Fatto!! Questo è il report che mi ha rilasciato.
ComboFix 09-07-21.05 - Proprietario 22/07/2009 17.29.59.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.895.539 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\desktop\abc.exe
Opzioni usate :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\PROPRI~1\IMPOST~1\Temp\tmp2.tmp
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner\Userdata\languages_v2.xml
c:\documents and settings\Proprietario\Dati applicazioni\MessengerSkinner\Userdata\pack1.cab
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae.dat
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae.exe
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae_nav.dat
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\aoukkqgae_navps.dat
c:\documents and settings\Proprietario\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Proprietario\Preferiti\Videos.url
c:\programmi\newdotnet
c:\programmi\newdotnet\nncore.dll
c:\programmi\newdotnet\nnrun.exe
c:\windows\msa.exe
c:\windows\NDNuninstall6_38.exe
c:\windows\system32\Data
c:\windows\system32\msxml71.dll
c:\windows\system32\nvs2.inf
c:\windows\Sysvxd.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NNSERV
-------\Service_NNServ
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Creati Da 2009-06-22 al 2009-07-22 )))))))))))))))))))))))))))))))))))
.
2009-07-18 19:05 . 2009-07-18 19:05 -------- d-----w- c:\programmi\ASIO4ALL v2
2009-07-18 19:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-18 19:03 . 2009-07-18 19:03 -------- d-----w- c:\programmi\Outsim
2009-07-18 19:01 . 2009-07-18 19:05 -------- d-----w- c:\programmi\Image-Line
2009-07-17 17:08 . 2009-07-17 17:08 188256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VCSExpress\9.0\1040\ResourceCache.dll
2009-07-16 17:37 . 2009-07-16 17:39 -------- d-----w- c:\documents and settings\Proprietario\TruePianos Settings
2009-07-16 17:36 . 2009-07-16 17:36 -------- d-----w- c:\programmi\TruePianos
2009-07-16 16:59 . 2009-07-16 16:59 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Proteus X
2009-07-16 16:22 . 2009-07-16 16:22 -------- d-----w- c:\programmi\File comuni\Creative Professional
2009-07-16 16:21 . 2009-07-16 16:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrovision
2009-07-16 16:21 . 2009-07-16 16:21 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-07-16 16:20 . 2009-07-16 16:20 12464 ----a-w- c:\windows\system32\drivers\CdaC15BA.SYS
2009-07-16 16:03 . 2003-08-18 09:33 1706800 ------w- c:\windows\system32\gdiplus.dll
2009-07-16 15:55 . 2009-07-16 15:55 -------- d-----w- c:\programmi\Creative
2009-07-16 15:55 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
2009-07-16 15:54 . 2009-07-16 15:54 -------- d-----w- c:\windows\Cache
2009-07-16 15:53 . 2009-07-16 16:59 -------- d-----w- c:\programmi\Steinberg
2009-07-16 15:51 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2009-07-16 15:50 . 2006-04-12 11:05 11776 ----a-w- c:\windows\INRES.DLL
2009-07-16 15:50 . 2009-07-16 16:58 -------- d-----w- c:\programmi\Creative Professional
2009-07-16 14:30 . 2009-07-16 14:31 -------- d-----w- C:\b7a1dcb828a796d98d3acca3546ecf32
2009-07-16 14:19 . 2009-07-16 14:40 -------- d-----w- C:\9e63692ba387aa64eb35216cf633b4
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\PCHealth
2009-07-16 13:38 . 2009-07-16 13:38 -------- d-----w- c:\windows\system32\RsFx
2009-07-16 13:32 . 2009-07-16 13:38 -------- d-----w- c:\programmi\Microsoft SQL Server
2009-07-16 13:32 . 2009-07-16 13:32 -------- d-----w- c:\programmi\Microsoft Synchronization Services
2009-07-16 13:31 . 2009-07-16 14:38 194912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VBExpress\9.0\1040\ResourceCache.dll
2009-07-16 13:30 . 2009-07-17 17:07 416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\MSDN\9.0\1040\ResourceCache.dll
2009-07-16 13:29 . 2009-07-16 13:29 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-16 13:37 -------- d-----w- c:\programmi\Microsoft.NET
2009-07-16 13:27 . 2009-07-17 17:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-16 13:27 . 2009-07-17 17:06 -------- d-----w- c:\programmi\Microsoft Visual Studio 9.0
2009-07-16 13:26 . 2009-07-16 13:26 -------- d-----w- c:\programmi\Microsoft SDKs
2009-07-16 13:18 . 2009-07-16 13:19 -------- d-----w- C:\07870b5f47573051224029809372cbe2
2009-07-13 17:53 . 2009-07-13 17:53 8854 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53 40960 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-07-13 17:53 . 2009-07-13 17:53 40960 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-07-13 17:53 . 2009-07-13 17:53 -------- d-----w- c:\programmi\Project64 1.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 15:41 . 2009-02-11 18:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\WTablet
2009-07-22 12:05 . 2009-03-31 12:24 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-18 19:04 . 2009-03-31 09:59 -------- d-----w- c:\programmi\Vstplugins
2009-07-18 13:26 . 2008-03-17 11:44 -------- d-----w- c:\programmi\eMule
2009-07-17 16:01 . 2008-06-27 18:59 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-07-17 16:00 . 2008-04-08 18:39 -------- d-----w- c:\programmi\Norton Security Scan
2009-07-16 16:21 . 2008-07-15 08:12 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-07-16 16:16 . 2007-05-12 08:09 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-16 15:24 . 2007-05-26 07:40 119656 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-16 14:32 . 2009-02-11 18:11 261520 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-07-16 14:30 . 2006-03-02 12:00 86568 ----a-w- c:\windows\system32\perfc010.dat
2009-07-16 14:30 . 2006-03-02 12:00 500224 ----a-w- c:\windows\system32\perfh010.dat
2009-07-16 13:32 . 2007-12-20 10:54 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2009-06-24 18:57 . 2008-01-07 18:11 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Canon
2009-06-20 20:43 . 2009-06-20 20:40 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\InfraRecorder
2009-06-20 20:40 . 2009-06-20 20:40 -------- d-----w- c:\programmi\InfraRecorder
