ecco il file:
ComboFix 10-01-27.05 - Administrator 28/01/2010 15.21.32.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1544 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Download\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-12-28 al 2010-01-28 )))))))))))))))))))))))))))))))))))
.
2010-01-28 13:24 . 2010-01-28 13:24 -------- d-----w- c:\programmi\File comuni\xing shared
2010-01-28 13:24 . 2010-01-28 13:24 -------- d-----w- c:\programmi\Real
2010-01-28 13:24 . 2010-01-28 13:25 -------- d-----w- c:\programmi\File comuni\Real
2010-01-28 13:08 . 2010-01-28 13:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2010-01-28 13:08 . 2010-01-28 13:09 -------- d-----w- c:\programmi\Winamp
2010-01-27 16:16 . 2010-01-27 16:16 -------- d-----w- c:\programmi\Trend Micro
2010-01-27 14:44 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 14:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-27 14:27 . 2004-08-19 13:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2010-01-27 14:27 . 2001-08-30 22:07 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-27 14:27 . 2004-08-19 13:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-01-27 14:27 . 2004-08-19 13:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-01-27 14:27 . 2004-08-19 13:00 171520 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-01-27 14:27 . 2004-08-19 13:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-01-27 14:27 . 2004-08-19 13:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-01-27 14:27 . 2004-08-19 13:00 15360 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-01-27 13:39 . 2010-01-27 13:55 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\IObitCom
2010-01-27 13:39 . 2010-01-27 20:08 -------- d-----w- c:\programmi\IObitCom
2010-01-27 13:38 . 2010-01-27 13:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\IObit
2010-01-27 13:38 . 2010-01-27 13:38 -------- d-----w- c:\programmi\IObit
2010-01-21 13:03 . 2009-12-21 19:06 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 13:03 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 13:03 . 2009-12-21 19:06 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-01-21 13:03 . 2009-12-21 19:06 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-01-21 13:03 . 2009-12-21 19:06 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 13:03 . 2009-12-21 19:06 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 13:03 . 2009-12-21 19:06 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-01-21 13:03 . 2009-12-21 19:06 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 13:03 . 2009-12-21 13:20 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-01-21 13:03 . 2009-12-21 19:06 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-01-21 13:03 . 2009-12-21 19:06 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-20 15:15 . 2010-01-20 15:16 -------- d-----w- c:\programmi\DustBuster
2010-01-18 19:32 . 2010-01-18 19:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-18 12:37 . 2010-01-18 12:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-13 12:37 . 2009-10-15 16:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-13 12:37 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-09 16:01 . 2010-01-09 16:01 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AlcaTech
2010-01-09 16:01 . 2010-01-09 16:03 126464 ----a-w- c:\windows\system32\Setup.dll
2010-01-09 16:01 . 2010-01-09 16:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AlcaTech
2010-01-08 15:27 . 2010-01-08 15:28 -------- dc-h--w- c:\windows\ie8
2010-01-08 11:16 . 2010-01-08 11:16 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-08 11:16 . 2010-01-08 11:16 -------- d-----w- c:\programmi\MSBuild
2010-01-08 11:15 . 2010-01-08 11:15 -------- d-----w- c:\programmi\Reference Assemblies
2010-01-08 11:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-08 11:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-08 11:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-08 11:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-08 11:14 . 2010-01-08 11:15 -------- d-----w- C:\5520caff0b684e20f7b72e75b18c
2010-01-08 11:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-07 16:45 . 2010-01-07 16:46 -------- d-----w- C:\abc27347a
2010-01-07 16:44 . 2010-01-07 16:44 -------- d-----w- C:\abc295a
2010-01-07 16:40 . 2010-01-07 16:40 -------- d-----w- C:\abc21603a
2010-01-07 16:39 . 2010-01-07 16:39 -------- d-----w- C:\abc21075a
2010-01-07 16:38 . 2010-01-07 16:38 -------- d-----w- C:\abc
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 13:24 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-28 13:24 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-28 13:18 . 2008-03-23 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-27 20:08 . 2009-07-06 10:46 -------- d-----w- c:\programmi\Ask.com
