Tempi lunghissimi per vedere il desktop

ComboFix 09-06-07.07 - Sony 12/06/2009 22.22.00.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.39.1040.18.2046.1221 [GMT 2:00]
Eseguito da: c:\users\Sony\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Creati Da 2009-05-12 al 2009-06-12  )))))))))))))))))))))))))))))))))))
.

2009-06-12 20:27 . 2009-06-12 20:27   --------   d-----w-   C:\temp
2009-06-12 20:27 . 2009-06-12 20:27   --------   d-----w-   \temp
2009-06-12 20:27 . 2009-06-12 20:27   --------   d-----w-   c:\users\Sony\AppData\Local\temp
2009-06-12 19:11 . 2009-06-12 20:28   --------   d-s---w-   \ComboFix
2009-06-12 18:44 . 2009-06-12 18:44   --------   d-----w-   c:\program files\iPod
2009-06-12 18:44 . 2009-06-12 18:44   --------   d-----w-   c:\program files\iTunes
2009-06-12 18:42 . 2009-06-12 18:42   --------   d-----w-   c:\program files\QuickTime
2009-06-12 18:41 . 2009-06-12 19:10   --------   d-sh--w-   \Config.Msi
2009-06-12 18:22 . 2009-06-12 18:22   75048   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-09 21:48 . 2009-05-09 05:50   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-06-09 21:48 . 2009-05-09 05:34   71680   ----a-w-   c:\windows\system32\iesetup.dll
2009-06-09 21:44 . 2009-04-21 11:55   2033152   ----a-w-   c:\windows\system32\win32k.sys
2009-06-09 21:44 . 2009-04-23 12:43   784896   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-06-09 21:44 . 2009-04-23 12:42   636928   ----a-w-   c:\windows\system32\localspl.dll
2009-06-07 18:13 . 2008-12-03 23:25   120832   ----a-w-   c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\byrcnqsy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-05 22:02 . 2009-06-05 22:02   --------   d-----w-   c:\users\Public\Materiale tesi
2009-06-04 16:57 . 2009-06-04 16:57   --------   d-----w-   C:\Click to DVD 2
2009-06-04 16:57 . 2009-06-04 16:57   --------   d-----w-   \Click to DVD 2
2009-05-24 22:19 . 2008-02-22 13:33   14976   ----a-w-   c:\windows\system32\drivers\sscdmdfl.sys
2009-05-24 22:19 . 2008-02-22 13:33   12160   ----a-w-   c:\windows\system32\drivers\sscdwhnt.sys
2009-05-24 22:19 . 2008-02-22 13:33   12160   ----a-w-   c:\windows\system32\drivers\sscdwh.sys
2009-05-24 22:19 . 2008-02-22 13:33   114304   ----a-w-   c:\windows\system32\drivers\sscdmdm.sys
2009-05-24 22:19 . 2008-02-22 13:33   87936   ----a-w-   c:\windows\system32\drivers\sscdbus.sys
2009-05-24 22:19 . 2008-02-22 13:33   12160   ----a-w-   c:\windows\system32\drivers\sscdcmnt.sys
2009-05-24 22:19 . 2008-02-22 13:33   12160   ----a-w-   c:\windows\system32\drivers\sscdcm.sys
2009-05-24 22:16 . 2009-05-24 22:23   --------   d-----w-   c:\windows\system32\Samsung_USB_Drivers
2009-05-24 22:14 . 2009-05-27 22:35   --------   d-----w-   c:\users\Sony\AppData\Roaming\Samsung
2009-05-24 22:11 . 2009-05-24 22:31   5632   ----a-w-   c:\windows\system32\drivers\StarOpen.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 19:16 . 2006-11-06 01:52   735630   ----a-w-   c:\windows\system32\perfh010.dat
2009-06-12 19:16 . 2006-11-06 01:52   150898   ----a-w-   c:\windows\system32\perfc010.dat
2009-06-12 19:10 . 2009-01-08 15:19   2143764480   --sha-w-   \hiberfil.sys
2009-06-12 19:10 . 2008-05-08 21:37   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-06-12 19:08 . 2007-07-24 12:01   4706   ----a-w-   c:\windows\bthservsdp.dat
2009-06-12 19:08 . 2008-05-08 21:37   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2009-06-12 18:44 . 2008-04-18 15:41   --------   d-----w-   c:\program files\Common Files\Apple
2009-06-11 20:38 . 2008-04-18 15:46   --------   d-----w-   c:\users\Sony\AppData\Roaming\foobar2000
2009-06-10 16:17 . 2008-05-09 09:24   --------   d-----w-   c:\users\Sony\AppData\Roaming\Skype
2009-06-10 15:22 . 2009-03-11 14:28   --------   d-----w-   c:\users\Sony\AppData\Roaming\skypePM
2009-06-09 22:03 . 2007-07-25 11:44   --------   d-----w-   c:\programdata\Microsoft Help
2009-05-31 22:36 . 2009-01-06 23:42   --------   d-----w-   c:\users\Sony\AppData\Roaming\vlc
2009-05-31 22:36 . 2009-01-06 21:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-05-31 22:10 . 2009-03-02 01:19   3371383   ----a-w-   c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-31 22:09 . 2008-05-11 21:33   --------   d-----w-   c:\program files\SpywareBlaster
2009-05-27 22:39 . 2008-07-20 22:04   --------   d-----w-   c:\users\Sony\AppData\Roaming\UpdateStar
2009-05-27 22:35 . 2007-07-24 12:47   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-05-26 11:20 . 2009-01-06 21:35   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-01-06 21:35   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-05-24 17:17 . 2008-10-11 09:13   183800   ----a-w-   c:\users\Sony\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-14 18:41 . 2008-07-24 10:17   --------   d-----w-   c:\users\Sony\AppData\Roaming\XnView
2009-05-13 16:04 . 2009-05-13 16:04   864496   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\de\ustarrs.dll
2009-05-13 16:04 . 2009-05-13 16:04   856304   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\en\ustarrs.dll
2009-05-13 16:04 . 2009-05-13 16:04   4690160   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\UpdateStar.exe
2009-05-13 16:03 . 2009-05-13 16:03   269824   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\UstarRO64.exe
2009-05-13 16:02 . 2009-05-13 16:02   192512   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\UstarRO32.exe