2009-06-20 20:31 . 2009-06-20 20:31 -------- d-----w- c:\programmi\MagicISO
2009-06-20 19:59 . 2009-06-20 19:59 -------- d-----w- c:\programmi\SlySoft
2009-06-20 17:23 . 2009-06-20 17:23 -------- d-----w- c:\programmi\LiDe
2009-06-16 14:53 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 14:52 . 2009-06-11 14:52 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioniPDFcreator
2009-06-11 14:51 . 2009-06-11 14:51 -------- d-----w- c:\programmi\PDFCreator
2009-06-11 14:51 . 2009-06-11 14:51 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\PDFCreator
2009-06-03 19:25 . 2006-03-02 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 23:20 . 2009-05-30 23:06 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\ImgBurn
2009-05-30 22:54 . 2009-05-30 22:53 -------- d-----w- c:\programmi\ImgBurn
2009-05-30 22:49 . 2009-05-30 22:39 -------- d-----w- c:\programmi\GCUTIL
2009-05-30 20:51 . 2009-05-30 20:51 -------- d-----w- c:\programmi\Altap Salamander 2.5
2009-05-30 13:17 . 2008-07-08 10:48 -------- d-----w- c:\programmi\StepMania
2009-05-27 18:25 . 2009-05-26 20:11 -------- d-----w- c:\programmi\Softonic_Italia
2009-05-26 20:11 . 2009-05-26 20:11 -------- d-----w- c:\programmi\Conduit
2009-05-26 16:37 . 2009-05-26 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\programmi\Elaborate Bytes
2009-05-07 17:03 . 2009-05-26 20:11 51200 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-05-07 17:03 . 2009-05-26 20:11 114688 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-05-07 15:41 . 2006-03-02 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 12:07 . 2009-05-06 12:07 131072 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut3_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07 131072 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\NewShortcut1_3A4BEF94179B43DC838076EEC6DB5EF4.exe
2009-05-06 12:07 . 2009-05-06 12:07 10134 ----a-r- c:\documents and settings\Proprietario\Dati applicazioni\Microsoft\Installer\{3A4BEF94-179B-43DC-8380-76EEC6DB5EF4}\ARPPRODUCTICON.exe
2009-05-04 19:48 . 2009-05-04 19:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-14 09:43 . 2008-06-19 12:58 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
2008-02-14 19:00 . 2008-02-14 19:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32 279944 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-05-06 14:27 2093080 ----a-w- c:\programmi\Softonic_Italia\tbSof0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2009-05-06 2093080]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Pando"="c:\programmi\Pando Networks\Pando\Pando.exe" [2009-04-23 4044616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-3-11 212992]
Windows Desktop Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Proprietario^Menu Avvio^Programmi^Esecuzione automatica^ubisoft register.lnk]
path=c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\ubisoft register.lnk
backup=c:\windows\pss\ubisoft register.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Turbo Torrent\\ttorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre1.6.0_02\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56694:TCP"= 56694:TCP:Pando P2P TCP Listening Port
"56694:UDP"= 56694:UDP:Pando P2P UDP Listening Port
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/05/2007 10.09.30 11264]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/12/2008 14.02.29 8192]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [01/06/2008 9.13.10 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/02/2009 20.23.49 3032360]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [22/06/2006 20.23.52 808448]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [06/10/2004 11.39.14 283904]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys --> c:\docume~1\PROPRI~1\IMPOST~1\Temp\asbp2poa.sys [?]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [04/10/2004 7.28.38 43392]
S3 Cdstf50pwf;Cdstf50pwf; [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/02/2009 20.23.52 15144]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
2009-07-17 c:\windows\Tasks\Norton Security Scan for Proprietario.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-09-19 18:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-waveante - c:\docume~1\PROPRI~1\DATIAP~1\FOURTO~1\memo style.exe
HKLM-Run-TkBellExe - c:\programmi\File comuni\Real\Update_OB\realsched.exe
HKLM-Run-Noun Internet Plan Seek - c:\documents and settings\All Users\Dati applicazioni\Close upload noun internet\Dent Frag.exe
ShellExecuteHooks-{E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA} - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Search -
http://edits.mywebsearch.com/toolbaredi ... xmk142YYITIE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?ad182b48f8f641b9a84eb6b14fb7e033
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?ad182b48f8f641b9a84eb6b14fb7e033
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Scarica link utilizzando Mega Manager... - c:\programmi\Megaupload\Mega Manager\mm_file.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\
FF - component: c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\iiorrmi8.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\programmi\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-22 17:42
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-343818398-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8313309-8BC8-741A-232B-8B23A823EDE9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaaidnigfmnholkogh"=hex:6a,61,6a,65,6c,6b,6a,67,68,63,6f,66,66,69,62,66,63,70,
6f,6f,00,a4
"hagjkaboehfgpagh"=hex:6a,61,6d,67,6b,6a,6d,64,61,69,6b,67,70,66,69,6f,65,65,
67,63,00,66
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Altap Salamander 2.5\plugins\salamext.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-22 17.50.29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-22 15:50
Pre-Run: 47.103.602.688 byte disponibili
Post-Run: 51.432.079.360 byte disponibili
311 --- E O F --- 2009-07-21 19:55
Registrazione