2010-01-27 16:34 . 2009-03-24 18:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-01-21 13:03 . 2009-08-19 22:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Vso
2010-01-18 19:34 . 2010-01-17 22:13 79488 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 12:35 . 2004-08-19 08:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-01-17 14:50 . 2009-09-10 15:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-17 13:40 . 2010-01-17 13:39 1924200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-13 15:19 . 2009-12-27 12:23 -------- d-----w- c:\programmi\Native Instruments
2010-01-10 11:43 . 2009-05-27 17:23 -------- d-----w- c:\programmi\Wisdom-soft ScreenHunter 5 Free
2010-01-10 11:43 . 2009-06-10 09:42 -------- d-----w- c:\programmi\VDOWNLOADER
2010-01-10 11:43 . 2008-05-20 19:37 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-01-10 11:43 . 2007-04-17 20:41 -------- d-----w- c:\programmi\QuickTime
2010-01-10 11:43 . 2009-12-21 15:44 -------- d-----w- c:\programmi\Lame for Audacity
2010-01-10 11:43 . 2008-05-19 09:15 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2010-01-10 11:43 . 2008-03-25 20:37 -------- d-----w- c:\programmi\Microsoft .NET Compact Framework 1.0 SP3
2010-01-10 11:43 . 2009-09-04 17:47 -------- d-----w- c:\programmi\Audacity 1.3 Beta (Unicode)
2010-01-10 11:43 . 2009-04-17 18:43 -------- d-----w- c:\programmi\Falco Chess
2010-01-10 11:43 . 2009-01-07 21:12 -------- d-----w- c:\programmi\DISK1
2010-01-10 10:55 . 2004-08-30 10:50 88896 ----a-w- c:\windows\system32\perfc010.dat
2010-01-10 10:55 . 2004-08-30 10:50 504052 ----a-w- c:\windows\system32\perfh010.dat
2010-01-08 13:20 . 2009-07-14 08:20 -------- d-----w- c:\programmi\Alfaseeker
2010-01-08 11:22 . 2007-02-09 15:59 138296 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-07 19:05 . 2009-02-05 19:38 -------- d-----w- c:\programmi\Download-ES
2010-01-07 13:17 . 2009-02-21 13:11 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-05 15:30 . 2009-07-31 22:08 -------- d-----w- c:\programmi\File comuni\Nero
2010-01-05 15:29 . 2009-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-12-29 19:43 . 2008-01-19 12:08 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2009-12-28 14:17 . 2009-12-28 14:16 -------- d-----w- c:\programmi\GfedEuroit73F
2009-12-24 17:26 . 2009-12-24 17:26 -------- d-----w- c:\programmi\ESET
2009-12-24 17:18 . 2009-11-18 10:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESET
2009-12-23 11:26 . 2009-12-23 11:26 -------- d-----w- c:\programmi\SlySoft
2009-12-22 16:08 . 2009-12-22 16:08 253952 ------w- c:\windows\Setup1.exe
2009-12-22 16:08 . 2009-12-22 16:08 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-12-22 13:26 . 2009-06-28 19:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Audacity
2009-12-21 19:06 . 2004-08-19 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 16:16 . 2009-03-21 21:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2009-12-18 16:14 . 2009-05-27 16:57 -------- d-----w- c:\programmi\GIMP-2.0
2009-12-17 16:08 . 2009-11-11 12:02 -------- d-----w- c:\programmi\VS Revo Group
2009-12-02 15:10 . 2009-12-02 15:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-30 14:28 . 2008-05-14 19:22 -------- d-----w- c:\programmi\Windows Live
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001900003i\ngen.exe
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001100002i\mscorsvw.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001f00002i\crashreporter.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000df00002i\firefox.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000800002i\wlcomm.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\18000001d00003i\netsh.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000013800002i\WindowsLiveSync.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001700003i\taskkill.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000007900002i\DXSETUP.exe
2009-11-25 14:00 . 2009-11-25 14:00 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001e00002i\WindowsXP-KB954708-x86-ENU.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001b00002i\msiexec.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000022b100002i\nd34f5.exe
2009-11-21 15:54 . 2004-08-19 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 04:30 . 2009-11-14 04:30 70144 ----a-w- c:\windows\system32\mmrtkrnl.exe
2009-11-14 04:30 . 2009-11-14 04:30 480256 ----a-w- c:\windows\system32\mmrtkrnl.dll
2009-11-04 15:49 . 2010-01-27 13:38 635664 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\IObit\Common\TB_Helper.exe
2009-03-16 12:36 . 2009-03-16 12:36 13264160 ----a-w- c:\programmi\dxnt.cab
