VIRUS NEL REGISTRO

[palmike]

Credo di aver preso un virus o un trojan.
Windows parte ma va a rilento... la tastiera a volte non scrive e la barra inferiore orizzontale risulta impallata.
Cercando di fare ripristino configurazione di sistema mi dice che è impossibile perchè stato disattivato dai criteri di gruppo.
Malware bytes mi trova dei virus... ma quando riavvio e lo rifaccio me li ritrova... quindi credo che non vengano cancellati.
Posto il log di malware... se qualcuno sa aiutarmi... grazie infinite
===========================================
Malwarebytes' Anti-Malware 1.44
Versione del database: 3869
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/04/2010 8.43.44
mbam-log-2010-04-24 (08-43-44).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 325201
Tempo trascorso: 1 hour(s), 51 minute(s), 6 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 2
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Utente\Impostazioni locali\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
=====================================

[shel]

ciao


scarica combofix sul desktop ed eseguilo

digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

[palmike]

non posso collegarmi in internet per scaricare combofix... dovrei scaricarlo con un altro pc e passarlo... ma riesco a trovare solo combofix che si istallano automaticamente... non c'è un modo per salvare il setup?

[shel]

il set up puoi prelevarlo dal link che ti ho postato, e' quello giusto

trasferiscilo poi nel pc malato e avvia la scansione

[palmike]

ho fatto...questo è il report

ComboFix 10-04-21.01 - Utente 24/04/2010 18.55.34.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.163 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Creati Da 2010-03-24 al 2010-04-24 )))))))))))))))))))))))))))))))))))
.

