Fatto!
Ecco il risultato:
ComboFix 12-05-20.01 - Giuseppe 20/05/2012 10.44.18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2347 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Giuseppe\Dati applicazioni\Toolbar4
c:\documents and settings\Giuseppe\en_res.dll
c:\documents and settings\Giuseppe\es_res.dll
c:\documents and settings\Giuseppe\fr_res.dll
c:\documents and settings\Giuseppe\grm_res.dll
c:\documents and settings\Giuseppe\it_res.dll
c:\documents and settings\Giuseppe\jp_res.dll
c:\documents and settings\Giuseppe\mfc80u.dll
c:\documents and settings\Giuseppe\msvcr80.dll
c:\documents and settings\Giuseppe\PCPE Setup.exe
c:\documents and settings\Giuseppe\pt_res.dll
c:\documents and settings\Giuseppe\ResourceReader.dll
c:\documents and settings\Giuseppe\ru_res.dll
c:\documents and settings\Giuseppe\WINDOWS
c:\documents and settings\Giuseppe\zh_res.dll
c:\windows\system32\bacdccb7_d.dll
c:\windows\system32\drivers\uqqxggfcmfqn.sys
c:\windows\system32\SET212.tmp
c:\windows\system32\SET217.tmp
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uqqxggfcmfqn
-------\Service_uqqxggfcmfqn
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-20 al 2012-05-20 )))))))))))))))))))))))))))))))))))
.
.
2012-05-20 07:40 . 2012-05-20 07:40 388096 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 07:29 . 2012-05-20 07:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2012-05-20 07:20 . 2012-05-20 07:20 -------- d-----w- c:\programmi\HitmanPro
2012-05-19 01:09 . 2012-05-19 01:09 -------- d-----w- C:\AMD
2012-05-10 23:49 . 2012-05-20 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2012-04-25 15:52 . 2012-04-25 15:52 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-04-25 15:51 . 2012-04-25 15:51 157352 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 15:51 . 2012-04-25 15:51 129976 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice.exe
2012-04-20 16:46 . 2012-04-20 16:49 -------- d-----w- c:\programmi\Toolbar Cleaner
2012-04-20 16:38 . 2012-05-20 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SweetIM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 00:28 . 2012-03-30 03:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 00:28 . 2011-05-16 02:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:08 . 2012-02-07 06:43 13338112 ----a-w- c:\documents and settings\Giuseppe\PCPE_3.0.1.msi
2012-05-04 05:30 . 2011-12-16 11:14 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 05:30 . 2010-12-24 16:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 05:30 . 2010-04-15 15:56 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:51 . 2004-08-19 15:34 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2007-04-04 08:36 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2004-08-19 14:34 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-05 23:10 . 2009-03-30 15:30 564632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-05 23:09 . 2009-03-30 15:20 19352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 13:56 . 2012-04-10 12:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00 . 2004-08-19 14:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 14:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 14:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-19 14:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-19 14:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-19 14:26 385024 ----a-w- c:\windows\system32\html.iec
2012-04-25 15:51 . 2011-03-24 17:07 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\programmi\XviD\CheckUpdate.exe" [2011-01-17 8192]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2012-04-28 2042368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2002-08-29 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2002-08-29 332288]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\programmi\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^desktop.ini]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
backup=c:\windows\pss\desktop.iniStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Giuseppe\\Documenti\\EMM\\eXtreme Movie Manager 7\\eXtreme Movie Manager.exe"=
"c:\\Programmi\\eMule0.50a\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 15.32.56 64288]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [06/12/2008 18.08.24 971584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13.23.20 11352]