2009-03-16 12:36 . 2009-03-16 12:36 1155483 ----a-w- c:\programmi\BDANT.cab
2009-03-16 12:36 . 2009-03-16 12:36 975148 ----a-w- c:\programmi\BDAXP.cab
2009-03-16 12:36 . 2009-03-16 12:36 95296 ----a-w- c:\programmi\dxupdate.cab
2009-03-16 12:36 . 2009-03-16 12:36 1691464 ----a-w- c:\programmi\dsetup32.dll
2009-03-16 12:36 . 2009-03-16 12:36 44444 ----a-w- c:\programmi\dxdllreg_x86.cab
2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\programmi\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\programmi\DSETUP.dll
2008-07-18 18:42 . 2008-07-17 16:13 38860944 ----a-w- c:\programmi\GoogleSketchUpWIT.exe
2000-04-04 16:13 . 2009-01-07 21:12 13277 ----a-w- c:\programmi\FB63U.CAT
2000-04-04 16:12 . 2009-01-07 21:12 14605 ----a-w- c:\programmi\FB63UNT.CAT
2000-03-27 11:49 . 2009-01-07 21:12 5381 ----a-w- c:\programmi\FB63u.inf
2009-06-05 10:31 . 2009-06-05 10:31 8 --sh--r- c:\windows\system32\6A317A8ED6.sys
2009-06-05 10:31 . 2009-06-05 10:30 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2010-01-18 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-02-25 16:52 . 2004-01-14 01:10 409600 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE
2007-02-09 13:01 . 2005-11-08 10:59 184320 c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe
2006-06-15 11:36 . 2006-06-15 11:36 229376 c:\programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
2007-02-16 08:54 . 2007-02-16 08:54 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-01-05 14:18 . 2009-01-05 14:18 413696 c:\programmi\QuickTime\QTTask.exe
2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\SynTPEnh.exe
2007-02-13 21:30 . 2007-02-13 21:30 40960 c:\windows\bak\NCLAUNCH.EXe
2007-02-13 21:30 . 2008-05-23 12:06 40960 c:\windows\NCLAUNCH.EXe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-05-23 40960]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe" [2005-11-08 184320]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Realtime Audio Engine"="mmrtkrnl.exe" [2009-11-14 70144]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-01-28 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 66864]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
c:\windows\system32\drivers\svchost.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitLord2\\BitLord.exe"=
"c:\\Programmi\\WIDCOMM\\Software Bluetooth\\bin\\btwdins.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Programmi\\iPod\\bin\\iPodService.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4760:TCP"= 4760:TCP:htivodh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20.53.28 34824]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11.03.18 169312]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 9.00.00 14336]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20.51.16 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/01/2009 21.50.43 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
S2 gupdate1ca2240a5d49d0a;Servizio di Google Update (gupdate1ca2240a5d49d0a);c:\programmi\Google\Update\GoogleUpdate.exe [21/08/2009 10.20.30 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 9.00.00 25600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]
2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]
2010-01-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-01-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-01-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=FF - component: c:\programmi\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-28 15:29
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x89D06530]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf735ecb8
\Driver\atapi -> atapi.sys @ 0xf72d2852
\Driver\iaStor -> iaStor.sys @ 0xf7208b58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0x89cedbb0
PacketIndicateHandler -> NDIS.sys @ 0x89cdca0d
SendHandler -> NDIS.sys @ 0x89cf0b40
user & kernel MBR OK
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1987944545-1339218757-4151644466-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,1d,0e,6d,ba,27,28,4e,a6,75,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,1d,0e,6d,ba,27,28,4e,a6,75,6d,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msi.dll
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(8660)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\COMRes.dll
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\mmrtkrnl.exe
c:\programmi\iPod\bin\iPodService.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-28 15:37:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-28 14:37
ComboFix2.txt 2010-01-08 11:41
ComboFix3.txt 2010-01-06 17:06
Pre-Run: 13.522.960.384 byte disponibili
Post-Run: 13.534.228.480 byte disponibili
- - End Of File - - AA105FD9072AA032733B98CB43BD7AF4