2010-04-24 16:40 . 2010-04-24 16:40 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2010-04-24 16:34 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-24 16:34 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-24 16:34 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-24 16:34 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-24 16:34 . 2010-04-24 16:34 -------- d-----w- c:\programmi\Avira
2010-04-24 11:58 . 2010-04-24 11:59 -------- d-----w- c:\documents and settings\utente 3
2010-04-23 23:36 . 2010-04-23 23:36 1251 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
2010-04-23 23:36 . 2010-04-23 23:36 10191 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C2B4A4AA56408FC3AB67720A728DCABA.dll
2010-04-23 23:36 . 2010-04-23 23:36 309 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C058BFB832DAD623998C4DD2DFFCE70A.dll
2010-04-23 23:36 . 2010-04-23 23:36 26 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BC9F03DAB9047A647B88C16EF341EB03.dll
2010-04-23 23:36 . 2010-04-23 23:36 916 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_4340C992E4F4F1439A61E470EA3BE597.dll
2010-04-23 23:36 . 2010-04-23 23:36 6940 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_AA0C6E093FD32E13791B9BD12BE8647B.dll
2010-04-23 15:47 . 2010-04-23 15:47 54016 ----a-w- c:\windows\system32\drivers\eafrgdb.sys
2010-04-23 12:52 . 2010-04-23 12:52 112496 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-23 11:16 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-23 11:16 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-23 11:16 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-23 11:16 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-23 11:16 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-23 11:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-23 10:12 . 2010-04-23 10:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-21 07:24 . 2010-04-21 07:24 -------- d-----w- c:\programmi\Grafill
2010-04-12 17:30 . 2010-04-12 17:30 443912 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\temp\~Upg1\setup.exe
2010-04-07 07:03 . 2010-04-15 17:44 88 --sh--r- c:\documents and settings\All Users\Dati applicazioni\Protexis\C93D2E4574.sys
2010-04-07 06:59 . 2010-04-15 18:42 2828 --sha-w- c:\documents and settings\All Users\Dati applicazioni\Protexis\KGyGaAvL.sys
2010-04-07 06:59 . 2010-04-07 07:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Protexis
2010-04-06 17:00 . 2010-04-06 17:00 348256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-04-06 16:57 . 2010-04-06 16:57 348256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-04-06 16:55 . 2010-04-06 16:55 416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-04-06 16:51 . 2010-04-06 16:51 -------- d-----w- c:\programmi\Microsoft SDKs
2010-04-06 16:51 . 2010-04-06 17:02 -------- d-----w- c:\programmi\Microsoft Visual Studio 9.0
2010-04-06 16:51 . 2010-04-06 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-06 16:49 . 2010-04-23 23:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2010-04-06 13:41 . 2010-04-06 13:41 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Threat Expert
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-02 07:44 . 2010-04-23 12:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-26 19:44 . 2010-04-24 16:25 443912 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 16:34 . 2008-10-13 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-04-23 23:37 . 2010-03-22 19:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2010-04-23 23:35 . 2010-03-22 19:08 -------- d-----w- c:\programmi\Security Task Manager
2010-04-23 23:34 . 2007-11-28 08:42 -------- d-----w- c:\programmi\Corel
2010-04-23 15:12 . 2008-05-27 11:10 -------- d-----w- c:\programmi\Macromedia
2010-04-23 14:46 . 2007-10-11 06:27 -------- d-----w- c:\programmi\TavoliVerdi
2010-04-23 14:46 . 2008-04-19 09:01 -------- d-----w- c:\programmi\Total Uninstall
2010-04-23 14:10 . 2010-03-05 15:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alice Mobile Olicard 100
2010-04-14 20:34 . 2008-05-17 13:55 -------- d-----w- c:\programmi\MidiPlus 2.00
2010-04-14 20:33 . 2007-08-11 10:27 -------- d-----w- c:\programmi\Nokia
2010-04-14 20:32 . 2007-08-11 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2010-04-14 09:56 . 2007-08-14 09:14 -------- d-----w- c:\programmi\Google
2010-04-13 21:31 . 2008-02-25 17:47 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2010-04-13 21:09 . 2008-02-25 17:50 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2010-04-11 22:09 . 2010-03-13 00:44 553608 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-07 06:59 . 2007-11-28 09:17 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Corel
2010-04-07 06:59 . 2007-08-12 09:39 112496 -c--a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-06 21:23 . 2008-02-10 16:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-06 21:23 . 2008-12-30 17:58 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-06 14:28 . 2008-03-22 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-02 07:47 . 2009-01-21 08:22 -------- d-----w- c:\programmi\Alwil Software
2010-03-28 08:18 . 2004-08-19 12:00 96482 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 08:18 . 2004-08-19 12:00 514662 ----a-w- c:\windows\system32\perfh010.dat
2010-03-24 17:44 . 2010-03-19 09:37 400 ----a-w- c:\windows\system32\drivers\eaxext_302.set
2010-03-24 17:44 . 2010-03-19 09:37 400 ----a-w- c:\windows\system32\drivers\bcompbg979.dat
2010-03-22 19:08 . 2010-03-22 19:08 296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8767879ED15587446928BD5B78521701.dll
2010-03-19 14:00 . 2010-03-19 14:00 -------- d-----w- c:\programmi\File comuni\AsuniCAD
2010-03-19 14:00 . 2010-03-19 14:00 -------- d-----w- c:\programmi\AsuniCAD
2010-03-19 09:36 . 2010-03-19 09:34 -------- d-----w- c:\programmi\Rhinoceros 4.0
2010-03-19 09:35 . 2010-03-19 09:35 -------- d-----w- c:\programmi\File comuni\McNeel Shared
2010-03-19 09:34 . 2010-03-19 09:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McNeel
2010-03-17 19:22 . 2010-03-17 14:22 -------- d-----w- c:\programmi\art-lantis 4.5
2010-03-17 14:57 . 2010-03-17 14:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Abvent
2010-03-17 14:56 . 2010-03-17 14:56 618 ----a-w- c:\programmi\Art-lantis 4.5.lnk
2010-03-15 08:29 . 2010-03-15 08:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-12 10:14 . 2010-03-12 10:13 -------- d-----w- c:\programmi\Microsoft LifeCam
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 22:03 . 2007-08-06 14:46 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-08 22:02 . 2010-03-08 22:02 -------- d-----w- c:\programmi\File comuni\PCCamera
2010-03-08 22:02 . 2007-08-27 14:38 -------- d-----w- c:\programmi\Trust
2010-03-07 17:37 . 2010-03-07 17:37 -------- d-----w- c:\programmi\Docfa4
2010-03-04 15:04 . 2008-04-18 15:05 -------- d-----w- c:\programmi\Virtual Earth 3D
2010-03-03 11:32 . 2010-03-03 11:32 -------- d-----w- c:\programmi\WinHTTrack
2010-02-25 06:16 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 14:15 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-04-28 17:46 . 2007-11-28 09:23 56 --sh--r- c:\windows\system32\5C34579C64.sys
2008-04-28 17:48 . 2007-11-28 08:47 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------


