orco

L'audio Va A Tratti (wmp 11)

Iniziato da orco,

6 messaggi in questa discussione

Inviato

ciao a tutti!

ho un problema di audio con wmp 11. va a tratti, penso che sia stato un troyan, bagle se non erro, purtroppo la scansione l'ho fatta un mese fa e l'ho eliminato, ma penso che ci siano ancora delle parti da eliminare. qualcuno riesce ad aiutarmi, ho vista

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

eccolo

ComboFix 09-01-21.04 - luca tagliabue 2009-01-25 12.19.42.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3069.1772 [GMT 1:00]

Eseguito da: c:\users\luca tagliabue\Downloads\ComboFix.exe

* Creato nuovo punto di ripristino

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\InfoSat.txt

c:\users\luca tagliabue\AppData\Roaming\.#

c:\users\luca tagliabue\AppData\Roaming\drivers\downld

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\1127637.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\1129884.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\1130445.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\219415.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\221474.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\222176.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\233907.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\234641.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\234859.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\267775.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\269507.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\270365.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\2996716.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\2998510.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\2999322.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3041738.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3044967.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3047978.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3059008.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3064889.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3067213.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\337414.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3388653.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3396828.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3397218.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3473939.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3479649.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3481068.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3483486.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3495483.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3497339.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\352733.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\354013.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3583483.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3585854.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3586618.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3607195.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3621532.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3626976.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3627179.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3630611.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3631422.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3728377.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3744679.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\3746067.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\407895.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\4201840.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\4210154.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\4211527.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\458237.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\458861.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\459344.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\473151.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\475038.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\475959.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\477643.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\478829.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\479874.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\506051.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\507128.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\507845.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\517080.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\549560.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\583615.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\617061.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\617561.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\617826.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\645500.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\646015.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\646156.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\686700.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\690070.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\690429.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\747010.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\761128.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\762018.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\763375.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\765465.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\767181.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\864885.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\876320.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\881078.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\948189.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\954538.exe

c:\users\luca tagliabue\AppData\Roaming\drivers\downld\956114.exe

c:\users\luca tagliabue\Documents\My Documents.url

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\1127637.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\1129884.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\1130445.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\219415.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\221474.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\222176.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\233907.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\234641.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\234859.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\267775.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\269507.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\270365.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\2996716.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\2998510.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\2999322.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3041738.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3044967.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3047978.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3059008.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3064889.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3067213.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\337414.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3388653.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3396828.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3397218.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3473939.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3479649.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3481068.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3483486.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3495483.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3497339.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\352733.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\354013.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3583483.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3585854.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3586618.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3607195.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3621532.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3626976.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3627179.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3630611.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3631422.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3728377.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3744679.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\3746067.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\407895.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\4201840.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\4210154.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\4211527.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\458237.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\458861.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\459344.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\473151.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\475038.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\475959.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\477643.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\478829.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\479874.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\506051.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\507128.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\507845.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\517080.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\549560.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\583615.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\617061.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\617561.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\617826.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\645500.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\646015.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\646156.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\686700.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\690070.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\690429.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\747010.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\761128.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\762018.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\763375.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\765465.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\767181.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\864885.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\876320.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\881078.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\948189.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\954538.exe

c:\users\LUCATA~1\AppData\Roaming\drivers\downld\956114.exe

c:\users\LUCATA~1\DOCUME~1\My Documents.url

D:\resycled

d:\resycled\boot.com.VIR

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SK9OU0S

-------\Service_sK9Ou0s

((((((((((((((((((((((((( Files Creati Da 2008-12-25 al 2009-01-25 )))))))))))))))))))))))))))))))))))

.

2009-01-24 17:14 . 2009-01-24 17:15 <DIR> d-------- c:\program files\QuickTime

2009-01-24 16:49 . 2009-01-24 16:49 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\Media Player Classic

2009-01-24 16:49 . 2009-01-24 16:49 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\Media Player Classic

2009-01-23 12:38 . 2009-01-23 12:38 <DIR> d-------- c:\program files\Utherverse Digital Inc

2009-01-21 17:37 . 2009-01-21 17:37 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\Sierra Entertainment

2009-01-21 17:37 . 2009-01-21 17:37 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\Sierra Entertainment

2009-01-21 17:17 . 2009-01-21 17:17 <DIR> dr-h----- c:\users\LUCATA~1\AppData\Roaming\SecuROM

2009-01-21 17:17 . 2009-01-21 17:17 <DIR> dr-h----- c:\users\luca tagliabue\AppData\Roaming\SecuROM

