Apertura Pagine Explorer

[maxy3000]

Salve a tutti ho un problema, ogni volta che apro internet explorer e firefox, si aprono finestre indesiderate, questo si è accentuato soprattutto da quando mi è scaduta la licenza per il Norton.
Ho installato HijackThis, solo che non ci capisco nulla, volevo chiedervi se vi era possbile darmi informazioni sul risultato della scanzione riportato di seguito.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.07.21, on 14/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Users\Marco Manni\Program Files\DNA\btdna.exe
C:\Users\Marco Manni\AppData\Local\suaig.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.3:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZSIEBhoOne Class - {06A548B7-25F0-416E-88AB-A8F6C4DE325C} - C:\Program Files\1st IEAssistant\ZSIEBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Marco Manni\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [wksicee] c:\users\marco manni\appdata\local\wksicee.exe wksicee
O4 - HKCU\..\Run: [suaig] "c:\users\marco manni\appdata\local\suaig.exe" suaig
O8 - Extra context menu item: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: 1st Popup Killer & IE Assistant - {310F1535-91E7-457B-A0FB-FBC02B6AE925} - C:\Program Files\1st IEAssistant\IEAssistant.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{05EA7817-3C98-4284-8DD2-4E41823AFBC4}: NameServer = 192.168.1.254,3.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{05EA7817-3C98-4284-8DD2-4E41823AFBC4}: NameServer = 192.168.1.254,3.0.0.0
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10283 bytes

[Luke57]

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
O4 - HKCU\..\Run: [suaig] "c:\users\marco manni\appdata\local\suaig.exe" suaig

premi fix checked.


Poi, visualizza file e cartelle nascosti (risorse del computer>strumenti>opzioni cartella>visualizzazione>metti la spunta a "visualizza file e cartelle nascosti">OK.
cerca ed elimina se presente questo file:
c:\users\marco manni\appdata\local\suaig.exe

Infine, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso vi segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo a un post

[maxy3000]

Questo è il risultato del txt


ComboFix 08-08-13.02 - Marco Manni 2008-08-14 13.27.27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.1944 [GMT 2:00]
Eseguito da: C:\Users\Marco Manni\Documents\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Marco Manni\AppData\Local\suaig.dat
C:\Users\Marco Manni\AppData\Local\suaig_nav.dat
C:\Users\Marco Manni\AppData\Local\suaig_navps.dat
C:\Windows\system32\KBL.LOG
C:\Windows\system32\nvs2.inf

----- BITS: Sites possivelmente infetados -----

http://images.metaservices.microsoft.com:80
.
((((((((((((((((((((((((( Files Creati Da 2008-07-14 al 2008-08-14 )))))))))))))))))))))))))))))))))))
.