[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

c:\windows\System32\drivers\beep.sys ... è mancante !!
.
((((((((((((((((((((((((((((( SnapShot@2010-04-24_16.04.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-24 16:34 . 2009-05-11 07:12 28520 c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-18 5562368]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"nwiz"="nwiz.exe" [2005-05-18 1495040]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-15 185896]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 -c--a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-08-30 14:37 286720 -c--a-w- c:\windows\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-03-10 16:43 688218 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-03-10 16:44 98394 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-05-15 10:28 185896 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-04-30 20:57 10752 -c--a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Documents and Settings\\michele\\Documenti\\palmike\\ftp\\WS_FTP95.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\art-lantis 4.5\\Art-lantis.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/03/2008 9.56.42 12424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/04/2010 18.34.29 135336]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2008 9.56.40 75272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/03/2008 9.53.40 22528]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [20/05/2005 9.01.20 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [20/05/2005 9.31.12 21504]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [05/01/2005 2.48.42 226768]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9c72ac582362e;Google Update Service (gupdate1c9c72ac582362e);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2009 13.24.45 133104]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-27 11:24]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-27 11:24]

2010-04-24 c:\windows\Tasks\User_Feed_Synchronization-{C2E02079-801F-478B-AA25-291E05B4BAEA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.michelepalamara.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchAssistant = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4992D497-7825-4CC8-84CC-2D90AE501E0F} = 85.37.17.50 85.38.28.76
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://it.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}\components\susfox3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-04-24 19:09:18
ComboFix-quarantined-files.txt 2010-04-24 17:09
ComboFix2.txt 2010-04-24 16:08
ComboFix3.txt 2010-04-24 12:56
ComboFix4.txt 2010-04-24 11:43

Pre-Run: 3.050.856.448 byte disponibili
Post-Run: 3.079.507.968 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F3C788A9027D03F87EAE762AEC2AE953

[Luke57]

Ciao, Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok)
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Codice: Seleziona tutto

File::
c:\windows\system32\drivers\eafrgdb.sys

Folder::
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan

e trascinalo sull'icona di ComboFix. Il programma avvierà una nuova scansione.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta poi il log aggiornato di combofix

[palmike]