2009-05-13 15:59 . 2009-05-13 15:59   868352   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\uk\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   868352   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\sv\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   872448   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\sk\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   868352   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\ru\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   876544   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\ro\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   839680   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\pt\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   872448   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\pl\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   872448   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\nl\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   847872   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\ja\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   872448   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\it\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   868352   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\hu\ustarrs.dll
2009-05-13 15:59 . 2009-05-13 15:59   839680   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\fr\ustarrs.dll
2009-05-13 15:58 . 2009-05-13 15:58   872448   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\Es\ustarrs.dll
2009-05-13 15:58 . 2009-05-13 15:58   868352   ----a-w-   c:\users\Sony\AppData\Roaming\UpdateStar\lang\Cs\ustarrs.dll
2009-05-13 15:12 . 2009-01-14 22:40   186320   ----a-w-   c:\users\Sony\AppData\Roaming\nvModes.dat
2009-05-10 18:31 . 2007-07-25 11:50   --------   d-----w-   c:\program files\Sony
2009-05-10 18:16 . 2009-05-10 18:16   --------   d-----w-   c:\users\Sony\AppData\Roaming\InstallShield
2009-05-10 18:09 . 2009-04-30 21:53   --------   d-----w-   c:\program files\Google
2009-05-10 18:07 . 2008-05-18 12:07   --------   d-----w-   c:\program files\DNA Digital Media Group
2009-05-08 18:08 . 2009-05-08 18:08   --------   d-----w-   c:\program files\PC Connectivity Solution
2009-05-08 18:02 . 2008-05-06 08:08   --------   d-----w-   c:\program files\Nokia
2009-05-08 18:02 . 2008-05-06 08:07   --------   d-----w-   c:\programdata\Installations
2009-05-08 18:01 . 2009-05-08 18:01   8192   ----a-w-   c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-08 18:01 . 2009-05-08 18:01   61440   ----a-w-   c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-08 18:01 . 2009-05-08 18:01   10240   ----a-w-   c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-08 18:01 . 2009-05-08 18:02   34447128   ----a-w-   c:\programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ita.exe
2009-05-06 22:51 . 2009-05-06 22:51   604416   ----a-w-   c:\windows\system32\TUProgSt.exe
2009-05-06 22:51 . 2009-05-06 22:51   361216   ----a-w-   c:\windows\system32\TuneUpDefragService.exe
2009-05-06 22:50 . 2009-04-07 13:59   --------   d-----w-   c:\program files\TuneUp Utilities 2009
2009-05-05 21:24 . 2009-04-22 18:51   --------   d-----w-   c:\users\Sony\AppData\Roaming\Dropbox
2009-04-29 15:35 . 2009-04-29 15:35   --------   d-----w-   c:\program files\Microsoft Works
2009-04-27 17:55 . 2009-04-07 14:10   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2009-04-27 17:55 . 2009-04-07 14:10   55640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-04-27 12:21 . 2009-05-06 22:51   17152   ----a-w-   c:\windows\system32\authuitu.dll
2009-04-27 12:21 . 2009-05-06 22:51   28928   ----a-w-   c:\windows\system32\uxtuneup.dll
2009-04-23 18:12 . 2007-07-25 11:49   --------   d-----w-   c:\program files\Common Files\Adobe
2009-04-23 17:58 . 2009-04-23 17:58   --------   d-----w-   c:\program files\Tracker Software
2009-04-22 20:21 . 2009-04-22 20:21   --------   d-----w-   c:\programdata\Sync App Settings
2009-04-22 20:21 . 2009-04-22 20:21   --------   d-----w-   c:\program files\Allway Sync
2009-04-22 18:52 . 2009-04-22 18:51   --------   d-----w-   c:\program files\Dropbox
2009-04-19 09:08 . 2009-04-19 09:08   --------   d-----w-   c:\program files\Common Files\Logitech
2009-04-19 09:05 . 2009-04-19 09:05   --------   d-----w-   c:\users\Sony\AppData\Roaming\Logitech
2009-03-19 14:32 . 2009-04-10 15:17   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 14:32 . 2009-03-19 14:32   23400   ----a-w-   c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-20 10:45   13824   ----a-w-   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-20 10:45   24064   ----a-w-   c:\windows\system32\amxread.dll
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20   143360   ----a-w-   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20   143360   ----a-w-   c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20   143360   ----a-w-   c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 06:33   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LaCie Backup"=c:\program files\LaCie\Backup Software\\LaCieBackup.exe /background
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"UpdateStar"=c:\users\Sony\AppData\Roaming\UpdateStar\UpdateStar.exe -A
"Auslogics BoostSpeed 4"=c:\program files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AliceRV_McciTrayApp"=c:\program files\Alice ti aiuta\McciTrayApp.exe
