ComboFix 09-10-25.02 - massimo 27/10/2009 13.37.01.2.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.759 [GMT 1:00]
Eseguito da: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-09-27 al 2009-10-27 )))))))))))))))))))))))))))))))))))
.
2009-10-27 12:00:07 . 2009-10-27 12:05:11 0 d-----w- C:\WINDOWS\LastGood
2009-10-26 19:35:45 . 2009-10-27 12:01:29 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-26 19:35:45 . 2009-10-26 19:39:10 0 d-----w- C:\Programmi\Spybot - Search & Destroy
2009-10-26 19:13:19 . 2009-10-26 19:13:21 0 d-----w- C:\Programmi\CCleaner
2009-10-26 17:22:37 . 2009-10-26 17:22:37 0 d-----w- C:\Documents and Settings\massimo\DoctorWeb
2009-10-26 16:01:40 . 2008-03-03 17:21:34 568 ---ha-w- C:\WINDOWS\nod32fixtemdono.reg
2009-10-26 16:01:40 . 2008-03-03 13:25:38 5702 ---ha-w- C:\WINDOWS\nod32restoretemdono.reg
2009-10-26 15:49:07 . 2009-10-26 15:49:07 0 d-----w- C:\Programmi\ESET
2009-10-26 15:31:35 . 2009-10-26 15:31:35 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2009-10-26 12:46:58 . 2009-10-26 12:43:02 291328 ----a-w- C:\3y9yfo4p.exe
2009-10-26 11:30:53 . 2009-10-26 11:30:56 77312 ----a-w- C:\mbr.exe
2009-10-26 11:13:42 . 2009-06-30 09:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys
2009-10-26 11:13:28 . 2009-10-26 11:13:28 0 d-----w- C:\Programmi\Panda Security
2009-10-26 11:10:50 . 2009-10-26 11:12:20 0 d-----w- C:\Documents and Settings\massimo\.housecall6.6
2009-10-26 11:09:42 . 2009-10-26 11:09:42 0 d-----w- C:\WINDOWS\Sun
2009-10-26 10:27:48 . 2009-10-26 10:35:42 0 d-----w- C:\WINDOWS\BDOSCAN8
2009-10-26 10:01:44 . 2009-10-26 09:58:02 3436986 ----a-r- C:\ComboFix.exe
2009-10-25 23:21:10 . 2008-10-15 16:36:15 337408 ------w- C:\WINDOWS\system32\dllcache\netapi32.dll
2009-10-25 23:20:18 . 2008-09-04 17:15:03 1106944 ------w- C:\WINDOWS\system32\dllcache\msxml3.dll
2009-10-25 23:10:44 . 2009-08-13 15:15:50 512000 ------w- C:\WINDOWS\system32\dllcache\jscript.dll
2009-10-25 23:02:28 . 2009-10-25 23:02:28 0 d-----w- C:\Programmi\Trend Micro
2009-10-25 22:57:38 . 2009-10-25 22:57:39 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\Winamp
2009-10-25 22:57:37 . 2009-10-25 22:57:38 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\VoipStunt
2009-10-25 22:57:37 . 2009-10-25 22:57:37 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\vlc
2009-10-25 22:55:27 . 2008-11-12 02:46:53 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\TMP
2009-10-25 22:55:22 . 2008-11-12 12:27:20 0 d--h--w- C:\Documents and Settings\HelpAssistant.MAX\Impostazioni locali
2009-10-25 22:55:21 . 2008-11-12 12:27:20 0 d--h--w- C:\Documents and Settings\HelpAssistant.MAX\Modelli
2009-10-25 22:55:21 . 2008-11-12 12:27:20 0 d-----r- C:\Documents and Settings\HelpAssistant.MAX\Menu Avvio
2009-10-25 22:55:20 . 2008-11-12 12:27:20 0 d--h--w- C:\Documents and Settings\HelpAssistant.MAX\Risorse di stampa
2009-10-25 22:55:20 . 2008-11-12 12:27:20 0 d--h--w- C:\Documents and Settings\HelpAssistant.MAX\Risorse di rete
2009-10-25 22:55:20 . 2008-11-12 03:01:37 0 d-----r- C:\Documents and Settings\HelpAssistant.MAX\Preferiti
2009-10-25 22:55:14 . 2009-10-26 14:47:51 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX
2009-10-25 22:52:02 . 2009-10-25 22:52:02 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-10-25 21:53:30 . 2008-11-12 02:46:46 0 d-----w- C:\Documents and Settings\HelpAssistant\Bluetooth Software
2009-10-25 21:53:29 . 2009-10-25 22:21:52 0 d-----w- C:\Documents and Settings\HelpAssistant\Documenti
2009-10-25 21:53:29 . 2009-10-25 22:21:52 0 d-----w- C:\Documents and Settings\HelpAssistant\Dati applicazioni
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Preferiti
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Modelli
2009-10-25 21:53:29 . 2009-10-25 22:21:51 0 d-----w- C:\Documents and Settings\HelpAssistant\Impostazioni locali
2009-10-25 21:53:28 . 2009-10-25 22:21:54 0 d-s---w- C:\Documents and Settings\HelpAssistant
2009-10-19 20:46:34 . 2009-08-04 17:26:06 2148864 ------w- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2009-10-19 20:46:31 . 2009-08-04 17:26:09 2069760 ------w- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2009-10-19 20:46:31 . 2009-08-04 17:26:03 2027520 ------w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2009-10-10 22:25:09 . 2009-10-25 22:25:49 0 d-----w- C:\Programmi\TVAnts
2009-10-05 20:46:19 . 2009-10-25 22:27:45 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\vlc
2009-10-05 20:44:45 . 2009-10-05 20:44:45 0 d-----w- C:\Programmi\VideoLAN
