eccolo
ComboFix 10-09-17.04 - andrea 19/09/2010 16.15.58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2670 [GMT 2:00]
Eseguito da: g:\documents and settings\andrea\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
((((((((((((((((((((((((( Files Creati Da 2010-08-19 al 2010-09-19 )))))))))))))))))))))))))))))))))))
.
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\programmi\Malwarebytes' Anti-Malware
2010-09-19 09:47 . 2010-09-19 09:47 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-19 09:47 . 2010-04-29 13:39 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\programmi\DynDNS Updater
2010-09-19 08:41 . 2010-09-19 08:41 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\DynDNS
2010-09-19 07:55 . 2010-09-19 07:55 388096 ----a-r- g:\documents and settings\andrea\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-19 07:55 . 2010-09-19 07:55 -------- d-----w- g:\programmi\Trend Micro
2010-09-19 07:34 . 2010-09-19 07:34 360584 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-09-19 07:34 . 2010-09-19 07:34 333192 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-09-19 07:34 . 2010-09-19 07:34 28424 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-09-19 07:32 . 2010-09-19 07:26 1007896 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-09-19 07:32 . 2010-09-19 07:26 613656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2010-09-19 07:32 . 2010-09-19 07:26 1658136 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-09-19 07:32 . 2010-09-19 07:26 800536 ----a-w- g:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2010-09-18 15:33 . 2010-09-18 16:48 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\searchqutb
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- g:\programmi\Windows Searchqu Toolbar
2010-09-18 15:32 . 2010-09-18 15:32 -------- d-----w- g:\programmi\icons
2010-09-18 12:16 . 2010-09-18 12:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-09-12 08:43 . 2010-09-12 08:43 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Danea
2010-09-12 08:43 . 2010-09-12 08:47 -------- d-----w- g:\programmi\Danea Easyfatt
2010-09-12 07:38 . 2010-09-12 07:45 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\vlc
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\programmi\Photodex Presenter
2010-09-12 07:23 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Netscape
2010-09-12 07:22 . 2010-09-12 07:22 -------- d-----w- g:\programmi\Photodex
2010-09-12 07:20 . 2010-09-12 07:20 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Photodex
2010-09-12 07:20 . 2010-09-12 07:23 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Photodex
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Babylon
2010-09-12 07:13 . 2010-09-12 07:13 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Babylon
2010-09-08 09:26 . 2010-09-10 19:54 4204704 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1547161642-1275210071-1801674531-1003-0.dat
2010-09-07 11:21 . 2010-09-10 19:54 429274 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
2010-09-07 11:18 . 2008-07-12 06:18 3851784 ----a-w- g:\windows\system32\D3DX9_39.dll
2010-09-07 11:18 . 2010-09-07 11:18 -------- d-----w- g:\windows\Logs
2010-09-07 11:17 . 2010-09-07 11:19 -------- d-----w- g:\programmi\Microsoft Expression
2010-08-29 08:17 . 2010-07-12 12:49 52552 ----a-w- g:\windows\system32\ftserui2.dll
2010-08-29 08:17 . 2010-07-12 12:49 67400 ----a-w- g:\windows\system32\ftcserco.dll
2010-08-29 08:17 . 2010-07-12 12:48 73032 ----a-w- g:\windows\system32\drivers\ftser2k.sys
2010-08-22 08:00 . 2010-08-22 08:00 -------- d-----w- g:\documents and settings\LocalService\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2009-10-30 13:08 29512 ----a-w- g:\windows\system32\TURegOpt.exe
2010-08-22 07:28 . 2009-10-30 13:01 30024 ----a-w- g:\windows\system32\uxtuneup.dll
2010-08-22 07:28 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\TuneUp Software
2010-08-22 07:28 . 2010-09-19 13:58 -------- d-----w- g:\programmi\TuneUp Utilities 2010
2010-08-22 07:27 . 2010-08-22 07:28 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-08-22 07:27 . 2010-08-22 07:27 -------- d-sh--w- g:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-22 07:19 . 2010-08-22 07:19 -------- d-----w- g:\programmi\Halto
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 14:22 . 2010-05-15 06:50 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Orbit
2010-09-19 14:08 . 2010-03-14 07:19 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\avg9
2010-09-19 07:39 . 2010-08-03 05:27 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Onzi
2010-09-19 07:39 . 2010-01-08 10:10 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Doorah
2010-09-19 07:19 . 2010-01-04 13:26 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Uvzy
2010-09-19 07:12 . 2010-06-18 17:47 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\HPAppData
2010-09-18 15:32 . 2010-08-05 06:46 -------- d-----w- g:\programmi\myBabylon_English
2010-09-17 16:44 . 2010-08-09 16:49 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Fiakez
2010-09-14 20:43 . 2010-01-04 07:53 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\uTorrent
2010-09-14 17:30 . 2010-01-03 21:16 -------- d-----w- g:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-09-13 10:02 . 2010-01-03 21:22 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\Skype
2010-09-13 09:33 . 2010-01-03 21:35 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\skypePM
2010-09-12 08:59 . 2010-06-26 07:49 654256 ----a-w- g:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-09-12 07:45 . 2010-06-26 16:17 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\dvdcss
2010-09-11 13:00 . 2010-06-09 18:11 -------- d-----w- g:\programmi\FotoTaxi3
2010-09-08 16:37 . 2010-02-25 19:45 -------- d-----w- g:\programmi\Microsoft Silverlight
2010-09-07 10:44 . 2008-04-14 12:00 546884 ----a-w- g:\windows\system32\perfh010.dat