2009-01-21 17:09 . 2009-01-21 17:09 <DIR> d-------- c:\program files\AGEIA Technologies

2009-01-21 17:08 . 2009-01-21 17:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-21 16:55 . 2009-01-21 16:55 <DIR> d-------- c:\program files\Sierra Entertainment

2009-01-21 16:53 . 2009-01-21 16:53 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\InstallShield

2009-01-21 16:53 . 2009-01-21 16:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\InstallShield

2009-01-19 20:14 . 2009-01-19 20:14 <DIR> d-------- c:\users\luca tagliabue\DVD Decrypter 3

2009-01-19 20:11 . 2009-01-19 20:11 <DIR> d-------- c:\users\luca tagliabue\Roxio

2009-01-19 19:40 . 2009-01-19 19:40 <DIR> d-------- c:\program files\SlySoft

2009-01-14 13:19 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-01-12 16:42 . 2009-01-24 14:46 <DIR> d-------- c:\users\luca tagliabue\Tracing

2009-01-12 16:36 . 2009-01-12 16:36 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-12 16:36 . 2009-01-24 17:15 <DIR> d-------- c:\program files\Microsoft

2009-01-12 16:28 . 2009-01-12 16:28 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-10 00:22 . 2009-01-10 00:22 <DIR> d-------- c:\program files\Google

2009-01-10 00:09 . 2009-01-10 00:09 <DIR> d-------- c:\users\All Users\KONAMI

2009-01-10 00:09 . 2009-01-10 00:09 <DIR> d-------- c:\progra~2\KONAMI

2009-01-10 00:04 . 2009-01-10 00:04 <DIR> d-------- c:\program files\KONAMI

2009-01-09 17:10 . 2009-01-09 17:10 <DIR> d-------- c:\program files\YouTube Toolbar

2009-01-09 15:27 . 2009-01-09 15:27 <DIR> d-------- c:\program files\Sveglia

2009-01-09 10:19 . 2009-01-09 10:19 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\avidemux

2009-01-09 10:19 . 2009-01-09 10:19 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\avidemux

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\AVS4YOU

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\AVS4YOU

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\users\All Users\AVS4YOU

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\progra~2\AVS4YOU

2009-01-09 10:11 . 2009-01-09 12:09 <DIR> d-------- c:\program files\Common Files\AVSMedia

2009-01-09 09:53 . 2009-01-09 09:53 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\DAEMON Tools Pro

2009-01-09 09:53 . 2009-01-09 09:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools Pro

2009-01-09 09:53 . 2009-01-09 09:53 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-01-09 09:52 . 2009-01-09 09:53 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:52 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:52 <DIR> d-------- c:\program files\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:52 <DIR> d-------- c:\progra~2\DAEMON Tools Lite

2009-01-09 09:43 . 2009-01-09 09:43 <DIR> d-------- c:\program files\Common Files\Adobe

2009-01-09 09:39 . 2009-01-09 09:40 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-09 09:39 . 2009-01-09 09:40 <DIR> d-------- c:\program files\iTunes

2009-01-09 09:39 . 2009-01-09 09:39 <DIR> d-------- c:\program files\iPod

2009-01-09 09:39 . 2009-01-09 09:40 <DIR> d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-09 09:38 . 2009-01-09 09:38 <DIR> d-------- c:\program files\Common Files\xing shared

2009-01-09 09:36 . 2009-01-09 09:36 <DIR> d-------- c:\program files\RichFX

2009-01-09 09:33 . 2009-01-10 21:33 <DIR> d-------- c:\users\LUCATA~1\AppData\Roaming\vlc

2009-01-09 09:33 . 2009-01-10 21:33 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\vlc

2009-01-09 09:19 . 2009-01-09 09:19 <DIR> d-------- c:\program files\filehippo.com

2009-01-08 14:43 . 2009-01-08 14:43 <DIR> d-------- c:\users\All Users\Avira

2009-01-08 14:43 . 2009-01-08 14:43 <DIR> d-------- c:\program files\Avira

2009-01-08 14:43 . 2009-01-08 14:43 <DIR> d-------- c:\progra~2\Avira

2009-01-07 22:57 . 2009-01-07 22:57 <DIR> d-------- c:\program files\CCleaner

2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\users\All Users\NtiDvdCopy

2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\progra~2\NtiDvdCopy

2008-12-27 13:36 . 2009-01-24 17:20 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-12-27 13:36 . 2009-01-04 20:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-27 13:36 . 2009-01-24 17:20 <DIR> d-------- c:\progra~2\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-25 11:21 --------- d--h--w c:\users\LUCATA~1\AppData\Roaming\drivers

