Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Nt* are Hooked by "spwi.sys"


  • This topic is locked This topic is locked
2 replies to this topic

#1 Montar

Montar

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 03 April 2010 - 07:13 AM

Hello,
I've run Rootrepeal (I do this once in a while) and found
-hooked function
-lot of stealth object
When I've run combofix it said some drive emulators were running but virtualclonedrive was set to 'no drive'
So I'm beginning to have some doubt about being hijacked.
Or maybe it's the Nokia software that I've installed for my phone creating a virtual drive of the phone???
Eset online scan didn't find anything bad.
please help! here's the logs:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/02 22:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2AE6000 Size: 876544 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7D60000 Size: 1664 File Visible: No Signed: -
Status: -

Name: PCI_PNP0686
Image Path: \Driver\PCI_PNP0686
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA2288000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7C9E000 Size: 5248 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spwi.sys
Image Path: spwi.sys
Address: 0xF7682000 Size: 995328 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spwi.sys" at address 0xf76830e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spwi.sys" at address 0xf769bda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spwi.sys" at address 0xf769c132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spwi.sys" at address 0xf76830c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spwi.sys" at address 0xf769c20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spwi.sys" at address 0xf769c08a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spwi.sys" at address 0xf769c29c

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f641f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_CREATE]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_CLOSE]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_POWER]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: ac0z3evv؅ః杇獬ĉ, IRP_MJ_PNP]
Process: System Address: 0x863de1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86f651f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x863f81f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86f661f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x864631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fd71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x863a71f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x864af1f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CREATE]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CLOSE]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_POWER]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_PNP]
Process: System Address: 0x86fd61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x863a1418 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_CREATE]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_CLOSE]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_READ]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_CLEANUP]
Process: System Address: 0x8600a458 Size: 121

Object: Hidden Code [Driver: Cdfs؅౨瑎晦܂ੈ, IRP_MJ_PNP]
Process: System Address: 0x8600a458 Size: 121

==EOF==


ComboFix 10-04-01.02 - Fabio 02/04/2010 22.52.47.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1015.571 [GMT 2:00]
Eseguito da: c:\documents and settings\Fabio\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Rainmeter.lnk
c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-02 al 2010-04-02 )))))))))))))))))))))))))))))))))))
.