questo è l'ultimo log di combofix... ora che devo fare?
grazie

ComboFix 10-05-01.01 - Utente 01/05/2010 20.40.59.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.233 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::
"c:\windows\system32\drivers\eafrgdb.sys"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_10
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_ConnMonitor2DAE2006
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_entreelist.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_enviewlist.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_jusched1854592
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_realsched29B0D62A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_SDHelper2DBBD967
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_t3ak7pqdyv65897531
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_win1653BAEA64
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\_WindowsLiveLogin71323B7E
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_00002109020090400000000000F01FEC
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_000021599B0090400000000000F01FEC
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_00ADB7D6AD4A9F94AB4EF77BF1AA7473
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_00ADB7D6AD4A9F94AB4EF77BF1AA7473.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0140110900063D11C8EF10054038389C
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0140110900063D11C8EF10054038389C.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0149C053C7D38EE4AB9A00CB3B5D2472
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0149C053C7D38EE4AB9A00CB3B5D2472.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_01E4D47B488600000000000000001010
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_01E4D47B488600000000000000001010.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0321EC6F496A68B42BC11AA1116298AD
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0321EC6F496A68B42BC11AA1116298AD.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_07ED75EFED5946B4296648AD180135BD
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_07ED75EFED5946B4296648AD180135BD.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0D756077321A70C3E844C138CE981581
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0F96ECA58E3Abe44881CA048E1071008
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_0F96ECA58E3Abe44881CA048E1071008.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_11DD28868B33AED43850E767B57FB43D
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_11DD28868B33AED43850E767B57FB43D.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_11E96A25BEC7d7a4697086ABF4938AB9
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_11E96A25BEC7d7a4697086ABF4938AB9.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_12341rg
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_12345db
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_12D77C94F19F69247BFD915CFF15FAD4
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_12D77C94F19F69247BFD915CFF15FAD4.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_15D4970CE5A768144861DAD8160F0104
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_15D4970CE5A768144861DAD8160F0104.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_169E78D2B775B294DA45318686F09B7A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_169E78D2B775B294DA45318686F09B7A.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_16E7FAE2E860FD1159C3000565084666
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_16E7FAE2E860FD1159C3000565084666.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_18555481990E8AB4CBB63FB4F26006C0
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_18555481990E8AB4CBB63FB4F26006C0.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_1D167F2236080714DA7FD2F27438C49A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_1D167F2236080714DA7FD2F27438C49A.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_1F90411A33DC670458BCE44E8A34B9EF
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_1F90411A33DC670458BCE44E8A34B9EF.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_2162BC17C72685D3D8287B47442BB7A6
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_2162BC17C72685D3D8287B47442BB7A6.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_23F5CE957D8D90930BBC52A50DF99539
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_23F5CE957D8D90930BBC52A50DF99539.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_27cd81bd02dc1084eb285f2dacee4c7d
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_27cd81bd02dc1084eb285f2dacee4c7d.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_3BA9B7CD5362AA5459D709DF7EDC157D
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_3BA9B7CD5362AA5459D709DF7EDC157D.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_4340C992E4F4F1439A61E470EA3BE597
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_4340C992E4F4F1439A61E470EA3BE597.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_460C9015E31878e40BED8CFAB7B50CB2
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_460C9015E31878e40BED8CFAB7B50CB2.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_47ab889772a4586499a1350f272f8280
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_47ab889772a4586499a1350f272f8280.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_4C7BB6329144DF244001E152A7523ED4
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_4C7BB6329144DF244001E152A7523ED4.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_50D24CD8B0860B148887C6412D6420BD
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_50D24CD8B0860B148887C6412D6420BD.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_5A713135A68563E4781CAC2843743B57
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_5A713135A68563E4781CAC2843743B57.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_603D80B7662774649A62F28718E71D0E
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_603D80B7662774649A62F28718E71D0E.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_684ABA0EB93A69B4DB08573769510197
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_684ABA0EB93A69B4DB08573769510197.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_68AB67CA7DA70401B7449A0000000010
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_68AB67CA7DA70401B7449A0000000010.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7345F243D78C5BB4989B2BE3616C3A59
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7345F243D78C5BB4989B2BE3616C3A59.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7475C6877341D3440BE6970AF04E1501
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7475C6877341D3440BE6970AF04E1501.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_74E2C7F0E98032d49B7F93EB00017067
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_74E2C7F0E98032d49B7F93EB00017067.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7B2AE280C41C84D45872FE38579EE9EB
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7B2AE280C41C84D45872FE38579EE9EB.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7D2F387510050140002000060BECB6AB
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7D2F387510050140002000060BECB6AB.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7df9a79e1af2474428d0f388395a7ba8