2009-01-25 11:21 --------- d--h--w c:\users\luca tagliabue\AppData\Roaming\drivers

2009-01-25 11:14 0 ----a-w C:\backup.reg

2009-01-24 19:31 28,694 ----a-w c:\users\LUCATA~1\AppData\Roaming\nvModes.dat

2009-01-24 19:31 28,694 ----a-w c:\users\luca tagliabue\AppData\Roaming\nvModes.dat

2009-01-24 16:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-23 18:01 --------- d-----w c:\program files\McAfee

2009-01-23 18:01 --------- d-----w c:\progra~2\McAfee

2009-01-23 14:20 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\Skype

2009-01-23 14:20 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\Skype

2009-01-23 14:12 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\skypePM

2009-01-23 14:12 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\skypePM

2009-01-23 01:57 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\DNA

2009-01-23 01:57 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\DNA

2009-01-21 15:56 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-21 15:45 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\Orbit

2009-01-21 15:45 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\Orbit

2009-01-21 15:45 --------- d-----w c:\program files\Acer GameZone

2009-01-20 14:18 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\dvdcss

2009-01-20 14:18 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\dvdcss

2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail

2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-12 15:40 --------- d-----w c:\program files\Windows Live

2009-01-09 11:10 --------- d-----w c:\program files\NCH Software

2009-01-09 09:42 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\NCH Software

2009-01-09 09:42 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\NCH Software

2009-01-09 09:41 --------- d-----w c:\progra~2\NCH Software

2009-01-09 08:56 --------- d-----w c:\program files\Safari

2009-01-09 08:53 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\DAEMON Tools

2009-01-09 08:53 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools

2009-01-09 08:48 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-01-09 08:48 --------- d-----w c:\program files\Java

2009-01-09 08:37 --------- d-----w c:\program files\Common Files\Real

2009-01-07 16:15 --------- d-----w c:\program files\DNA

2008-12-23 17:20 --------- d-----w c:\program files\Safer Networking

2008-12-23 09:42 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\BitTorrent

2008-12-23 09:42 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\BitTorrent

2008-12-21 17:47 --------- d-----w c:\users\LUCATA~1\AppData\Roaming\OpenOffice.org

2008-12-21 17:47 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\OpenOffice.org

2008-12-21 17:46 2,740 ----a-w c:\users\LUCATA~1\AppData\Roaming\wklnhst.dat

2008-12-21 17:46 2,740 ----a-w c:\users\luca tagliabue\AppData\Roaming\wklnhst.dat

2008-12-21 17:30 --------- d-----w c:\program files\OpenOffice.org 3

2008-12-21 17:30 --------- d-----w c:\program files\JRE

2008-12-21 17:27 --------- d-----w c:\program files\Common Files\Java

2008-12-19 20:08 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-12-11 15:45 --------- d-----w c:\progra~2\Microsoft Help

2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR

2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll

2008-12-01 17:11 --------- d-----w c:\program files\Veoh Networks

2008-11-29 18:49 --------- d-----w c:\program files\BitTorrent

2008-11-28 20:11 --------- d-----w c:\program files\securedie

2008-11-28 20:10 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-04 09:17 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-10-04 09:17 56 ---ha-w c:\progra~2\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-09 185872]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-14 535336]

SETAUDIO.EXE [2008-04-04 20480]

SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2009-01-09 09:36 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

"drvsyskit"=c:\users\luca tagliabue\AppData\Roaming\drivers\winupgro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2013700888-2578411824-3608626932-1000]