2008-08-14 12:53 . 2008-08-14 12:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-14 12:40 . 2007-11-08 11:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-08-14 12:39 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-14 12:26 . 2008-08-14 12:26 <DIR> d-------- C:\PerfLogs
2008-08-14 11:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-08-14 11:25 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe
2008-08-14 11:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-08-14 11:25 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll
2008-08-14 11:25 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-08-14 11:25 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-08-14 11:25 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-08-14 11:23 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-08-14 11:22 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-08-14 11:21 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-08-14 11:20 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-08-14 11:20 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-08-14 11:20 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-08-14 11:20 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-08-14 11:19 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-08-14 11:18 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-08-14 11:18 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-08-14 11:18 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-08-14 11:18 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-08-14 11:15 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-08-14 11:15 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-08-14 11:15 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-08-14 11:15 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-08-14 10:17 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-07 07:56 . 2008-08-08 22:17 <DIR> d-------- C:\Pokemon
2008-08-04 00:54 . 2008-08-04 00:54 <DIR> d-------- C:\Program Files\1st IEAssistant
2008-08-04 00:39 . 2008-08-04 00:41 <DIR> d-------- C:\Users\Marco Manni\.housecall6.6
2008-08-04 00:22 . 2008-08-04 00:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 22:06 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-29 18:46 . 2008-07-29 20:48 <DIR> d-------- C:\6ffd05d5c28f81d7ba142c0570342cf5
2008-07-29 15:42 . 2008-07-29 15:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\Users\All Users\Glamour Strip Poker
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\ProgramData\Glamour Strip Poker
2008-07-29 07:13 . 2008-07-29 07:13 <DIR> d-------- C:\Program Files\Tetris
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\Users\All Users\Avg8
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\ProgramData\Avg8
2008-07-28 18:42 . 2008-07-28 18:42 <DIR> d-------- C:\Program Files\AVG
2008-07-28 18:42 . 2008-07-28 18:42 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-28 11:08 . 2008-07-28 11:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-28 10:59 . 2008-07-28 18:05 <DIR> d-------- C:\Avast
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-28 10:02 . 2008-07-28 10:39 <DIR> d-------- C:\lavasoft
2008-07-25 21:10 . 2008-07-28 21:59 <DIR> d-------- C:\Downloads
2008-07-25 18:14 . 2008-07-25 20:33 <DIR> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-07-25 09:52 . 2008-07-28 22:05 <DIR> d-------- C:\megaupload Download
2008-07-23 09:21 . 2008-07-24 10:01 <DIR> d-------- C:\aa24f22a0a079090f7e76f
2008-07-23 08:57 . 2008-07-23 08:59 28 --a------ C:\Windows\ODBC.INI
2008-07-23 08:45 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll
2008-07-23 08:44 . 2008-07-23 08:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> dr-h----- C:\MSOCache
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-07-23 07:55 . 2008-08-03 22:01 81,984 --a------ C:\Windows\System32\bdod.bin
2008-07-23 07:48 . 2008-08-03 22:02 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-07-22 17:19 . 2008-04-15 17:43 27,683,672 --a------ C:\bitdefender_free_v10.exe
2008-07-22 17:09 . 2008-07-22 19:24 <DIR> d-------- C:\OFFICE_07_DVD (E)
2008-07-22 16:40 . 2008-07-22 16:40 14,848 --a------ C:\Slide Card.doc
2008-07-19 15:36 . 2008-07-19 15:36 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-07-19 15:32 . 2008-07-19 15:32 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\InstallShield
2008-07-19 00:28 . 2008-07-19 00:28 237 --a------ C:\Windows\RomeTW.ini
2008-07-19 00:20 . 2008-07-19 00:20 <DIR> d-------- C:\Program Files\Activision
2008-07-18 10:14 . 2008-07-20 11:54 <DIR> d-------- C:\Empire.Earth.III.CLONEDVD-AVENGED
2008-07-18 10:12 . 2008-07-20 10:21 <DIR> d-------- C:\[games] Rome - Total War [ITA]
2008-07-17 17:04 . 2008-07-17 17:04 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\Sierra Entertainment
2008-07-17 16:15 . 2008-07-17 16:15 <DIR> dr-h----- C:\Users\Marco Manni\AppData\Roaming\SecuROM
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Windows\System32\AGEIA
2008-07-17 16:09 . 2008-08-14 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 11:30 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DNA
2008-08-14 10:35 174 --sha-w C:\Program Files\desktop.ini
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Journal