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7df9a79e1af2474428d0f388395a7ba8.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_84EFC47DF7801E64086E2E59E0A1D8EC
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_84EFC47DF7801E64086E2E59E0A1D8EC.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8767879ED15587446928BD5B78521701
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8767879ED15587446928BD5B78521701.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9040820900063D11C8EF00054038389C
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9040820900063D11C8EF00054038389C.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_92EA46EF388007C43888CD2006919C00
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_92EA46EF388007C43888CD2006919C00.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9CF66F1AEE11F2F4899C618F1D6EF97B
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9CF66F1AEE11F2F4899C618F1D6EF97B.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9DFA8B519E2968E4699D38AF5C018BE2
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9DFA8B519E2968E4699D38AF5C018BE2.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9FF96681EF8Ca704F9076E4798B6D14B
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_9FF96681EF8Ca704F9076E4798B6D14B.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A18B9BCCF76123843B502D0A3480043B
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A18B9BCCF76123843B502D0A3480043B.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A3E8A99DA5EA2964B891F6614D452E04
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A3E8A99DA5EA2964B891F6614D452E04.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A49C535EF78B2814EB8AE1392270D8E3
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A49C535EF78B2814EB8AE1392270D8E3.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A4F2E5F6D77300740B3EF8F75770AE51
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A4F2E5F6D77300740B3EF8F75770AE51.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A80D00DEF5C3D884390A0AF4122F9365
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A80D00DEF5C3D884390A0AF4122F9365.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A83CD216A63B996488BE217C93D42ECF
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A83CD216A63B996488BE217C93D42ECF.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A8FEF78679584b0438C292E73A3F8571
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_A8FEF78679584b0438C292E73A3F8571.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_AA0C6E093FD32E13791B9BD12BE8647B
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_AA0C6E093FD32E13791B9BD12BE8647B.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_AAE7BCB6C89563847BAE63244EA12A22
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_AAE7BCB6C89563847BAE63244EA12A22.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_ABB21E0F66DA22044A351A8C0A4C5D07
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_ABB21E0F66DA22044A351A8C0A4C5D07.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_B0E784FDF2B8B0347A9F49ED5F2955D5
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_B0E784FDF2B8B0347A9F49ED5F2955D5.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_b25099274a207264182f8181add555d0
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_b9303ace924ef024dbe5d7ce6038cf23
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_b9303ace924ef024dbe5d7ce6038cf23.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BC9F03DAB9047A647B88C16EF341EB03
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BC9F03DAB9047A647B88C16EF341EB03.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BCBABCC2724655A40B19946864324CF3
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BCBABCC2724655A40B19946864324CF3.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BF0D824FD567BE04DB8D1A7E5F5C79AF
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_BF0D824FD567BE04DB8D1A7E5F5C79AF.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C058BFB832DAD623998C4DD2DFFCE70A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C058BFB832DAD623998C4DD2DFFCE70A.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C0EC6E66E1A5C0344BA0C009FF81408A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C0EC6E66E1A5C0344BA0C009FF81408A.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C11362F5531BF7F41BE1E856F03856E1
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C11362F5531BF7F41BE1E856F03856E1.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C19308D027A0BB34B92C41F336CC11D1
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C19308D027A0BB34B92C41F336CC11D1.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C2B4A4AA56408FC3AB67720A728DCABA
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C2B4A4AA56408FC3AB67720A728DCABA.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C550BCCB46F731B4095F70D86E39EE00
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_C550BCCB46F731B4095F70D86E39EE00.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CB88908707CECB449BEDE228E1382CC6
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CB88908707CECB449BEDE228E1382CC6.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CC0F0E2D0EB6b0940BB8297680E3439C
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CC0F0E2D0EB6b0940BB8297680E3439C.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81520
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81520.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D96DC24F393E8c742BDC1B934CDA9A8A
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_D96DC24F393E8c742BDC1B934CDA9A8A.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DAED58A8F1C7863488C127CA47BCE219
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DAED58A8F1C7863488C127CA47BCE219.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDAC0CCE19400BF4AA8BD56C3C1798E0
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDAC0CCE19400BF4AA8BD56C3C1798E0.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_DDB6C50237B7ED245850A990F3532A83.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E1DEBD8B3CB880d49BA49F7D8DE8B9FB
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E1DEBD8B3CB880d49BA49F7D8DE8B9FB.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5A3369098038A14F91F83121724C3D5
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5A3369098038A14F91F83121724C3D5.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5D9BA5A2E25e0443ADE59212E358CA1
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5D9BA5A2E25e0443ADE59212E358CA1.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_EA15D5BA3CBED83478C207C5C702480B
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_EA15D5BA3CBED83478C207C5C702480B.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_f7d2296c896ce9d46917b8d30ed45111
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_f7d2296c896ce9d46917b8d30ed45111.dll
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_FD8F9B0A949Cde548980D75C0C1CC918
c:\documents and settings\All Users\Dati applicazioni\SecTaskMan\icn_FD8F9B0A949Cde548980D75C0C1CC918.dll
c:\programmi\WindowsUpdate
c:\windows\system32\drivers\eafrgdb.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-04-01 al 2010-05-01 )))))))))))))))))))))))))))))))))))
.