2010-09-07 10:44 . 2008-04-14 12:00 100724 ----a-w- g:\windows\system32\perfc010.dat
2010-09-06 06:22 . 2010-01-04 07:54 -------- d-----w- g:\programmi\uTorrent
2010-09-04 13:23 . 2010-06-03 17:07 -------- d-----w- g:\documents and settings\andrea\Dati applicazioni\U3
2010-09-03 16:49 . 2010-02-28 07:08 -------- d-----w- g:\programmi\Duolabs
2010-08-25 16:54 . 2010-01-06 09:06 -------- d-----w- g:\programmi\Google
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- g:\windows\system32\spoolsv.exe
2010-08-17 06:24 . 2008-04-14 12:00 48650 ----a-w- g:\windows\system32\userinit.exe.tmp
2010-08-07 15:10 . 2010-01-03 21:13 -------- d-----w- g:\programmi\AVS4YOU
2010-08-07 15:10 . 2010-01-03 21:14 -------- d-----w- g:\programmi\File comuni\AVSMedia
2010-08-07 09:04 . 2010-08-07 09:04 -------- d-----w- g:\programmi\File comuni\Skype
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Conduit
2010-08-05 06:46 . 2010-08-05 06:46 -------- d-----w- g:\programmi\Babylon
2010-08-04 06:48 . 2010-08-04 06:47 1901 ----a-w- g:\windows\panose.bin
2010-08-04 06:37 . 2010-08-04 06:37 -------- d-----w- g:\programmi\File comuni\Vbox
2010-08-04 06:37 . 2010-01-04 08:05 -------- d-----w- g:\programmi\File comuni\Adobe
2010-08-02 06:20 . 2010-08-02 06:20 -------- d-----w- g:\programmi\Xenocode
2010-08-02 06:17 . 2010-08-02 06:15 -------- d-----w- g:\programmi\Image Resizer
2010-07-22 15:48 . 2008-04-14 12:00 590848 ----a-w- g:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- g:\windows\system32\xpsp4res.dll
2010-07-12 11:50 . 2010-07-12 11:50 198464 ----a-w- g:\windows\system32\ftd2xx.dll
2010-07-12 11:50 . 2010-07-12 11:50 105288 ----a-w- g:\windows\system32\ftbusui.dll
2010-07-12 11:49 . 2010-07-12 11:49 197952 ----a-w- g:\windows\system32\FTLang.dll
2010-07-12 11:49 . 2010-07-12 11:49 60104 ----a-w- g:\windows\system32\drivers\ftdibus.sys
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- g:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-14 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 12:00 1851904 ----a-w- g:\windows\system32\win32k.sys
2010-06-23 06:35 . 2010-06-23 06:35 2568656 ----a-w- g:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- g:\windows\system32\drivers\srv.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-09-18 15:33 2735200 ----a-w- g:\programmi\myBabylon_English\tbmyB1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "g:\programmi\myBabylon_English\tbmyB1.dll" [2010-09-18 2735200]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L09IXLRD_4767375"="g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" [2009-03-02 351000]
"Google Update"="g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-03-22 136176]
"ctfmon.exe"="g:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="g:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"ASUS Update Checker"="g:\programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"AdobeAAMUpdater-1.0"="g:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="g:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="g:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Orbit.lnk - g:\programmi\Orbitdownloader\orbitdm.exe [2010-5-15 1809680]
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=g:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Acrobat.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk
backup=g:\windows\pss\Avvio veloce di Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DesktopEarth AutoStart.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DesktopEarth AutoStart.lnk
backup=g:\windows\pss\DesktopEarth AutoStart.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=g:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Orbit.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Orbit.lnk
backup=g:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Register PhotoFrame 4.0 Professional Edition.lnk]
path=g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Register PhotoFrame 4.0 Professional Edition.lnk
backup=g:\windows\pss\Register PhotoFrame 4.0 Professional Edition.lnkCommon Startup
[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3263874.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3263874.lnk
backup=g:\windows\pss\3263874.lnkStartup
[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^3754068.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\3754068.lnk
backup=g:\windows\pss\3754068.lnkStartup
[HKLM\~\startupfolder\G:^Documents and Settings^andrea^Menu Avvio^Programmi^Esecuzione automatica^MagicDisc.lnk]
path=g:\documents and settings\andrea\Menu Avvio\Programmi\Esecuzione automatica\MagicDisc.lnk
backup=g:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 22:24 620152 ----a-w- g:\programmi\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- g:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-29 15:09 171464 ----a-w- g:\programmi\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- g:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 ----a-w- g:\programmi\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- g:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 18:51 176128 ----a-w- g:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 09:49 491520 ----a-w- g:\windows\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 15:03 49152 ----a-w- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- g:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- g:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L09IXLRD_1131375]
2009-03-02 04:59 351000 ----a-w- g:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- g:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- g:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- g:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 08:53 570664 ----a-w- g:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- g:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-01-03 20:56 17881600 ----a-w- g:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- g:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-01 14:23 61440 ----a-w- g:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- g:\programmi\File comuni\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- g:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"g:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\uTorrent\\uTorrent.exe"=