2010-04-02 20:19 . 2010-04-02 20:19 -------- d-----w- c:\temp\WPDNSE
2010-04-02 17:53 . 2010-04-02 17:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2010-04-02 17:10 . 2010-04-02 20:59 -------- d-----w- c:\temp\CR_6.tmp
2010-04-01 18:31 . 2010-04-01 18:31 4076824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-04-01 18:31 . 2010-04-01 18:31 2059544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-04-01 18:31 . 2010-04-01 18:31 598296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-04-01 18:31 . 2010-04-01 18:31 4250976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-04-01 18:31 . 2010-04-01 18:31 313112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglogx.dll
2010-04-01 18:31 . 2010-04-01 18:31 1598744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-04-01 18:31 . 2010-04-01 18:31 1515224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgwd.dll
2010-04-01 18:31 . 2010-04-01 18:31 1274136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-04-01 18:31 . 2010-04-01 18:31 556824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2010-04-01 18:31 . 2010-04-01 18:31 459544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcclix.dll
2010-04-01 18:31 . 2010-04-01 18:31 301336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-04-01 18:31 . 2010-04-01 18:31 1086744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchsvx.exe
2010-04-01 18:29 . 2010-04-01 18:29 1685784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-04-01 18:29 . 2010-04-01 18:29 1035032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-31 18:46 . 2010-03-31 18:58 -------- d-----w- c:\temp\plugtmp-4
2010-03-31 15:22 . 2010-03-31 15:22 -------- d-----w- c:\temp\VBE
2010-03-31 07:22 . 2010-04-02 20:59 -------- d-----w- c:\temp\Excel8.0
2010-03-28 16:13 . 2010-03-28 16:13 -------- d-----w- c:\temp\BTN%Copy%1
2010-03-28 13:15 . 2010-03-28 13:18 -------- d-----w- c:\temp\plugtmp-3
2010-03-27 13:29 . 2010-03-27 13:30 -------- d-----w- c:\temp\plugtmp-2
2010-03-26 18:11 . 2010-04-02 20:59 -------- d-----w- c:\temp\CR_5.tmp
2010-03-24 21:10 . 2010-04-02 20:59 -------- d-----w- c:\temp\plugtmp-1
2010-03-24 20:42 . 2010-04-02 20:59 -------- d-----w- c:\temp\Nokia Ovi Suite Thumbnail Cache
2010-03-24 20:37 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-03-24 20:37 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-03-24 20:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-03-24 20:19 . 2010-03-24 20:19 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-24 20:19 . 2010-03-24 20:19 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-24 20:19 . 2010-03-24 20:19 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-24 20:19 . 2010-03-24 20:19 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-24 20:19 . 2010-03-24 20:19 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-24 20:19 . 2010-03-24 20:19 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-24 20:18 . 2010-03-24 20:17 98366952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-03-24 20:13 . 2010-03-24 20:13 -------- d-----w- c:\programmi\DIFX
2010-03-24 20:13 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-24 20:12 . 2009-12-30 10:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-03-24 20:12 . 2009-12-30 10:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-03-24 20:12 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-24 20:12 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-24 20:12 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-24 20:12 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-24 20:12 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-24 20:12 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-24 20:12 . 2009-12-30 10:30 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-03-24 20:11 . 2010-03-22 20:52 34657496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_it.exe
2010-03-24 20:09 . 2010-04-02 20:59 -------- d-----w- c:\temp\RarSFX0
2010-03-24 20:09 . 2010-03-24 20:09 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-24 20:09 . 2010-03-24 20:09 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-24 20:09 . 2010-03-24 20:09 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-22 20:54 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2010-03-22 20:53 . 2010-04-02 17:47 -------- d-----w- c:\programmi\Nokia
2010-03-21 20:51 . 2010-03-21 20:51 -------- d-----w- c:\temp\1bqyj9nt
2010-03-21 19:43 . 2010-03-21 19:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-20 16:34 . 2010-03-20 16:34 -------- d-----w- c:\temp\Nokia Communication Centre - Messages
2010-03-20 16:33 . 2010-04-02 20:59 -------- d--h--w- c:\temp\nCommsTempNokia
2010-03-20 16:33 . 2010-04-02 20:59 -------- d--h--w- c:\temp\NGLATempNokia
2010-03-20 14:40 . 2010-04-02 20:59 -------- d-----w- c:\temp\plugtmp
2010-03-20 13:56 . 2010-03-20 13:56 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\Nokia Ovi Suite
2010-03-20 13:47 . 2010-03-20 13:47 -------- d-----w- c:\temp\Nokia Ovi Share Cache
2010-03-20 13:35 . 2010-04-01 19:28 -------- d-----w- c:\temp\Nokia Remote Data Store
2010-03-20 13:18 . 2010-03-24 20:33 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\Nokia
2010-03-20 09:38 . 2010-04-01 19:28 -------- d-----w- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\Nokia
2010-03-20 09:37 . 2010-04-01 18:57 -------- d-----w- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\NokiaAccount