2010-04-28 14:09 . 2010-04-28 14:09 -------- d-----w- c:\programmi\Alice Mobile Olicard 100
2010-04-28 14:08 . 2010-04-28 14:08 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\InstallShield
2010-04-25 22:16 . 2010-04-25 22:17 -------- d-----w- c:\windows\system32\NtmsData
2010-04-24 16:40 . 2010-04-24 16:40 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Avira
2010-04-24 16:34 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-24 16:34 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-24 16:34 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-24 16:34 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-24 16:34 . 2010-04-24 16:34 -------- d-----w- c:\programmi\Avira
2010-04-24 11:59 . 2010-04-24 11:59 -------- d-sh--w- c:\documents and settings\utente 3\IETldCache
2010-04-23 12:52 . 2010-04-23 12:52 112496 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-23 11:16 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-23 11:16 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-23 11:16 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-23 11:16 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-23 11:16 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-23 11:16 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-23 10:12 . 2010-04-23 10:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-21 07:24 . 2010-04-21 07:24 -------- d-----w- c:\programmi\Grafill
2010-04-07 06:59 . 2010-04-07 07:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Protexis
2010-04-06 16:55 . 2010-04-06 16:55 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-04-06 16:51 . 2010-04-06 16:51 -------- d-----w- c:\programmi\Microsoft SDKs
2010-04-06 16:51 . 2010-04-06 17:02 -------- d-----w- c:\programmi\Microsoft Visual Studio 9.0
2010-04-06 16:51 . 2010-04-06 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-06 16:49 . 2010-04-23 23:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Corel
2010-04-06 13:41 . 2010-04-06 13:41 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Threat Expert
2010-04-06 08:03 . 2010-04-06 08:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-02 07:44 . 2010-04-23 12:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 18:46 . 2009-07-21 07:26 -------- d-----w- c:\programmi\Burraconline
2010-04-28 14:09 . 2010-03-05 15:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alice Mobile Olicard 100
2010-04-28 14:09 . 2007-08-06 14:46 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-24 16:34 . 2008-10-13 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-04-24 16:25 . 2010-03-26 19:44 443912 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-04-23 23:35 . 2010-03-22 19:08 -------- d-----w- c:\programmi\Security Task Manager
2010-04-23 23:34 . 2007-11-28 08:42 -------- d-----w- c:\programmi\Corel
2010-04-23 15:12 . 2008-05-27 11:10 -------- d-----w- c:\programmi\Macromedia
2010-04-23 14:46 . 2007-10-11 06:27 -------- d-----w- c:\programmi\TavoliVerdi
2010-04-23 14:46 . 2008-04-19 09:01 -------- d-----w- c:\programmi\Total Uninstall
2010-04-15 18:42 . 2010-04-07 06:59 2828 --sha-w- c:\documents and settings\All Users\Dati applicazioni\Protexis\KGyGaAvL.sys
2010-04-15 17:44 . 2010-04-07 07:03 88 --sh--r- c:\documents and settings\All Users\Dati applicazioni\Protexis\C93D2E4574.sys
2010-04-14 20:34 . 2008-05-17 13:55 -------- d-----w- c:\programmi\MidiPlus 2.00
2010-04-14 20:33 . 2007-08-11 10:27 -------- d-----w- c:\programmi\Nokia
2010-04-14 20:32 . 2007-08-11 10:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2010-04-14 09:56 . 2007-08-14 09:14 -------- d-----w- c:\programmi\Google
2010-04-13 21:31 . 2008-02-25 17:47 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2010-04-13 21:09 . 2008-02-25 17:50 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2010-04-12 17:30 . 2010-04-12 17:30 443912 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\Update\temp\~Upg1\setup.exe
2010-04-11 22:09 . 2010-03-13 00:44 553608 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-07 06:59 . 2007-11-28 09:17 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Corel
2010-04-07 06:59 . 2007-08-12 09:39 112496 -c--a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-06 21:23 . 2008-02-10 16:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-06 21:23 . 2008-12-30 17:58 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-04-06 17:00 . 2010-04-06 17:00 348256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-04-06 16:57 . 2010-04-06 16:57 348256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-04-06 16:55 . 2010-04-06 16:55 416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-06 14:28 . 2008-03-22 14:28 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-02 07:47 . 2009-01-21 08:22 -------- d-----w- c:\programmi\Alwil Software
2010-03-28 08:18 . 2004-08-19 12:00 96482 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 08:18 . 2004-08-19 12:00 514662 ----a-w- c:\windows\system32\perfh010.dat
2010-03-24 17:44 . 2010-03-19 09:37 400 ----a-w- c:\windows\system32\drivers\eaxext_302.set
2010-03-24 17:44 . 2010-03-19 09:37 400 ----a-w- c:\windows\system32\drivers\bcompbg979.dat
2010-03-19 14:00 . 2010-03-19 14:00 -------- d-----w- c:\programmi\File comuni\AsuniCAD
2010-03-19 14:00 . 2010-03-19 14:00 -------- d-----w- c:\programmi\AsuniCAD
2010-03-19 09:36 . 2010-03-19 09:34 -------- d-----w- c:\programmi\Rhinoceros 4.0
2010-03-19 09:35 . 2010-03-19 09:35 -------- d-----w- c:\programmi\File comuni\McNeel Shared
2010-03-19 09:34 . 2010-03-19 09:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McNeel
2010-03-17 19:22 . 2010-03-17 14:22 -------- d-----w- c:\programmi\art-lantis 4.5
2010-03-17 14:57 . 2010-03-17 14:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Abvent
2010-03-17 14:56 . 2010-03-17 14:56 618 ----a-w- c:\programmi\Art-lantis 4.5.lnk
2010-03-15 08:29 . 2010-03-15 08:29 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-12 10:14 . 2010-03-12 10:13 -------- d-----w- c:\programmi\Microsoft LifeCam
2010-03-10 06:15 . 2004-08-19 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 22:02 . 2010-03-08 22:02 -------- d-----w- c:\programmi\File comuni\PCCamera
2010-03-08 22:02 . 2007-08-27 14:38 -------- d-----w- c:\programmi\Trust
2010-03-07 17:37 . 2010-03-07 17:37 -------- d-----w- c:\programmi\Docfa4
2010-03-04 15:04 . 2008-04-18 15:05 -------- d-----w- c:\programmi\Virtual Earth 3D
2010-03-03 11:32 . 2010-03-03 11:32 -------- d-----w- c:\programmi\WinHTTrack
2010-02-25 06:16 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:05 . 2004-08-19 12:00 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-11 14:15 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-19 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-04-28 17:46 . 2007-11-28 09:23 56 --sh--r- c:\windows\system32\5C34579C64.sys
2008-04-28 17:48 . 2007-11-28 08:47 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------