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{39CB5D5C-7BBB-4BBA-9514-B98F19F05C53}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{850727C7-055E-45D1-B5E7-8173D510CA6F}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{117FE243-B09B-4BE7-BC2F-CB7CEF959B11}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF8A06D4-14DF-47B5-BC9B-9FAAAB5316CD}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9048EE8C-9503-4BEA-BE69-EAC53B58EB80}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{56CCEF6C-9605-4D1D-9459-D734C6B736F7}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2E0B0465-2F53-43CF-8E12-89F6E9D1AC0C}"= TCP:4672:EmuleUDP
"{3A0CFE84-100B-46D8-91F0-A70FCAE0F447}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CEC35BFB-899E-40E9-9B12-49981CE8E702}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{366F4830-8007-41F9-A51F-2C79DADFC3DB}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A8B34FF5-5222-45B5-82C3-8CE80A0CDE00}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{27DC6199-3269-4EE1-9612-4608BF6B6027}"= UDP:4662:EmuleTCP
"{C30153A7-C2FC-461C-9241-1FDC58C5C29D}"= UDP:64333:Emule AO TCP
"{4AE7465B-2ECC-49EF-A61E-60CD21FE664A}"= TCP:35077:Emule AO UDP
"TCP Query User{A3415D7B-1765-44C8-8020-FBF32CD76A39}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{C5DB5FB0-AEB1-4068-B616-B7241F68F678}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{46D5F55E-6800-4992-89EC-5A6521DC55CF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{EFA943D1-CAF6-47CD-A009-2BB2D42C4CB6}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{6AAD0758-9844-45B3-9714-1F011641A60F}"= UDP:43516:UtorrentTCP
"{C64A0703-2C42-44DF-987D-EC4BA3E51094}"= TCP:43516:UtorrentUDP
"{9CA159BF-B1A0-40F1-9314-5D801733692B}"= UDP:c:\program files\eMule\emule.exe:eMule
"{C055492A-F172-4CC4-B769-CFD4F81F5DD9}"= TCP:c:\program files\eMule\emule.exe:eMule
"TCP Query User{467CA3A0-EB53-4425-BCD8-EEBFCAE6F8F6}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{0BB75DCD-6E56-4639-974E-EFC0512384E1}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{88BE4723-D4A7-45D4-AE62-49A0050196DB}i:\\programmi penna\\installazioni\\amsnportable\\app\\amsn\\bin\\wish.exe"= UDP:i:\programmi penna\installazioni\amsnportable\app\amsn\bin\wish.exe:Wish Application
"UDP Query User{D64A715C-B14B-4B56-A3A0-FFA0EE1E1A74}i:\\programmi penna\\installazioni\\amsnportable\\app\\amsn\\bin\\wish.exe"= TCP:i:\programmi penna\installazioni\amsnportable\app\amsn\bin\wish.exe:Wish Application
"{A7C82A59-1F35-4E07-9509-AA75D9B78741}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{DF749FCC-1970-455A-B609-A96003EED80C}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{EB0ED9AE-977B-4508-8C1E-616AF056B996}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{E95EB512-EAF8-49A7-BABA-2C474F1D9F54}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{3E925059-AE37-44C3-A496-E8ECE5FE44DC}"= Disabled:UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{55E68BF1-B25F-4EC4-8DD4-F1FEAD532AAE}"= Disabled:TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{F5C652CC-8652-4192-BC55-349D952AB5C2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DA21162C-2362-43EB-8022-6FD2CBB298FE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C3B77E5C-2D81-498A-B3AC-5BAF560290D5}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{DBD98B8D-017A-4A29-BA66-C05955A3FA51}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{06331CF7-1F78-4BC5-91FC-E43C8C0299FA}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{FED9FD2A-C928-4E99-8E7A-6D74680E103D}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{B9EAAD41-C0B1-4C81-BDBD-8B904B576AA0}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{5FA0AE94-5F5A-4241-A3C3-BE270BD53701}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{9B7C813C-6D8C-45DD-BEDC-9D0ACC05E0F6}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{47FCD720-7399-47F7-8240-701049D71371}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{D3D7943E-52B9-4304-83A9-F6C0E4E3D2F4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{08E5D2B6-46BE-4BD0-914E-32C407C199CD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1A13CC4C-FB10-4489-80B4-DEABF3014087}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{2260E8A4-E2B1-40DC-8D7F-44D52C06C0FD}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{CB08DEFD-B3F9-4DF5-902D-4C70D3DA3357}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2C962DD3-2B25-476D-9064-68EAF04920E6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/04/2009 16.10.27 108289]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20.09.28 11032]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [11/10/2008 10.25.29 292152]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\System32\drivers\R5U870FLx86.sys [24/07/2007 3.47.35 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\System32\drivers\R5U870FUx86.sys [24/07/2007 3.47.36 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [24/07/2007 22.21.42 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [24/07/2007 14.52.25 28464]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [03/11/2008 21.29.19 1527900]
S3 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [07/05/2009 0.51.29 604416]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [11/10/2008 10.29.58 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [11/10/2008 10.29.58 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [11/10/2008 10.29.58 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [10/06/2008 0.54.50 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-12 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:55]