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Defender
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Calendar
2008-08-14 08:38 --------- d---a-w C:\ProgramData\TEMP
2008-08-14 08:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-08 17:52 78,369 ----a-w C:\Users\Marco Manni\AppData\Roaming\nvModes.dat
2008-07-29 15:34 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\BitTorrent
2008-07-25 05:12 --------- d-----w C:\Program Files\Java
2008-07-24 14:26 --------- d-----w C:\ProgramData\CyberLink
2008-07-24 08:01 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DAEMON Tools
2008-07-23 07:39 --------- d-----w C:\ProgramData\NVIDIA
2008-07-23 06:44 --------- d-----w C:\Program Files\Microsoft Works
2008-07-23 05:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-23 05:43 --------- d-----w C:\ProgramData\Symantec
2008-07-19 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:05 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\CyberLink
2008-07-13 22:45 --------- d-----w C:\Program Files\Yahoo!
2008-07-13 14:57 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Eltima Software
2008-07-13 14:52 --------- d-----w C:\Program Files\HeroesOfAE
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\WildTangent
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\PlayFirst
2008-07-12 13:36 --------- d-----w C:\ProgramData\WildTangent
2008-07-06 10:47 --------- d-----w C:\Program Files\7-Zip
2008-07-05 16:42 --------- d-----w C:\Program Files\Free Video Converter
2008-07-05 16:22 --------- d-----w C:\Program Files\AVS4YOU
2008-07-05 16:15 --------- d-----w C:\Program Files\XviD
2008-07-05 16:15 --------- d-----w C:\Program Files\A-Z
2008-07-05 15:58 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-05 15:56 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\AVS4YOU
2008-07-05 15:56 --------- d-----w C:\ProgramData\AVS4YOU
2008-07-05 15:52 --------- d-----w C:\Program Files\MP4 to MP3 Converter
2008-07-05 15:47 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Download Manager
2008-07-05 15:41 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\zweitgeist
2008-07-04 00:02 --------- d-----w C:\Program Files\AC3Filter
2008-06-30 21:09 --------- d-----w C:\Program Files\Real
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\Real
2008-06-29 09:49 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Megaupload
2008-06-17 10:23 --------- d-----w C:\Program Files\GPLGS
2008-06-17 10:19 --------- d-----w C:\Program Files\Acro Software
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"BitTorrent DNA"="C:\Users\Marco Manni\Program Files\DNA\btdna.exe" [2008-06-13 09:02 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 15:34 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 08:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 23:09 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 15:27 4702208 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C66DE1F0-5480-4585-AF68-C3F8C4CADAEA}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= UDP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"UDP Query User{369DCB35-F3A8-418E-AC68-5993A4816D65}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= TCP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"TCP Query User{56EBAC93-DFF9-4BBC-B26C-FF6DCA17C7C7}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{56337971-6F4B-470A-8719-99919C74F2E3}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{16570AA8-5116-46FC-BA6C-C64CA4D374B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3EE1B1ED-658A-4442-AD13-89B36B199B52}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F5EA7A24-AAD6-4375-B242-7E4C843FE04B}C:\\age of empire 2\\empires2.exe"= UDP:C:\age of empire 2\empires2.exe:Age of Empires II
"UDP Query User{89B8DBA4-B025-402C-909A-662BBB12E576}C:\\age of empire 2\\empires2.exe"= TCP:C:\age of empire 2\empires2.exe:Age of Empires II
"{BDFE8587-FE89-4692-ADC9-F2C91F4EDA19}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7544316F-CE47-44BE-953E-CD81EF1982C8}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 19:34]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72ef1970-2afa-11dd-8ce8-001e68515335}]
\shell\AutoRun\command - G:\EE3AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80655835-5881-11dd-ad0a-001e68515335}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8767080-2a34-11dd-b16c-001e68515335}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-13 C:\Windows\Tasks\User_Feed_Synchronization-{967D5AAF-EC62-4811-83AB-F7219A28DE38}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORFÇOS REMOVIDOS - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
HKLM-Run-BDMCon - C:\Program Files\Softwin\BitDefender10\bdmcon.exe
HKLM-Run-BDAgent - C:\Program Files\Softwin\BitDefender10\bdagent.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Marco Manni\AppData\Roaming\Mozilla\Firefox\Profiles\qh52tam1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://italian.eazel.com/index.php?rvs=hompag
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Users\Marco Manni\Program Files\DNA\plugins\npbtdna.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 13:33:39
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\Users\MARCOM~1\AppData\Local\Temp\xmlB36.tmp