2010-03-20 09:28 . 2010-03-20 09:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-03-20 09:22 . 2010-03-20 09:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-03-20 09:22 . 2010-03-20 13:47 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\PC Suite
2010-03-19 22:02 . 2010-03-19 22:02 -------- d-----w- c:\temp\nro.log
2010-03-19 21:06 . 2010-03-19 21:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2010-03-19 20:51 . 2010-03-24 20:13 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-03-19 20:49 . 2010-03-24 20:22 -------- d-----w- c:\programmi\File comuni\Nokia
2010-03-19 20:47 . 2010-03-24 20:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-03-18 19:59 . 2010-04-02 20:59 -------- d-----w- c:\temp\CR_4.tmp
2010-03-17 07:52 . 2010-03-17 07:52 360584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-17 07:52 . 2010-03-17 07:52 333192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-17 07:52 . 2010-03-17 07:52 28424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-17 07:52 . 2010-03-17 07:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 21:53 . 2010-03-14 21:53 -------- d-----w- c:\programmi\ESET
2010-03-14 21:42 . 2010-03-31 16:44 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-14 20:52 . 2010-04-02 19:16 -------- d-----w- c:\temp\hsperfdata_Fabio
2010-03-14 18:45 . 2010-04-02 20:59 -------- d-----w- c:\temp\mProjector607978814
2010-03-14 17:57 . 2010-04-02 20:59 -------- d-----w- c:\temp\moz_mapi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 20:19 . 2010-01-27 18:44 -------- d-----w- c:\programmi\SpeedFan
2010-04-02 20:10 . 2008-11-18 20:34 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\foobar2000
2010-04-02 17:47 . 2007-06-06 16:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-01 19:53 . 2009-07-08 20:12 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-04-01 19:49 . 2009-07-07 19:17 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\uTorrent
2010-04-01 05:56 . 2009-07-07 19:16 -------- d-----w- c:\programmi\uTorrent
2010-03-31 16:56 . 2009-05-03 20:04 -------- d-----w- c:\programmi\PowerArchiver
2010-03-31 16:47 . 2009-12-19 19:09 -------- d-----w- c:\programmi\Malwarebytes
2010-03-31 16:46 . 2010-01-05 12:30 1100040 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-03-29 22:46 . 2009-12-19 19:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-12-19 19:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:03 . 2007-06-06 17:17 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\Skype
2010-03-28 17:02 . 2009-07-07 19:59 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\skypePM
2010-03-28 12:48 . 2009-10-17 19:13 -------- d-----w- c:\programmi\Unlocker
2010-03-27 11:19 . 2009-09-30 18:53 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\vlc
2010-03-21 20:51 . 2008-04-24 09:23 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-21 19:42 . 2008-06-01 09:47 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\dvdcss
2010-03-20 09:21 . 2010-03-20 09:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-20 09:21 . 2010-03-20 09:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-17 07:52 . 2009-12-20 16:21 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 07:52 . 2009-12-20 16:21 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 07:52 . 2009-12-20 16:21 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 14:16 . 2007-06-30 13:30 -------- d-----w- c:\programmi\foobar2000
2010-02-28 15:46 . 2010-02-23 20:59 -------- d-----w- c:\programmi\Codemasters
2010-02-28 14:20 . 2010-01-02 15:46 -------- d-----w- c:\programmi\Mp3tag
2010-02-27 15:50 . 2008-10-11 07:44 2516 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-02-27 15:50 . 2008-10-11 07:44 2516 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2010-02-27 09:24 . 2010-02-27 09:24 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\inkscape
2010-02-27 09:23 . 2010-02-27 09:16 -------- d-----w- c:\programmi\Inkscape
2010-02-25 06:16 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 20:58 . 2010-02-23 20:25 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\DAEMON Tools Lite
2010-02-23 20:28 . 2010-02-23 20:26 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-02-23 20:26 . 2010-02-23 20:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-23 20:25 . 2010-02-23 20:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-02-19 07:37 . 2009-07-25 12:38 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-02-19 07:37 . 2009-09-01 14:58 38784 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-19 07:37 . 2009-07-25 12:38 38784 ----a-w- c:\documents and settings\Fabio\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-16 21:25 . 2010-02-16 21:25 50354 ----a-w- c:\documents and settings\Fabio\Dati applicazioni\Facebook\uninstall.exe
2010-02-16 21:25 . 2010-02-16 21:25 -------- d-----w- c:\documents and settings\Fabio\Dati applicazioni\Facebook
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Fabio\Dati applicazioni\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Fabio\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
2010-01-24 16:21 . 2010-01-24 16:21 4096 ----a-w- c:\windows\d3dx.dat
2010-01-11 20:21 . 2007-06-06 17:50 156928 ----a-w- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-08 20:44 . 2010-01-08 20:44 495104 ----a-w- c:\windows\system32\sqlite3.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-03-14 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2009-02-11 480264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2007-10-12 439568]