"g:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
"g:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"g:\\Programmi\\iTunes\\iTunes.exe"=
"g:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programmi\\ClubDelGioco\\jre\\jre\\bin\\javaw.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\totalcmd\\TOTALCMD.EXE"=
"g:\\Programmi\\DreamBoxEdit\\dreamboxedit.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"g:\\Programmi\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"g:\\Programmi\\eMule\\emule.exe"=
"g:\\WINDOWS\\system32\\fxsclnt.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"g:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"g:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"g:\\Documents and Settings\\andrea\\Documenti\\dreambox\\dcc296\\DCC.exe"=
"g:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"g:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4360:TCP"= 4360:TCP:emule
"49907:UDP"= 49907:UDP:emule
R0 mv61xx;mv61xx;g:\windows\system32\drivers\mv61xx.sys [24/06/2008 0.21.48 150568]
R2 DynDNS Updater;DynDNS Updater;g:\programmi\DynDNS Updater\DynUpSvc.exe [16/04/2010 18.19.28 103800]
R2 SBKUPNT;SBKUPNT;g:\windows\system32\drivers\SBKUPNT.SYS [19/03/2010 0.17.01 14976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15.05.48 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7.24.44 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [03/01/2010 22.56.25 1684736]
S3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [19/03/2010 0.32.07 13192]
S3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [19/03/2010 0.32.07 8456]
S3 SwitchBoard;SwitchBoard;g:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13.37.14 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 sptd;sptd;g:\windows\system32\drivers\sptd.sys [13/03/2010 16.29.06 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-07-30 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-11 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003Core.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]
2010-09-19 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1275210071-1801674531-1003UA.job
- g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-03-22 06:50]
2010-09-19 g:\windows\Tasks\HP Usg Daily.job
- g:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 15:03]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.searchqu.com/403IE: &Download by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - g:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - g:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - g:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - g:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - g:\programmi\Megaupload\Mega Manager\mm_file.htm
FF - ProfilePath - g:\documents and settings\andrea\Dati applicazioni\Mozilla\Firefox\Profiles\s5zx03cr.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage -
www.google.itFF - prefs.js: keyword.URL -
hxxp://www.searchqu.com/web?src=ffb&systemid=403&q=FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: g:\documents and settings\andrea\Dati applicazioni\Mozilla\plugins\np-mswmp.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\programmi\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: g:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: g:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: g:\programmi\Photodex Presenter\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
g:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-{40780F9D-64B7-CFFF-261D-A904449DBF39} - g:\documents and settings\andrea\Dati applicazioni\Onzi\ozerw.exe
MSConfigStartUp-{9A6BC445-EBFE-F1A8-7DCD-F196CAE7D6A7} - g:\documents and settings\andrea\Dati applicazioni\Doorah\voerx.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-19 16:22
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C88BD92-F1A7-880C-4BA8-7B1D67DD00C5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CA0543F-8314-AC2B-F11B-5C8801A577F2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1547161642-1275210071-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahpjcpdjladbnpclaechbfdopiccmef"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
70,6c,6a,66,61,62,65,6a,63,6e,68,67,6e,6c,62,64,69,6c,63,68,6c,00,7c
"pabpckcocccejelfjjnllpmbbponhadi"=hex:61,62,6d,6f,69,66,6f,69,61,67,66,6d,70,
70,6c,6a,66,61,62,65,6b,63,61,64,68,61,6e,68,6f,61,65,6d,66,65,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(764)
g:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3576)
g:\windows\system32\WININET.dll
g:\windows\system32\msi.dll
g:\windows\system32\webcheck.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
g:\windows\system32\Ati2evxx.exe
g:\windows\system32\Ati2evxx.exe
g:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
g:\windows\SYSTEM32\astsrv.exe
g:\programmi\Bonjour\mDNSResponder.exe
g:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S30RP1.EXE
g:\programmi\Java\jre6\bin\jqs.exe
g:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
g:\windows\system32\IoctlSvc.exe
g:\documents and settings\andrea\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\GoogleCrashHandler.exe
g:\programmi\Photodex\ProShowProducer\ScsiAccess.exe
g:\programmi\Orbitdownloader\orbitnet.exe
g:\programmi\Canon\CAL\CALMAIN.exe
g:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
g:\windows\system32\wscntfy.exe
g:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-19 16:26:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-19 14:26
Pre-Run: 255.151.710.208 byte disponibili
Post-Run: 255.058.092.032 byte disponibili
- - End Of File - - 095FDCCF2E4F94C07933407FB2277187
Registrazione