"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{97CA8B48-19BC-4B94-AE51-F935D6FC545F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{3E62AD61-DBB0-455E-AB7E-42ED940B3C3D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{D68CB044-2502-4D88-B11A-A2067B1E14B1}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{B99CEF3F-C7EF-4CCA-B3F6-A337A49B608D}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{3DD9CB57-77B5-4965-BA0B-4B5DF0BC5649}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8280F994-1653-4E76-A5C7-B592332BBA79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF9E6A0-8BFC-4FE6-B6BB-9258BACF0651}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{296F390E-E67D-42CC-A9B5-C99475FA0426}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{B45AA28F-40B6-4180-8060-C2041CC25C64}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{8267EFDC-396E-4923-A17F-64F1D49235DD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E8F7B0B5-F28A-44F2-A596-38E552D3E0FD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{49EA2F13-995F-4804-B9AD-271B5151E1A3}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{F0504985-B541-42F3-89A8-3E06860951F8}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{6E19FD7D-6D20-4C1B-A2B6-67838A355C40}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{FA1CF1E9-8AB7-43CF-AD43-6210BF13D3EC}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{39B7F446-1488-4B17-9E8E-67CB1719A76D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{7FA5158A-DAA9-4AEA-88BC-2FA12789082F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{5F7C1B41-E7D4-4038-822A-28C2ECF649E2}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{1663A6F3-972A-4471-928F-8CF4C1E6FF3A}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{EEF87009-21A9-4A5C-8283-314A05865C71}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{38223F8C-2439-4CD1-8B24-2770838105D3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8948DA83-CD90-4CC9-A30D-7CE8590A360A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{7A0E8038-4C65-4F9A-BAE2-4FB89DA3F39A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{15A39996-76A3-447E-B23A-B183A7D33015}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{E2D18A2B-7AF0-41B6-9A8A-390D372E20CC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8E12ED2C-CAB7-48DB-8B87-697D89756B3E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{41B0CA73-117F-4C2B-9716-FEA22553BEF3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{393E8B1F-45AE-4ECC-9DB9-7896FD80868E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{B9B48AE6-1A4F-4474-9E5D-43B7566C662B}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{5ADED539-DEAB-44D7-A4FF-A3CABBC775D4}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{5B37BAC9-CB52-4081-902D-4C40C7799BDF}c:\\users\\luca tagliabue\\program files\\dna\\btdna.exe"= UDP:c:\users\luca tagliabue\program files\dna\btdna.exe:btdna.exe

"UDP Query User{32232337-9A9A-4F8E-995B-B96121180279}c:\\users\\luca tagliabue\\program files\\dna\\btdna.exe"= TCP:c:\users\luca tagliabue\program files\dna\btdna.exe:btdna.exe

"{4D2891ED-9F58-41E5-ACBD-B715E78D0FFA}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{B1F2EB8E-27E0-404B-B37D-1D6DC20704C2}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"TCP Query User{34F12A62-AAC1-43BE-AA05-76A833B6160D}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"UDP Query User{DBD87A2A-559C-4E8E-A027-FFBAF5A00C2C}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"{CFF9F89D-11C9-4DF6-9031-E36BB61560C0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{CB10415B-6F28-46AE-8DA2-E3A0867FFE2A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{A9690691-15E7-4072-AF90-8AC8F1243B41}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{F1FFAE5B-8E59-4843-84BB-DE266B75065A}"= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III

"{73BEB638-81F0-4E69-A617-553C45D132B7}"= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III

"TCP Query User{6E1E18F6-DA13-4ADA-8311-A0151FA0ACCB}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= UDP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood

"UDP Query User{42263BF7-CD4C-4F65-BAD8-4434EBEEEAA5}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= TCP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2008-04-15 43008]

R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-07-16 14:10:16 41456]

R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-04-14 51200]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-27 809296]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-15 179712]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{097f4ac0-c2bc-11dd-9912-95c2a73b17f8}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b08d4fe-e625-11dd-b4e0-f5231671e9a0}]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bef25310-9f76-11dd-aca2-d5ede61a9ee9}]

\shell\AutoRun\command - ceb6eu98.bat

\shell\explore\Command - ceb6eu98.bat

\shell\open\Command - ceb6eu98.bat

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-german.exe - c:\windows\system32\wintems.exe

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Settings,ProxyOverride = *.local

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\LUCATA~1\AppData\Roaming\Mozilla\Firefox\Profiles\jyd1bmwv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\luca tagliabue\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti:

**************************************************************************

.

Ora fine scansione: 2009-01-25 12:29:49 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2009-01-25 11:29:47

Pre-Run: 7.811.465.216 byte disponibili

Post-Run: 7,406,346,240 byte disponibili

456 --- E O F --- 2009-01-24 16:16:02

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer

salva il documento che ti allego CFScript.txt

apri il blocco note copia e salva questo testo,chiamandolo CFScript

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verra creato un nuovo log combofix.txt, postalo

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ComboFix 09-01-21.04 - luca tagliabue 2009-01-31 12.21.04.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.3069.1349 [GMT 1:00]

Eseguito da: c:\users\luca tagliabue\Desktop\utility\ComboFix.exe

Opzioni usate :: c:\users\luca tagliabue\Desktop\utility\CFscript.txt

* Creato nuovo punto di ripristino

.