c:\documents and settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\
SpeedFan.lnk - c:\programmi\SpeedFan\speedfan.exe [2009-11-25 4009592]
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2009-7-25 3581680]
TransBar.lnk - c:\programmi\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Y'z Shadow.lnk - c:\programmi\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-27 581693]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 07:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Autodesk\\Chaos Group\\V-Ray\\vrlserver.exe"=
"c:\\Programmi\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmi\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmi\\uTorrent\\utorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\JDownloader_portable\\CommonFiles\\Java\\bin\\javaw.exe"=
"c:\\Programmi\\SUPERAntiSpyware\\SSUpdate.exe"=
"c:\\Programmi\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Programmi\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.0.100/255.255.255.255:Enabled:@xpsp2res.dll,-22004
"9783:TCP"= 9783:TCP:*:Disabled:hocnus

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/12/2009 18.21.51 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/12/2009 18.21.58 242696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 17.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 17.26.56 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [17/03/2010 9.52.02 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/03/2010 9.52.08 308064]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [06/06/2007 18.08.28 88192]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/02/2010 22.26.15 691696]
S3 cpuz130;cpuz130; [x]
S3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\drivers\mausbft.sys [01/12/2009 22.08.35 156552]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [24/03/2010 22.12.50 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [24/03/2010 22.12.50 8320]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 17.27.00 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1425521274-839522115-1003Core.job
- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-14 08:52]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1425521274-839522115-1003UA.job
- c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-14 08:52]

2010-04-02 c:\windows\Tasks\User_Feed_Synchronization-{91389114-CD5E-4164-AD30-8C26582200E2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = msproxy.elsag.it:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\windowsupdate
DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} - file:///C:/Programmi/AutoCAD%202002%20Ita/InstFred.ocx
DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} - file:///C:/Programmi/AutoCAD%202002%20Ita/InstBanr.ocx
DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} - hxxp://www.vincolimap.it/ecwplugins/ncs.cab
FF - ProfilePath - c:\documents and settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Fabio\Dati applicazioni\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Fabio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\Drivers\iastor.tsk"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1425521274-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,6f,a9,9b,20,e2,ea,3a,3f,f8,b0,31,26,d1,d7,ee,07,6a,9f,3f,61,
b2,b1,26,81,97,33,17,da,23,62,ad,76,22,de,a8,8a,e6,54,23,9f,0b,73,27,9d,6c,\
"rkeysecu"=hex:8c,6f,42,83,04,60,9e,22,4d,56,8b,2c,fd,1b,ff,cc
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-04-02 23:02:34
ComboFix-quarantined-files.txt 2010-04-02 21:02

Pre-Run: 13.644.619.776 byte disponibili
Post-Run: 13.830.758.400 byte disponibili