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\servicing\vsp1ceip.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2008-08-14 13:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 11:40:39

Pre-Run: 152,109,375,488 byte disponibili
Post-Run: 153,223,151,616 byte disponibili

279 --- E O F --- 2008-08-14 10:53:11

[Luke57]

Ciao, copia questo codice:

Codice: Seleziona tutto

File::
C:\Users\MARCOM~1\AppData\Local\Temp\xmlB36.tmp
F:\autorun.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80655835-5881-11dd-ad0a-001e68515335}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8767080-2a34-11dd-b16c-001e68515335}]

incollalo in un file di testo, salva il file di testo nella stessa direzione di combofix, chiamandolo obbligatoriamente CFScript.txt e trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Posta, se prodotto, il nuovo report.

[maxy3000]

Questo è il nuovo report.

ComboFix 08-08-14.02 - Marco Manni 2008-08-15 9:32:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2117 [GMT 2:00]
Eseguito da: C:\Users\Marco Manni\Documents\ComboFix.exe
Command switches used :: C:\Users\Marco Manni\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

FILE ::
C:\Users\MARCOM~1\AppData\Local\Temp\xmlB36.tmp
F:\autorun.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-07-15 al 2008-08-15 )))))))))))))))))))))))))))))))))))
.

2008-08-14 12:53 . 2008-08-14 12:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-14 12:39 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-14 12:26 . 2008-08-14 12:26 <DIR> d-------- C:\PerfLogs
2008-08-14 11:25 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-08-14 11:25 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe
2008-08-14 11:25 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-08-14 11:25 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll
2008-08-14 11:25 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-08-14 11:25 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-08-14 11:25 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-08-14 11:23 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-08-14 11:22 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-08-14 11:21 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-08-14 11:20 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-08-14 11:20 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-08-14 11:20 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-08-14 11:20 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-08-14 11:19 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-08-14 11:18 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-08-14 11:18 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-08-14 11:18 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-08-14 11:18 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-08-14 11:15 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-08-14 11:15 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-08-14 11:15 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-08-14 11:15 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-08-14 10:17 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-07 07:56 . 2008-08-08 22:17 <DIR> d-------- C:\Pokemon
2008-08-04 00:54 . 2008-08-04 00:54 <DIR> d-------- C:\Program Files\1st IEAssistant
2008-08-04 00:39 . 2008-08-04 00:41 <DIR> d-------- C:\Users\Marco Manni\.housecall6.6
2008-08-04 00:22 . 2008-08-04 00:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 22:06 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-07-29 18:46 . 2008-07-29 20:48 <DIR> d-------- C:\6ffd05d5c28f81d7ba142c0570342cf5
2008-07-29 15:42 . 2008-07-29 15:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\Users\All Users\Glamour Strip Poker
2008-07-29 08:28 . 2008-07-29 08:28 <DIR> d-------- C:\ProgramData\Glamour Strip Poker
2008-07-29 07:13 . 2008-07-29 07:13 <DIR> d-------- C:\Program Files\Tetris
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\Users\All Users\Avg8
2008-07-28 18:56 . 2008-07-28 18:59 <DIR> d-------- C:\ProgramData\Avg8
2008-07-28 18:42 . 2008-07-28 18:42 <DIR> d-------- C:\Program Files\AVG
2008-07-28 18:42 . 2008-07-28 18:42 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-28 11:08 . 2008-07-28 11:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-28 10:59 . 2008-07-28 18:05 <DIR> d-------- C:\Avast
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-28 10:04 . 2008-07-28 10:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-28 10:02 . 2008-07-28 10:39 <DIR> d-------- C:\lavasoft
2008-07-25 21:10 . 2008-07-28 21:59 <DIR> d-------- C:\Downloads
2008-07-25 18:14 . 2008-07-25 20:33 <DIR> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-07-25 09:52 . 2008-07-28 22:05 <DIR> d-------- C:\megaupload Download
2008-07-23 09:21 . 2008-07-24 10:01 <DIR> d-------- C:\aa24f22a0a079090f7e76f
2008-07-23 08:57 . 2008-07-23 08:59 28 --a------ C:\Windows\ODBC.INI
2008-07-23 08:45 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll
2008-07-23 08:44 . 2008-07-23 08:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-23 08:41 . 2008-07-23 08:41 <DIR> dr-h----- C:\MSOCache