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{2B8B5EF3-9F63-4BA4-AE86-219F30FF802F}.job
- c:\windows\system32\msfeedssync.exe [2009-04-11 11:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

SafeBoot-procexp90.Sys


.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: Compila Modulo - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Personalizza - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
TCP: {74028EC5-4818-4AB5-B327-C28B8B6D8CE0} = 85.17.37.8,85.38.28.73
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\byrcnqsy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 22:27
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Sony\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4263212027-3121851166-1741813116-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,bc,01,39,f0,4d,00,20,d1,56,c5,3c,58,cc,48,88,1d,65,51,77,a3,46,0b,
   89,9f,87,5b,1d,71,98,04,4b,ca,3e,83,98,22,9a,d9,7a,1f,40,a1,50,6e,01,da,27,\
"??"=hex:51,e3,4e,1e,27,8e,05,0c,62,09,4a,59,68,78,c0,ed

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,7b,12,53,25,
   66,01,9a,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,54,83,8d,d3,fb,
   fa,1f,ea,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3a,67,73,32,16,
   83,62,04,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,e7,f5,67,a3,c5,
   b1,60,8e,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,77,5d,e2,3a,c6,
   54,3f,a0,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,88,5d,f8,de,1b,
   01,2a,ad,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,77,38,79,ad,93,
   37,a1,31,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,27,1f,81,4b,9b,
   71,e5,e9,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,be,47,b9,ab,cf,
   5f,53,4c,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,fa,00,fe,40,aa,
   c7,a2,1d,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,f6,19,28,0a,87,
   ca,5b,67,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,7e,d0,29,65,d4,
   b7,42,c9,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(336)
c:\program files\Dropbox\DropboxExt.dll
.
Ora fine scansione: 2009-06-12 22.30.55
ComboFix-quarantined-files.txt  2009-06-12 20:30

Pre-Run: 104.844.348.416 byte disponibili
Post-Run: 114.253.079.552 byte disponibili

411   --- E O F ---   2009-06-09 22:03