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-03-15 02:59 . 2010-04-03 18:22 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-03-15 02:59 . 2010-04-03 18:22 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-03-15 02:59 . 2010-04-03 18:22 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-03-15 02:59 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-03-15 02:59 . 2010-04-03 18:22 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-03-15 02:59 . 2010-04-03 18:22 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-03-15 02:59 . 2010-04-03 18:22 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-03-15 02:59 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-03-15 02:59 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-03-15 02:59 . 2010-04-03 18:22 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-03-15 02:59 . 2010-04-03 18:22 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-03-15 02:59 . 2010-04-03 18:22 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-03-15 02:57 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-03-15 02:57 . 2010-04-03 18:23 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 02:57 . 2010-04-03 18:23 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-03-15 02:57 . 2010-04-03 18:23 15668512 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:57 . 2010-04-03 18:23 144160 ----a-w- c:\windows\system32\nvcolor.exe
2013-03-08 08:36 . 2004-08-19 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-19 15:34 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-19 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2004-08-19 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:55 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 01:55 . 2004-08-19 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:55 . 2004-08-19 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:08 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2010-04-21 06:17 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-19 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 16:07 . 2010-09-07 08:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-01-15 08:36 . 2011-07-25 14:51 75040 ----a-w- c:\programmi\File comuni\SpeechUninstall.exe
2001-07-03 17:47 . 2010-04-26 10:08 69632 -c--a-w- c:\programmi\sylia.dll
2001-03-01 09:51 . 2010-04-26 10:08 36864 -c--a-w- c:\programmi\AuxSetup.exe
2000-09-24 04:48 . 2010-04-26 10:08 7752 -c--a-w- c:\programmi\vdsvrlnk.dll
2000-09-24 04:48 . 2010-04-26 10:08 10824 -c--a-w- c:\programmi\vdremote.dll
2000-04-16 20:22 . 2010-04-26 10:08 45056 -c--a-w- c:\programmi\vdicmdrv.dll
2013-04-20 22:04 . 2013-04-20 22:03 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\paolo\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\paolo\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\paolo\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\paolo\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\programmi\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-09-10 563007]
"WorkShelf"="c:\programmi\Winstep\WorkShelf.exe" [2012-03-28 19256448]
"BitTorrent"="c:\programmi\BitTorrent\bittorrent.exe" [2013-04-13 882520]
"CursorFX"="c:\programmi\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"Babylon Client"="c:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2013-02-07 3590224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2012-12-14 3452344]
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vmware-tray"="c:\programmi\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2012-07-04 296096]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Rocketdock.lnk - c:\programmi\RocketDock\RocketDock.exe [2011-7-7 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2008-03-28 08:23 49152 ----a-w- c:\progra~1\FILECO~1\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 12:08 205336 ----a-w- c:\programmi\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-27 19:11 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-04 21:01 296096 ----a-w- c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NextSTART"=c:\programmi\Winstep\nextstart.exe autostart
"OfficeSyncProcess"="c:\programmi\Microsoft Office\Office14\MSOSYNC.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" -osboot
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"nwiz"=c:\programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\paolo\\Impostazioni locali\\Dati applicazioni\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programmi\\File comuni\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\paolo\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Programmi\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Programmi\\VMware\\VMware Workstation\\vmware-hostd.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server TCP/IP Port
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01/07/2011 14.21.48 16024]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2010 12.48.10 691696]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [08/08/2011 14.58.56 98928]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [21/04/2010 9.07.13 13696]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [03/04/2013 13.29.59 785800]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07/09/2010 10.57.56 101720]
R1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [22/11/2012 23.15.04 283600]
R2 Cepstral License Server;Cepstral License Server;c:\programmi\Cepstral\bin\CepstralLicSrv.exe [15/03/2007 13.54.48 57344]
R2 DragonSvc;Dragon Service;c:\programmi\File comuni\Nuance\dgnsvc.exe [11/02/2013 18.48.56 311184]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/02/2013 19.40.47 418376]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [08/10/2010 9.37.43 701512]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [01/07/2011 14.21.53 220824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29/05/2012 20.46.46 1528672]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\programmi\File comuni\VMware\USB\vmware-usbarbitrator.exe [21/08/2011 23.11.22 665200]
R2 VMwareHostd;VMware Workstation Server;c:\programmi\VMware\VMware Workstation\vmware-hostd.exe [22/08/2011 16.34.52 11837440]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [08/07/2011 15.32.56 22768]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [07/05/2011 11.08.46 17984]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [03/04/2013 13.29.47 33888]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [03/04/2013 13.29.47 285280]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [01/07/2011 13.03.47 45288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/10/2010 9.37.37 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [20/10/2011 11.48.16 10064]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [01/07/2011 13.05.06 1513984]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [03/04/2013 13.29.35 2312176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2011 2.18.42 8192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/04/2010 9.09.42 1691480]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [04/02/2012 11.40.44 24064]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [02/07/2011 4.45.37 403008]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [01/07/2011 14.21.48 45208]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [08/02/2013 16.17.17 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmi\File comuni\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 6.46.20 284016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 11:41]
.