[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-19 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

c:\windows\System32\drivers\beep.sys ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\programmi\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-18 5562368]
"nwiz"="nwiz.exe" [2005-05-18 1495040]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-15 185896]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 2805248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ConnMonitor"="c:\programmi\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 -c--a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-08-30 14:37 286720 -c--a-w- c:\windows\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-03-10 16:43 688218 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-03-10 16:44 98394 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-05-15 10:28 185896 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-04-30 20:57 10752 -c--a-w- c:\programmi\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Documents and Settings\\michele\\Documenti\\palmike\\ftp\\WS_FTP95.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Programmi\\art-lantis 4.5\\Art-lantis.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/03/2008 9.56.42 12424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/04/2010 18.34.29 135336]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2008 9.56.40 75272]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/03/2008 9.53.40 22528]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [20/05/2005 9.01.20 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [20/05/2005 9.31.12 21504]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [05/01/2005 2.48.42 226768]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 gupdate1c9c72ac582362e;Google Update Service (gupdate1c9c72ac582362e);c:\programmi\Google\Update\GoogleUpdate.exe [27/04/2009 13.24.45 133104]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-27 11:24]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-27 11:24]

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{C2E02079-801F-478B-AA25-291E05B4BAEA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.michelepalamara.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchAssistant = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://it.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}\components\susfox3.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 21:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\slserv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\programmi\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-01 21:21:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-01 19:21
ComboFix2.txt 2010-04-24 17:09
ComboFix3.txt 2010-04-24 16:08
ComboFix4.txt 2010-04-24 12:56
ComboFix5.txt 2010-05-01 18:37

Pre-Run: 2.467.721.216 byte disponibili
Post-Run: 2.840.449.024 byte disponibili

- - End Of File - - 5C0A158FBEEB489B5A74E8040CC308A8