- - End Of File - - 0B038D03B44F117304BEFE14F472CC36


OTL logfile created on: 02/04/2010 22.30.01 - Run 2
OTL by OldTimer - Version 3.1.19.0 Folder = C:\SWSetup\Malware Tools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.015,00 Mb Total Physical Memory | 497,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 12,41 Gb Free Space | 22,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONTARSOLO-PORT
Current User Name: Fabio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/01 20.30.49 | 02,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/04/01 20.29.54 | 01,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 09.52.12 | 00,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 09.52.12 | 00,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 09.52.08 | 00,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 09.52.02 | 00,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 09.52.02 | 00,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/03 10.46.52 | 01,531,904 | ---- | M] (Nokia) -- C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/12/20 15.48.51 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\SWSetup\Malware Tools\OTL.exe
PRC - [2009/07/31 15.23.19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe
PRC - [2009/02/11 09.48.00 | 00,480,264 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2008/03/18 17.27.12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/15 21.46.46 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/02/15 21.46.18 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/15 21.46.06 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/09/15 03.27.20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/24 11.15.14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/13 15.10.37 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 19.19.54 | 03,581,680 | ---- | M] (Stardock) -- C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/02/19 22.46.55 | 00,085,096 | ---- | M] (Autodesk) -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/01/05 23.36.48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\Core\smax4pnp.exe
PRC - [2006/12/19 10.30.26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006/09/29 13.48.06 | 00,065,536 | ---- | M] () -- C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
PRC - [2006/05/21 09.43.14 | 00,155,648 | ---- | M] (Y'z@Home) -- C:\Programmi\Vista Inspirat 2\YzShadow\YzShadow.exe
PRC - [2006/05/02 15.41.28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/04/29 15.21.28 | 00,094,208 | ---- | M] (Elaborate Bytes AG) -- C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2006/03/02 15.39.42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/02/27 17.02.06 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
PRC - [2006/02/27 17.00.58 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\BTStackServer.exe
PRC - [2006/02/27 16.55.44 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
PRC - [2002/07/18 22.59.50 | 00,046,080 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/20 15.48.51 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\SWSetup\Malware Tools\OTL.exe
MOD - [2007/04/24 15.22.12 | 00,112,400 | ---- | M] () -- C:\Programmi\Stardock\ObjectDock\DockShellHook.dll
MOD - [2006/08/25 17.51.10 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/21 09.43.14 | 00,053,248 | ---- | M] () -- C:\Programmi\Vista Inspirat 2\YzShadow\YzShadow.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 09.52.08 | 00,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 09.52.02 | 00,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/26 13.41.08 | 00,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/31 15.23.19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/18 17.27.12 | 00,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/28 18.07.48 | 00,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 17.29.12 | 00,877,864 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/10/19 13.21.16 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/24 11.15.14 | 00,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/19 22.46.55 | 00,085,096 | ---- | M] (Autodesk) [Auto | Running] -- C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/12/19 10.30.26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/09/29 13.48.06 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2006/05/02 15.41.28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2006/02/27 16.55.44 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2004/08/19 16.39.16 | 00,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003/07/28 12.28.22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/18 22.59.50 | 00,046,080 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = msproxy.elsag.it:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (it)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.46
FF - prefs.js..extensions.enabledItems: hidefindbar@jaredmcateer.com:1.3.1
FF - prefs.js..extensions.enabledItems: hidemenubar@moztw.org:1.0.20091221
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {772C5315-9ECA-4aad-81E6-2A3BB86ED14E}:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: toggleprivatebrowsing@supernova00.biz:1.8
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG9\Firefox [2010/03/17 21.35.54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programmi\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/24 22.19.34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/04/02 21.32.19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/04/02 21.32.19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2010/03/31 20.42.21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programmi\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/24 22.19.35 | 00,000,000 | ---D | M]