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-23 08:38 . 2008-07-23 08:38 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-23 08:37 . 2008-07-23 08:37 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-07-23 07:55 . 2008-08-03 22:01 81,984 --a------ C:\Windows\System32\bdod.bin
2008-07-23 07:48 . 2008-08-03 22:02 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-07-22 17:19 . 2008-04-15 17:43 27,683,672 --a------ C:\bitdefender_free_v10.exe
2008-07-22 17:09 . 2008-07-22 19:24 <DIR> d-------- C:\OFFICE_07_DVD (E)
2008-07-22 16:40 . 2008-07-22 16:40 14,848 --a------ C:\Slide Card.doc
2008-07-19 15:36 . 2008-07-19 15:36 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-07-19 15:32 . 2008-07-19 15:32 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\InstallShield
2008-07-19 00:28 . 2008-07-19 00:28 237 --a------ C:\Windows\RomeTW.ini
2008-07-19 00:20 . 2008-07-19 00:20 <DIR> d-------- C:\Program Files\Activision
2008-07-18 10:14 . 2008-07-20 11:54 <DIR> d-------- C:\Empire.Earth.III.CLONEDVD-AVENGED
2008-07-18 10:12 . 2008-07-20 10:21 <DIR> d-------- C:\[games] Rome - Total War [ITA]
2008-07-17 17:04 . 2008-07-17 17:04 <DIR> d-------- C:\Users\Marco Manni\AppData\Roaming\Sierra Entertainment
2008-07-17 16:15 . 2008-07-17 16:15 <DIR> dr-h----- C:\Users\Marco Manni\AppData\Roaming\SecuROM
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Windows\System32\AGEIA
2008-07-17 16:09 . 2008-08-14 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 16:09 . 2008-07-17 16:09 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 07:32 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DNA
2008-08-14 10:35 174 --sha-w C:\Program Files\desktop.ini
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Journal
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Defender
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-14 10:26 --------- d-----w C:\Program Files\Windows Calendar
2008-08-14 10:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-14 10:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-14 08:38 --------- d---a-w C:\ProgramData\TEMP
2008-08-14 08:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-08 17:52 78,369 ----a-w C:\Users\Marco Manni\AppData\Roaming\nvModes.dat
2008-07-29 15:34 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\BitTorrent
2008-07-25 05:12 --------- d-----w C:\Program Files\Java
2008-07-24 14:26 --------- d-----w C:\ProgramData\CyberLink
2008-07-24 08:01 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\DAEMON Tools
2008-07-23 07:39 --------- d-----w C:\ProgramData\NVIDIA
2008-07-23 06:44 --------- d-----w C:\Program Files\Microsoft Works
2008-07-23 05:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-23 05:43 --------- d-----w C:\ProgramData\Symantec
2008-07-19 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:05 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\CyberLink
2008-07-13 22:45 --------- d-----w C:\Program Files\Yahoo!
2008-07-13 14:57 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Eltima Software
2008-07-13 14:52 --------- d-----w C:\Program Files\HeroesOfAE
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\WildTangent
2008-07-12 13:36 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\PlayFirst
2008-07-12 13:36 --------- d-----w C:\ProgramData\WildTangent
2008-07-06 10:47 --------- d-----w C:\Program Files\7-Zip
2008-07-05 16:42 --------- d-----w C:\Program Files\Free Video Converter
2008-07-05 16:22 --------- d-----w C:\Program Files\AVS4YOU
2008-07-05 16:15 --------- d-----w C:\Program Files\XviD
2008-07-05 16:15 --------- d-----w C:\Program Files\A-Z
2008-07-05 15:58 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-05 15:56 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\AVS4YOU
2008-07-05 15:56 --------- d-----w C:\ProgramData\AVS4YOU
2008-07-05 15:52 --------- d-----w C:\Program Files\MP4 to MP3 Converter
2008-07-05 15:47 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Download Manager
2008-07-05 15:41 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\zweitgeist
2008-07-04 00:02 --------- d-----w C:\Program Files\AC3Filter
2008-06-30 21:09 --------- d-----w C:\Program Files\Real
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-30 21:09 --------- d-----w C:\Program Files\Common Files\Real
2008-06-29 09:49 --------- d-----w C:\Users\Marco Manni\AppData\Roaming\Megaupload
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-17 10:23 --------- d-----w C:\Program Files\GPLGS
2008-06-17 10:19 --------- d-----w C:\Program Files\Acro Software