2013-04-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAOLO-PC-paolo.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 05:27]
.
2013-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-24 02:56]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1801674531-725345543-1003Core.job
- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-30 20:12]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1801674531-725345543-1003UA.job
- c:\documents and settings\paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-07-30 20:12]
.
2012-04-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\programmi\Microsoft IntelliType Pro\itype.exe [2011-08-10 14:39]
.
2013-04-26 c:\windows\Tasks\MpIdleTask.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
2013-04-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\programmi\File comuni\ParetoLogic\UUS3\UUS3.dll [2011-11-25 02:25]
.
2013-04-22 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\programmi\File comuni\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2013-04-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-06-21 10:00]
.
2013-04-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1801674531-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-06-21 10:00]
.
2013-04-15 c:\windows\Tasks\RegCure Pro.job
- c:\programmi\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 21:18]
.
2013-04-26 c:\windows\Tasks\User_Feed_Synchronization-{04E0ABEC-BE27-4E72-B7E0-9A0EA032BD5F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: I&nvia a OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\documents and settings\paolo\Dati applicazioni\Mozilla\Firefox\Profiles\a1ik5tuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.helpmefindyour.info/?pid=703&r=2013/04/18&hid=377599103&lg=EN&cc=IT&l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-04 01:50;
ocr@babylon.com; c:\programmi\Mozilla Firefox\extensions\ocr@babylon.com
FF - ExtSQL: 2013-04-19 15:28;
wcapturex@deskperience.com; c:\programmi\KingTranslate\WCaptureMoz
FF - ExtSQL: 2013-04-20 12:24;
web2pdfextension@web2pdf.adobedotcom; c:\programmi\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: !HIDDEN! 2013-02-08 17:40;
ocr@babylon.com; c:\programmi\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=18b851bd0000000000000030674bda25&q=
FF - user.js: extensions.BabylonToolbar.id - 18b851bd0000000000000030674bda25
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15798
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.101:50
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - na
FF - user.js: extensions.BabylonToolbar.dfltLng - it
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=14795&tt=250111_def
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
.
------- Associazioni dei file -------
.
.reg=regfile.reg
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - REG_SZ
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-04-26 23:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:23,2c,cd,bc,3c,0d,26,9b,61,6f,1c,da,99,95,b0,c8,24,b6,89,8b,a0,
a8,6a,cd,09,99,84,f3,b0,3d,2c,54,44,2c,32,40,de,10,7c,d5,5a,ce,48,1b,03,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:23,2c,cd,bc,3c,0d,26,9b,61,6f,1c,da,99,95,b0,c8,24,b6,89,8b,a0,
a8,6a,cd,09,99,84,f3,b0,3d,2c,54,44,2c,32,40,de,10,7c,d5,5a,ce,48,1b,03,d4,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1988)
c:\progra~1\FILECO~1\Stardock\mcpstub.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(488)
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\programmi\Babylon\Babylon-Pro\Captlib.dll
c:\documents and settings\paolo\Dati applicazioni\Dropbox\bin\DropboxExt.17.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1040\GrooveIntlResource.dll
c:\programmi\Stardock\Object Desktop\IconPackager\shellext.dll
c:\programmi\Atomic Alarm Clock\Clock.dll
c:\progra~1\FILECO~1\Stardock\mcpcore.dll
c:\progra~1\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\progra~1\FILECO~1\Stardock\SDMCP.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\RTHDCPL.EXE
c:\programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\RunDLL32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\vmnat.exe
c:\programmi\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\vmnetdhcp.exe
c:\programmi\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2013-04-27 00:00:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-04-26 22:00
ComboFix2.txt 2013-04-26 06:44
ComboFix3.txt 2013-04-26 06:30
ComboFix4.txt 2013-04-25 05:41
ComboFix5.txt 2013-04-26 21:41
.
Pre-Run: 129.299.296.256 byte disponibili
Post-Run: 129.312.686.080 byte disponibili
.
- - End Of File - - 91E23D3955F763EA3A410363E72B0F3D