[2009/12/15 22.34.15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Extensions
[2009/12/15 22.34.15 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/02 21.35.42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions
[2010/03/11 22.30.32 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/03/21 21.42.34 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/11/02 12.27.32 | 00,000,000 | ---D | M] (Sanitisminau) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{772C5315-9ECA-4aad-81E6-2A3BB86ED14E}
[2009/08/04 21.41.56 | 00,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/01/27 22.56.10 | 00,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/10/12 22.37.44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/26 22.38.49 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/19 18.09.40 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/07/26 00.23.42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\fastdial@telega.phpnet.us
[2009/07/08 21.58.05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\hidefindbar@jaredmcateer.com
[2010/01/07 20.38.45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\hidemenubar@moztw.org
[2010/03/17 21.53.21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\personas@christopher.beard
[2009/11/02 12.27.32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\toggleprivatebrowsing@supernova00.biz
[2010/03/11 22.30.36 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2009/11/02 12.48.25 | 00,001,907 | ---- | M] () -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\searchplugins\flickr-tags.xml
[2009/08/12 22.27.52 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\searchplugins\imdb.xml
[2008/10/16 12.30.22 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Fabio\Dati applicazioni\Mozilla\Firefox\Profiles\trxah4bk.default\searchplugins\mozilla-add-ons.xml
[2010/04/02 21.35.42 | 00,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2009/09/12 17.43.00 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/08/24 21.02.19 | 00,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/02/19 23.05.43 | 00,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2009/08/24 21.02.19 | 00,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2009/08/24 21.02.19 | 00,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programmi\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programmi\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Rainmeter.lnk = C:\Programmi\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Documents and Settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\SpeedFan.lnk = C:\Programmi\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Documents and Settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\TransBar.lnk = C:\Programmi\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)
O4 - Startup: C:\Documents and Settings\Fabio\Menu Avvio\Programmi\Esecuzione automatica\Y'z Shadow.lnk = C:\Programmi\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programmi/AutoCAD%202002%20Ita/InstFred.ocx (InstaFred)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1247305945687 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247305930406 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programmi/AutoCAD%202002%20Ita/AcDcToday.ocx (Controllo AcDc oggi)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {AE563729-B4F5-11D4-A415-00108302FDFD} file:///C:/Programmi/AutoCAD%202002%20Ita/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} http://www.vincolimap.it/ecwplugins/ncs.cab (NCSLayeredView Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programmi/AutoCAD%202002%20Ita/AcPreview.ocx (Controllo AcPreview)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/26 21.28.34 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/02 19.53.23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
[2010/03/24 22.13.29 | 00,000,000 | ---D | C] -- C:\Programmi\DIFX
[2010/03/24 22.13.25 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/24 22.12.50 | 00,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010/03/24 22.12.50 | 00,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010/03/24 22.12.49 | 00,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/03/24 22.12.48 | 00,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/03/24 22.12.47 | 00,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/03/24 22.12.26 | 00,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/03/24 22.12.26 | 00,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/03/24 22.12.15 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/22 22.54.15 | 00,032,377 | ---- | C] (B-phreaks) -- C:\WINDOWS\System32\drivers\prodigy.sys
[2010/03/22 22.53.35 | 00,000,000 | ---D | C] -- C:\Programmi\Nokia
[2010/03/21 21.42.31 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/20 15.56.37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabio\Dati applicazioni\Nokia Ovi Suite
[2010/03/20 15.18.11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabio\Dati applicazioni\Nokia
[2010/03/20 11.38.18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\Nokia
[2010/03/20 11.37.59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\NokiaAccount
[2010/03/20 11.28.25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache
[2010/03/20 11.22.06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2010/03/20 11.22.00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fabio\Dati applicazioni\PC Suite
[2010/03/20 11.21.22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/19 23.06.35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
[2010/03/19 22.51.06 | 00,000,000 | ---D | C] -- C:\Programmi\PC Connectivity Solution
[2010/03/19 22.49.26 | 00,000,000 | ---D | C] -- C:\Programmi\File comuni\Nokia
[2010/03/19 22.47.07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2009/12/20 18.18.14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2009/12/20 18.18.14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2009/12/20 18.18.14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/04/02 22.33.44 | 03,906,815 | ---- | M] () -- C:\Documents and Settings\Fabio\Desktop\Combo-Fix.exe
[2010/04/02 22.30.00 | 00,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/02 22.20.53 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 22.19.40 | 00,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 22.19.29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 22.19.27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 22.10.00 | 00,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1425521274-839522115-1003UA.job
[2010/04/02 21.45.53 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{91389114-CD5E-4164-AD30-8C26582200E2}.job
[2010/04/02 21.19.56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/02 21.09.07 | 00,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1425521274-839522115-1003Core.job
[2010/04/02 19.08.54 | 58,412,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/01 23.16.40 | 14,942,208 | ---- | M] () -- C:\Documents and Settings\Fabio\ntuser.dat
[2010/04/01 23.16.17 | 00,000,306 | -HS- | M] () -- C:\Documents and Settings\Fabio\ntuser.ini
[2010/03/30 00.46.30 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00.45.52 | 00,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 19.05.10 | 00,206,336 | ---- | M] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/27 15.14.04 | 00,000,675 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/24 22.37.20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/20 11.21.22 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/20 11.21.17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/03/20 11.21.16 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