- MODALITÀ CON FUNZIONALITÀ RIDOTTE -

FILE ::

c:\users\luca tagliabue\AppData\Roaming\drivers\winupgro.exe

.

((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-31 )))))))))))))))))))))))))))))))))))

.

2009-01-30 12:20 . 2009-01-30 12:20 1,297 --a------ c:\windows\wininit.ini

2009-01-30 11:44 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-01-30 11:44 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-01-30 11:44 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-01-30 11:44 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-01-30 11:44 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-01-30 11:44 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-01-30 11:44 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-01-30 11:44 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-01-30 11:37 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-01-30 11:37 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-01-30 11:37 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-01-30 11:37 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-01-30 11:36 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-01-28 03:52 . 2009-01-28 03:52 <DIR> d-------- c:\program files\RadarSync

2009-01-28 03:52 . 2006-07-24 08:56 212,240 --a------ c:\windows\System32\Richtx32.ocx

2009-01-28 03:51 . 2009-01-28 04:12 <DIR> d-------- c:\users\All Users\WeFi

2009-01-28 03:51 . 2009-01-28 03:51 <DIR> d-------- c:\program files\WeFi

2009-01-28 03:51 . 2009-01-28 04:12 <DIR> d-------- c:\progra~2\WeFi

2009-01-28 03:46 . 2009-01-28 03:46 <DIR> d-------- c:\users\luca tagliabue\SystemRequirementsLab

2009-01-28 03:46 . 2009-01-28 03:46 <DIR> d-------- c:\program files\SystemRequirementsLab

2009-01-27 12:30 . 2009-01-27 12:41 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\IObit

2009-01-24 16:49 . 2009-01-24 16:49 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\Media Player Classic

2009-01-21 17:37 . 2009-01-21 17:37 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\Sierra Entertainment

2009-01-21 17:17 . 2009-01-21 17:17 <DIR> dr-h----- c:\users\luca tagliabue\AppData\Roaming\SecuROM

2009-01-21 17:09 . 2009-01-21 17:09 <DIR> d-------- c:\windows\System32\AGEIA

2009-01-21 17:08 . 2009-01-21 17:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-21 16:53 . 2009-01-21 16:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\InstallShield

2009-01-19 20:14 . 2009-01-19 20:14 <DIR> d-------- c:\users\luca tagliabue\DVD Decrypter 3

2009-01-19 20:11 . 2009-01-19 20:11 <DIR> d-------- c:\users\luca tagliabue\Roxio

2009-01-14 13:19 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-01-12 16:42 . 2009-01-30 11:43 <DIR> d-------- c:\users\luca tagliabue\Tracing

2009-01-12 16:28 . 2009-01-12 16:28 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-10 00:09 . 2009-01-10 00:09 <DIR> d-------- c:\users\All Users\KONAMI

2009-01-10 00:09 . 2009-01-10 00:09 <DIR> d-------- c:\progra~2\KONAMI

2009-01-09 10:19 . 2009-01-09 10:19 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\avidemux

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\AVS4YOU

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\users\All Users\AVS4YOU

2009-01-09 10:13 . 2009-01-09 10:13 <DIR> d-------- c:\progra~2\AVS4YOU

2009-01-09 10:11 . 2009-01-09 12:09 <DIR> d-------- c:\program files\Common Files\AVSMedia

2009-01-09 09:53 . 2009-01-09 09:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools Pro

2009-01-09 09:53 . 2009-01-09 09:53 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-01-09 09:52 . 2009-01-09 09:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:52 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite

2009-01-09 09:52 . 2009-01-09 09:52 <DIR> d-------- c:\progra~2\DAEMON Tools Lite

2009-01-09 09:49 . 2009-01-09 09:48 410,984 --a------ c:\windows\System32\deploytk.dll

2009-01-09 09:43 . 2009-01-09 09:43 <DIR> d-------- c:\program files\Common Files\Adobe

2009-01-09 09:39 . 2009-01-09 09:40 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-09 09:39 . 2009-01-09 09:40 <DIR> d-------- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-09 09:38 . 2009-01-09 09:38 <DIR> d-------- c:\program files\Common Files\xing shared

2009-01-09 09:33 . 2009-01-10 21:33 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\vlc

2009-01-08 14:43 . 2009-01-08 14:43 <DIR> d-------- c:\users\All Users\Avira

2009-01-08 14:43 . 2009-01-08 14:43 <DIR> d-------- c:\progra~2\Avira

2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx

2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts

2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\users\All Users\NtiDvdCopy