R2 APC Data Service;APC Data Service;c:\programmi\APC\PowerChute Personal Edition\dataserv.exe [24/01/2012 16.21.22 21880]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/10/2010 16.37.47 12184]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [10/04/2012 14.04.07 654408]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [18/12/2008 2.40.10 1004888]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [03/04/2012 7.54.19 38608]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18.34.46 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/04/2012 14.04.06 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [05/04/2012 11.37.38 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 5.16.25 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/01/2011 8.19.16 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 17.52.03 129976]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:28]
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-05-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2012-05-20 c:\windows\Tasks\User_Feed_Synchronization-{7AA169F3-ED11-4235-A0F7-04CFAA16432D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
TCP: Interfaces\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} -
hxxp://77.238.10.103/velox/services/sta ... taller.cabDPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} -
hxxp://www.myheritage.it/Genoogle/Compo ... eQuery.dllDPF: {9B479D7B-916A-45B0-B042-D42865A60E21} -
hxxp://leganavcastell.dyndns.org:81/DvrOcx.cabFF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\5g8uwzs9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL -
hxxp://search.sweetim.com/search.asp?sr ... 0002002&q=FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl -
hxxp://mystart.Incredibar.com/?a=6R8nTf ... 26&search=FF - user.js: extensions.incredibar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.incredibar_i.instlDay - 15424
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8nTfwDoP
FF - user.js: extensions.incredibar_i.upn2n - 92824074812577647
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-PoService - (no file)
SafeBoot-aawservice
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-05-20 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD5A1DE6-3F85-08CE-B7C9-C8C8EB0B0C8B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naibieeggcmdikdkkmdiepiogncp"=hex:6a,61,65,68,6d,64,6e,6b,65,6c,63,6c,6c,65,
61,6e,68,6e,6f,63,00,fa
"macpgcahekfbimeaflaeighjnd"=hex:69,61,64,68,6d,6d,64,66,6b,6f,69,64,61,69,6a,
70,6c,68,00,00
"naebaoobaiobgcoldkjhiobhciff"=hex:62,61,6f,67,00,8f
"abebaphjkjgbnfkcnhpnnmolpjpdmdapai"=hex:61,61,00,00
"mafbmfkamolfmceimbichofgad"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="33B2004865E08CA8D0144217DFCB979398FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67941254F44A2643D69DBD4BAA3ED5250B64FACBE16B738B1BE3E72AF98D3CD88D8F31EA5C0E0286ABD90E3A866E4EB0F06F137D5AD1E0A6C683D3F0C30E731592ABD058ADC8D63C0CC839B9C53155B575FEFAAE923EEECA0B43A342D583655AD77792DE420F8BD24F0F74CD7F6376B3BACF1A437EF470A77599148221BAC5A9F8BE27042757D93CB973863C7C4690AD54436EE3469E07F2089FF85A49681E8885F6D6921FFDCE6E0AE24E123D7CD52CCC5D897C4448AB64B814B63827A1CA810036FD191FC04DE56E6CB91CF38ECEB91F498FBC8865293972584A4DC6617DA05F380BE8D0440AA00DC44FEF856B5467BDD03C1956C920B19272BE8DE985BA780F5A809791908F21FA4325E28EDF16478E66D9C9262F83136B0CB8B204D0D99EEDA0F680F28E3BED47E3E7115DA396F2E79F4B4BA2B39C26C273ECB93FE988AD4E3219C13A11BF91EFC6D85A724C2C8499B3065D2C5705B6D19BA7E4F55A49C1F8D9A63DE149A01BE9B04BDF8658831CE301128354812E96C718C438B9116D7D2705711996CDBA9D9C07290B04A719DCF9888E8665795A98C62438FCCEE02186884863BFB91C39AE64D8EC8487FCC0EE07ED2B73D86DA317E39E08BFAE805F06405AF4DE61131F699153A7BD658321FEA6F9AD19DE70736DA9084ED28488F829659437E7D675416CE74C7C69A3C535BBEB9BEF0CDA740B7D9685B9CB317913A20378CC92976BCAD91FB9A57DFCB44B57D9E1DEA46455FDAB1CE28B024AB3262817A66C58D47FB85A64B9ED35DFA4870CE982FAFEC7D034DF208D9A14177F00721667E277F4A1DD96D58BB611ED4E5E1409D55AFB8387E8867C16516314853F40E6250EF111255E3D891273D37E4E9C2F995927BDCA7D2B1300B32E137356DBD1646F628DF641B40206D5AC839C246022EE2D1DAE069E61F56CC0438D18629B6EDC7766D5A6922E1BC7037FEC85341B32D3180D79D0B6402B78B936809A819C5F93153497D7166E433FE81A9DAC47962D82805E8E7BF7D42E4DC1C2DCC7ECCFF0BFC37E6573B068B7D0FB42E9398AEA62AF74882207F67FFE889DB557A04378750DA20516952BE73E525350E8040D8725FC261B2DAC2E74233C39F169598732431A722142912E8A9A122CB0759C44304D0667346AD7F93923EF9F6D4F5B9F67B3F81D3D48ECCAC199CFE5E2AEC588FA35D5B48ADAA81C2B8B1C04338BC156592432AA594CDE74D208BE837B777515D13E6EA76843F0B9F96D2FBDE0635D599DF6404C8833D701D7B887AD2276568BF4CB448329AA39DCA9DB0C44A85EB2BB1D9111"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(4916)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\APC\PowerChute Personal Edition\mainserv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Logi_MwX.Exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
c:\programmi\APC\PowerChute Personal Edition\apcsystray.exe
c:\programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-05-20 11:04:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-05-20 09:04
.
Pre-Run: 445.113.634.816 byte disponibili
Post-Run: 444.980.887.552 byte disponibili
.
- - End Of File - - A35E70B6A685AA743DD6CA19226537B7