========== Files Created - No Company Name ==========

[2010/04/02 22.33.04 | 03,906,815 | ---- | C] () -- C:\Documents and Settings\Fabio\Desktop\Combo-Fix.exe
[2010/03/20 11.21.17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/03/20 11.21.16 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/14 22.52.51 | 00,016,504 | -HS- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\0kl2Qs8
[2010/02/23 22.26.15 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/05 14.30.03 | 01,100,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2009/09/24 16.40.31 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/08/03 16.07.42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/24 21.06.25 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/11 20.15.49 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/11 20.15.49 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/11 20.15.49 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/11 20.15.49 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/11 20.15.49 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/11 20.15.49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/10/11 09.44.27 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\KGyGaAvL.sys
[2008/10/11 09.44.27 | 00,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\6FE0FF607C.sys
[2008/06/06 21.56.24 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/15 22.21.56 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/12/09 19.23.01 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/10/31 17.17.30 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2007/10/31 17.17.30 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2007/10/16 14.06.33 | 00,000,160 | ---- | C] () -- C:\WINDOWS\render.ini
[2007/10/09 07.55.01 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/09 07.55.01 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/10/06 10.35.35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\FnF4.txt
[2007/07/22 14.35.46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/19 22.03.23 | 00,206,336 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/07 00.08.36 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2007/06/06 18.31.18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 18.18.24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2007/06/06 18.18.24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2007/06/06 18.18.24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fabio\Impostazioni locali\Dati applicazioni\AtStart.txt
[2007/06/06 18.08.31 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/06/06 17.58.27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/04/08 08.57.06 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/03/13 21.33.35 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006/02/27 16.51.36 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/19 15.35.38 | 00,874,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\iastor.sys
[2003/01/07 15.05.08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 22.29.04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/03/19 08.18.54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/11/23 17.18.00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12.56.00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/08 01.10.00 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[1996/04/03 21.33.26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2007/12/10 22.31.53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\2DBoy
[2008/11/09 18.23.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
[2009/12/20 18.21.12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2009/05/03 22.04.47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ConeXware
[2010/02/23 22.25.31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Lite
[2009/09/12 12.08.06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\hsswpr
[2010/03/24 22.13.31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2009/07/19 11.32.38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Karen's Power Tools
[2010/03/19 23.06.35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Nokia
[2010/03/20 11.28.25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\OviInstallerCache
[2010/03/20 11.22.06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
[2010/03/21 22.51.27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2010/01/05 17.32.44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Autodesk
[2007/11/16 21.53.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\AveDesk
[2010/02/23 22.58.50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\DAEMON Tools Lite
[2007/11/11 19.23.02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\DSound
[2010/02/16 23.25.05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Facebook
[2010/04/02 22.10.51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\foobar2000
[2007/11/30 12.12.36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Foxit
[2009/10/28 23.21.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\GuitarScalesV2.0B5C8B79A3CD562BA8F498C43C64CF1A50D3A5C9.1
[2007/03/02 11.51.23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\InfraRecorder
[2010/02/27 11.24.05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\inkscape
[2007/06/07 01.14.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\InterVideo
[2009/07/25 14.39.06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
[2007/06/07 20.37.56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Juce VST Host
[2009/05/17 16.01.42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\MobileAction
[2010/01/02 18.01.48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Mp3tag
[2010/03/24 22.33.51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Nokia
[2010/03/20 15.56.37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Nokia Ovi Suite
[2010/03/20 15.47.41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\PC Suite
[2010/01/08 22.39.24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Rainmeter
[2009/09/16 20.26.45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\ScummVM
[2009/02/25 22.06.29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\SoundSpectrum
[2009/12/15 22.34.14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Thunderbird
[2010/04/01 21.49.04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\uTorrent
[2008/11/05 12.42.06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fabio\Dati applicazioni\Windows Search
[2010/04/02 21.45.53 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{91389114-CD5E-4164-AD30-8C26582200E2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E965A533
< End of report >


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:01 AM

Posted 07 April 2010 - 07:36 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki man acch?
Yadi thak, tahal
Ki kshama kart paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 14 April 2010 - 06:10 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users