2009-01-04 19:20 . 2009-01-04 19:20 <DIR> d-------- c:\progra~2\NtiDvdCopy

2008-12-31 17:04 . 2008-12-31 17:04 691,560 --a------ c:\windows\System32\OGACheckControl.dll

2008-12-31 17:04 . 2008-12-31 17:04 528,744 --a------ c:\windows\System32\OGAVerify.exe

2008-12-31 17:04 . 2008-12-31 17:04 502,120 --a------ c:\windows\System32\OGAAddin.dll

2008-12-27 13:36 . 2009-01-30 20:56 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-12-27 13:36 . 2009-01-30 20:56 <DIR> d-------- c:\progra~2\Spybot - Search & Destroy

2008-12-21 18:47 . 2008-12-21 18:47 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\OpenOffice.org

2008-12-21 18:36 . 2009-01-25 12:21 <DIR> d--h----- c:\users\luca tagliabue\AppData\Roaming\drivers

2008-12-21 18:27 . 2008-12-21 18:27 <DIR> d-------- c:\program files\Common Files\Java

2008-12-20 00:41 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-12-20 00:41 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\System32\D3DCompiler_34.dll

2008-12-20 00:41 . 2007-05-16 16:45 443,752 --a------ c:\windows\System32\d3dx10_34.dll

2008-12-20 00:41 . 2007-06-20 20:46 266,088 --a------ c:\windows\System32\xactengine2_8.dll

2008-12-20 00:41 . 2007-04-04 18:55 261,480 --a------ c:\windows\System32\xactengine2_7.dll

2008-12-20 00:41 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll

2008-12-20 00:41 . 2007-06-20 20:45 18,280 --a------ c:\windows\System32\x3daudio1_2.dll

2008-12-20 00:40 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll

2008-12-20 00:40 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2008-12-20 00:40 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll

2008-12-20 00:40 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\System32\D3DCompiler_33.dll

2008-12-20 00:40 . 2007-03-15 16:57 443,752 --a------ c:\windows\System32\d3dx10_33.dll

2008-12-20 00:40 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll

2008-12-20 00:40 . 2007-01-24 15:27 255,848 --a------ c:\windows\System32\xactengine2_6.dll

2008-12-20 00:40 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll

2008-12-20 00:40 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll

2008-12-20 00:40 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll

2008-12-20 00:40 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll

2008-12-20 00:40 . 2007-03-05 12:42 15,128 --a------ c:\windows\System32\x3daudio1_1.dll

2008-12-19 21:08 . 2009-01-09 09:53 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\DAEMON Tools

2008-12-19 21:08 . 2008-12-19 21:08 717,296 --a------ c:\windows\System32\drivers\sptd.sys

2008-12-11 16:40 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-11 15:45 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll

2008-12-11 15:44 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-11 15:44 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-11 15:44 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-11 15:44 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-11 15:44 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-04 12:39 . 2009-01-26 14:03 <DIR> d-------- c:\users\luca tagliabue\AppData\Roaming\dvdcss

2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\System32\sirenacm.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 03:36 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-01-27 11:43 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\DNA

2009-01-27 11:43 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\BitTorrent

2009-01-27 11:43 --------- d-----w c:\program files\Windows Live Toolbar

2009-01-27 11:43 --------- d-----w c:\program files\Microsoft Works

2009-01-27 11:43 --------- d-----w c:\program files\McAfee

2009-01-27 11:43 --------- d-----w c:\program files\Acer GameZone

2009-01-27 11:43 --------- d-----w c:\program files\Acer Arcade Deluxe

2009-01-27 11:43 --------- d-----w c:\progra~2\WLInstaller

2009-01-27 11:43 --------- d-----w c:\progra~2\SiteAdvisor

2009-01-27 11:30 --------- d-----w c:\program files\IObit

2009-01-25 11:59 28,694 ----a-w c:\users\luca tagliabue\AppData\Roaming\nvModes.dat

2009-01-25 11:44 --------- d-----w c:\program files\Trend Micro

2009-01-25 11:14 0 ----a-w C:\backup.reg

2009-01-24 16:15 --------- d-----w c:\program files\QuickTime

2009-01-24 16:15 --------- d-----w c:\program files\Microsoft

2009-01-24 16:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-23 18:01 --------- d-----w c:\progra~2\McAfee