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-24 21:43 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-24 21:43 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-24 21:43 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-24 21:43 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-24 21:43 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-24 21:43 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-24 21:43 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-24 21:43 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-24 21:43 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-24 21:43 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-24 21:42 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-24 21:41 295,936 ----a-w C:\Windows\System32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-14_13.39.48.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-14 11:31:06 19,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-14 23:04:07 19,712 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-15 07:21:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-15 07:21:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-14 11:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-15 07:23:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-15 07:23:14 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-14 11:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-15 07:23:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-15 07:23:09 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-14 11:34:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-15 07:29:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-14 11:34:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-15 07:29:05 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-14 11:34:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-15 07:29:05 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-14 11:27:17 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 07:32:46 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-15 07:32:46 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-08-14 11:04:22 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-15 07:26:57 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-14 11:04:22 120,326 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-08-15 07:26:57 120,326 ----a-w C:\Windows\System32\perfc010.dat
- 2008-08-14 11:04:22 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-15 07:26:57 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-14 11:04:22 662,846 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-08-15 07:26:57 662,846 ----a-w C:\Windows\System32\perfh010.dat
- 2008-08-14 11:34:28 11,518 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541633127-1332290719-2124996763-1000_UserData.bin
+ 2008-08-15 07:23:36 11,950 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-541633127-1332290719-2124996763-1000_UserData.bin
- 2008-08-14 11:34:28 81,908 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 07:23:36 82,728 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-14 11:34:20 52,714 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-15 07:23:35 52,906 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-14 16:53:47 67,018 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"BitTorrent DNA"="C:\Users\Marco Manni\Program Files\DNA\btdna.exe" [2008-06-13 09:02 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 15:34 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 08:02 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-30 23:09 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 15:27 4702208 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C66DE1F0-5480-4585-AF68-C3F8C4CADAEA}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= UDP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"UDP Query User{369DCB35-F3A8-418E-AC68-5993A4816D65}C:\\users\\marco manni\\program files\\dna\\btdna.exe"= TCP:C:\users\marco manni\program files\dna\btdna.exe:btdna.exe
"TCP Query User{56EBAC93-DFF9-4BBC-B26C-FF6DCA17C7C7}C:\\program files\\msn messenger\\msnmsgr.exe"= UDP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{56337971-6F4B-470A-8719-99919C74F2E3}C:\\program files\\msn messenger\\msnmsgr.exe"= TCP:C:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{16570AA8-5116-46FC-BA6C-C64CA4D374B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3EE1B1ED-658A-4442-AD13-89B36B199B52}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F5EA7A24-AAD6-4375-B242-7E4C843FE04B}C:\\age of empire 2\\empires2.exe"= UDP:C:\age of empire 2\empires2.exe:Age of Empires II
"UDP Query User{89B8DBA4-B025-402C-909A-662BBB12E576}C:\\age of empire 2\\empires2.exe"= TCP:C:\age of empire 2\empires2.exe:Age of Empires II
"{BDFE8587-FE89-4692-ADC9-F2C91F4EDA19}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7544316F-CE47-44BE-953E-CD81EF1982C8}"= UDP:990:LocalSubnet:LocalSubnet|IF={0B12428F-5277-45D5-A7C8-B12DAC2E9AD4}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 19:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 19:34]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 01:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72ef1970-2afa-11dd-8ce8-001e68515335}]
\shell\AutoRun\command - G:\EE3AutoRun.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{967D5AAF-EC62-4811-83AB-F7219A28DE38}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 09:35:56
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-15 9:37:51
ComboFix-quarantined-files.txt 2008-08-15 07:37:37
ComboFix2.txt 2008-08-14 11:41:25

Pre-Run: 152,581,443,584 byte disponibili
Post-Run: 152,544,825,344 byte disponibili

301 --- E O F --- 2008-08-14 10:53:11

[Luke57]

Ciao, sembra OK.

[maxy3000]

Grazie mille adesso il pc va perfettamente