2009-01-23 14:20 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\Skype

2009-01-23 14:12 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\skypePM

2009-01-23 11:38 --------- d-----w c:\program files\Utherverse Digital Inc

2009-01-21 16:09 --------- d-----w c:\program files\AGEIA Technologies

2009-01-21 15:56 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-21 15:55 --------- d-----w c:\program files\Sierra Entertainment

2009-01-21 15:45 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\Orbit

2009-01-19 18:40 --------- d-----w c:\program files\SlySoft

2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll

2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll

2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll

2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe

2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe

2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll

2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe

2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe

2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe

2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll

2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll

2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe

2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll

2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe

2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll

2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll

2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe

2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll

2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail

2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-12 15:40 --------- d-----w c:\program files\Windows Live

2009-01-12 15:36 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-09 23:22 --------- d-----w c:\program files\Google

2009-01-09 23:04 --------- d-----w c:\program files\KONAMI

2009-01-09 16:10 --------- d-----w c:\program files\YouTube Toolbar

2009-01-09 14:27 --------- d-----w c:\program files\Sveglia

2009-01-09 11:10 --------- d-----w c:\program files\NCH Software

2009-01-09 09:42 --------- d-----w c:\users\luca tagliabue\AppData\Roaming\NCH Software

2009-01-09 09:41 --------- d-----w c:\progra~2\NCH Software

2009-01-09 08:56 --------- d-----w c:\program files\Safari

2009-01-09 08:52 --------- d-----w c:\program files\DAEMON Tools Lite

2009-01-09 08:48 --------- d-----w c:\program files\Java

2009-01-09 08:40 --------- d-----w c:\program files\iTunes

2009-01-09 08:39 --------- d-----w c:\program files\iPod

2009-01-09 08:37 --------- d-----w c:\program files\Common Files\Real

2009-01-09 08:36 --------- d-----w c:\program files\RichFX

2009-01-09 08:19 --------- d-----w c:\program files\filehippo.com

2009-01-08 13:43 --------- d-----w c:\program files\Avira

2009-01-07 21:57 --------- d-----w c:\program files\CCleaner

2009-01-07 16:15 --------- d-----w c:\program files\DNA

2008-12-23 17:20 --------- d-----w c:\program files\Safer Networking

2008-12-21 17:46 2,740 ----a-w c:\users\luca tagliabue\AppData\Roaming\wklnhst.dat

2008-12-21 17:30 --------- d-----w c:\program files\OpenOffice.org 3

2008-12-21 17:30 --------- d-----w c:\program files\JRE

2008-12-11 15:45 --------- d-----w c:\progra~2\Microsoft Help

2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR

2008-12-01 17:11 --------- d-----w c:\program files\Veoh Networks

2008-11-29 18:49 --------- d-----w c:\program files\BitTorrent

2008-11-28 20:11 --------- d-----w c:\program files\securedie

2008-11-28 20:10 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-04 09:17 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-10-04 09:17 56 ---ha-w c:\progra~2\ezsidmv.dat

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-09 185872]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-14 535336]

SETAUDIO.EXE [2008-04-04 20480]

SETRES.EXE [2008-04-04 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2009-01-09 09:36 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

"drvsyskit"=c:\users\luca tagliabue\AppData\Roaming\drivers\winupgro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2013700888-2578411824-3608626932-1000]

"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{97CA8B48-19BC-4B94-AE51-F935D6FC545F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{3E62AD61-DBB0-455E-AB7E-42ED940B3C3D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{D68CB044-2502-4D88-B11A-A2067B1E14B1}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{B99CEF3F-C7EF-4CCA-B3F6-A337A49B608D}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{3DD9CB57-77B5-4965-BA0B-4B5DF0BC5649}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8280F994-1653-4E76-A5C7-B592332BBA79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF9E6A0-8BFC-4FE6-B6BB-9258BACF0651}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{296F390E-E67D-42CC-A9B5-C99475FA0426}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{B45AA28F-40B6-4180-8060-C2041CC25C64}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{8267EFDC-396E-4923-A17F-64F1D49235DD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E8F7B0B5-F28A-44F2-A596-38E552D3E0FD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{49EA2F13-995F-4804-B9AD-271B5151E1A3}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{F0504985-B541-42F3-89A8-3E06860951F8}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{6E19FD7D-6D20-4C1B-A2B6-67838A355C40}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{FA1CF1E9-8AB7-43CF-AD43-6210BF13D3EC}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{39B7F446-1488-4B17-9E8E-67CB1719A76D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{7FA5158A-DAA9-4AEA-88BC-2FA12789082F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{5F7C1B41-E7D4-4038-822A-28C2ECF649E2}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{1663A6F3-972A-4471-928F-8CF4C1E6FF3A}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{EEF87009-21A9-4A5C-8283-314A05865C71}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{38223F8C-2439-4CD1-8B24-2770838105D3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8948DA83-CD90-4CC9-A30D-7CE8590A360A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{7A0E8038-4C65-4F9A-BAE2-4FB89DA3F39A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{15A39996-76A3-447E-B23A-B183A7D33015}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{E2D18A2B-7AF0-41B6-9A8A-390D372E20CC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{8E12ED2C-CAB7-48DB-8B87-697D89756B3E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"{41B0CA73-117F-4C2B-9716-FEA22553BEF3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{393E8B1F-45AE-4ECC-9DB9-7896FD80868E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{B9B48AE6-1A4F-4474-9E5D-43B7566C662B}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{5ADED539-DEAB-44D7-A4FF-A3CABBC775D4}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{5B37BAC9-CB52-4081-902D-4C40C7799BDF}c:\\users\\luca tagliabue\\program files\\dna\\btdna.exe"= UDP:c:\users\luca tagliabue\program files\dna\btdna.exe:btdna.exe

"UDP Query User{32232337-9A9A-4F8E-995B-B96121180279}c:\\users\\luca tagliabue\\program files\\dna\\btdna.exe"= TCP:c:\users\luca tagliabue\program files\dna\btdna.exe:btdna.exe

"{4D2891ED-9F58-41E5-ACBD-B715E78D0FFA}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{B1F2EB8E-27E0-404B-B37D-1D6DC20704C2}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"TCP Query User{34F12A62-AAC1-43BE-AA05-76A833B6160D}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"UDP Query User{DBD87A2A-559C-4E8E-A027-FFBAF5A00C2C}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"{CFF9F89D-11C9-4DF6-9031-E36BB61560C0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{CB10415B-6F28-46AE-8DA2-E3A0867FFE2A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{A9690691-15E7-4072-AF90-8AC8F1243B41}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{F1FFAE5B-8E59-4843-84BB-DE266B75065A}"= UDP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III

"{73BEB638-81F0-4E69-A617-553C45D132B7}"= TCP:c:\program files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III

"TCP Query User{6E1E18F6-DA13-4ADA-8311-A0151FA0ACCB}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= UDP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood

"UDP Query User{42263BF7-CD4C-4F65-BAD8-4434EBEEEAA5}c:\\program files\\ubisoft\\gearbox software\\brothersinarmseib\\system\\eib.exe"= TCP:c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe:Brothers In Arms Earned In Blood

"TCP Query User{AD1A912C-3BE5-497B-B0A5-A24269107AFB}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server

"UDP Query User{C9161F3F-44BC-412B-9B03-EE2A20645436}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2008-04-15 43008]

R4 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-07-16 14:10:16 41456]

R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-04-14 51200]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-27 1153368]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-04-15 179712]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9551bc57-ee4e-11dd-9cb0-d133e20ab31a}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Scansione supplementare -------

.

uStart Page = hxxp://www.google.it/

uInternet Settings,ProxyOverride = *.local

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\LUCATA~1\AppData\Roaming\Mozilla\Firefox\Profiles\jyd1bmwv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\luca tagliabue\Program Files\DNA\plugins\npbtdna.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 12:23:33

Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3728)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\acer\Empowering Technology\EPOWER\SysHook.dll

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\drivers\XAudio.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\IObit\Advanced SystemCare 3\AWC.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\users\LUCATA~1\AppData\Local\Temp\RtkBtMnt.exe

c:\windows\System32\rundll32.exe

c:\program files\Synaptics\SynTP\SynTPEnh.exe

c:\windows\ehome\ehmsas.exe

c:\acer\Empowering Technology\eNet\eNMTray.exe

c:\acer\Empowering Technology\ePower\ePower_DMC.exe

c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

c:\acer\Empowering Technology\eRecovery\eRAgent.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\acer\Empowering Technology\eAudio\eAudio.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Ora fine scansione: 2009-01-31 12:28:47 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2009-01-31 11:28:30

ComboFix2.txt 2009-01-30 20:08:57

ComboFix3.txt 2009-01-30 20:01:05

ComboFix4.txt 2009-01-25 11:29:49

Pre-Run: 6.220.021.760 byte disponibili

Post-Run: 6,213,120,000 byte disponibili

389 --- E O F --- 2009-01-30 10:57:00

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Vai alla lista Discussioni Altri problemi legati alla Sicurezza