2009-10-05 20:40:33 . 2009-10-25 22:28:00 0 d-----w- C:\Programmi\ASIO4ALL v2(2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 12:37:07 . 2008-06-26 08:00:04 490006 ----a-w- C:\WINDOWS\system32\perfh010.dat
2009-10-27 12:37:06 . 2008-06-26 08:00:04 84468 ----a-w- C:\WINDOWS\system32\perfc010.dat
2009-10-25 22:57:21 . 2009-10-25 22:57:21 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\skypePM
2009-10-25 22:57:20 . 2009-10-25 22:57:16 0 d-----w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\Skype
2009-10-25 22:51:29 . 2009-07-16 21:13:43 0 d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2009-10-25 22:51:28 . 2009-07-16 21:15:47 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\Skype
2009-10-25 22:51:28 . 2009-07-16 21:13:51 0 d-----w- C:\Programmi\Skype
2009-10-25 22:51:27 . 2009-07-16 21:25:21 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\VoipStunt
2009-10-25 22:50:30 . 2009-07-20 08:18:43 0 d-----w- C:\Programmi\Mozilla Firefox(2)
2009-10-25 22:49:51 . 2009-07-30 17:11:05 0 d-----w- C:\Programmi\Winamp
2009-10-25 22:49:51 . 2009-07-30 17:11:05 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\Winamp
2009-10-25 22:49:32 . 2009-08-04 20:34:21 0 d-----w- C:\Programmi\AviSynth 2.5
2009-10-25 22:44:53 . 2009-08-26 17:24:00 0 d-----w- C:\Programmi\WebSite X5 v8 - Evolution
2009-10-07 08:55:10 . 2009-10-25 22:57:39 394 ----a-w- C:\Documents and Settings\HelpAssistant.MAX\Dati applicazioni\wklnhst.dat
2009-10-07 08:55:10 . 2009-07-29 11:57:17 394 ----a-w- C:\Documents and Settings\massimo\Dati applicazioni\wklnhst.dat
2009-10-05 20:31:52 . 2009-07-16 21:19:32 0 d-----w- C:\Documents and Settings\massimo\Dati applicazioni\skypePM
2009-09-27 11:45:44 . 2009-07-29 11:57:24 33408 ----a-w- C:\Documents and Settings\massimo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-10 13:17:57 . 2009-09-10 13:17:57 97976 ----a-w- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-09-04 21:03:04 . 2008-04-15 04:00:00 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-29 07:26:38 . 2007-08-14 00:54:10 832512 ------w- C:\WINDOWS\system32\wininet.dll
2009-08-29 07:26:30 . 2008-04-15 04:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-08-29 07:26:29 . 2008-04-15 04:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2009-08-26 08:00:31 . 2008-04-15 04:00:00 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-06 18:24:18 . 2007-07-31 01:19:32 327896 ----a-w- C:\WINDOWS\system32\wucltui.dll
2009-08-06 18:24:18 . 2007-07-31 01:19:28 209632 ----a-w- C:\WINDOWS\system32\wuweb.dll
2009-08-06 18:24:06 . 2007-07-31 01:19:16 53472 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 18:24:04 . 2007-07-31 01:19:20 96480 ----a-w- C:\WINDOWS\system32\cdm.dll
2009-08-06 18:23:54 . 2007-07-31 01:19:36 575704 ----a-w- C:\WINDOWS\system32\wuapi.dll
2009-08-06 18:23:46 . 2007-07-31 01:19:42 1929952 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2009-08-04 17:26:06 . 2008-04-15 04:00:00 2148864 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 17:26:03 . 2008-04-15 04:00:00 2027520 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-26_10.19.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 12:05:11 . 2009-08-06 18:24:10 44768 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-27 12:05:10 . 2009-08-06 18:24:10 35552 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-06-26 08:00:04 . 2009-10-27 12:37:06 71510 C:\WINDOWS\system32\perfc009.dat
+ 2008-10-08 07:50:14 . 2008-10-08 07:50:14 34312 C:\WINDOWS\system32\drivers\epfwtdir.sys
+ 2008-10-08 07:42:52 . 2008-10-08 07:42:52 53256 C:\WINDOWS\system32\drivers\easdrv.sys
+ 2008-10-08 07:42:00 . 2008-10-08 07:42:00 39944 C:\WINDOWS\system32\drivers\eamon.sys
+ 2009-10-27 12:05:11 . 2008-10-16 12:09:44 43544 C:\WINDOWS\LastGood\system32\wups2.dll
+ 2009-10-27 12:05:10 . 2008-10-16 12:08:58 34328 C:\WINDOWS\LastGood\system32\wups.dll
+ 2009-10-27 12:05:02 . 2008-10-16 12:09:44 51224 C:\WINDOWS\LastGood\system32\wuauclt.exe
+ 2009-10-27 12:05:00 . 2008-10-16 12:09:44 92696 C:\WINDOWS\LastGood\system32\cdm.dll
+ 2009-10-26 15:50:29 . 2009-10-26 15:50:29 10134 C:\WINDOWS\Installer\{2B3E3BBD-DE22-4579-B173-9EB4BBB26D4C}\callmsi.exe
+ 2009-01-05 14:44:10 . 2009-01-05 14:44:10 53248 C:\WINDOWS\bdoscandel.exe
+ 2009-10-26 10:28:03 . 2009-10-26 10:28:03 86016 C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2009-10-26 10:28:02 . 2009-10-26 10:28:02 27136 C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2009-10-26 10:28:02 . 2009-10-26 10:28:02 10240 C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2009-10-26 10:28:02 . 2009-10-26 10:28:02 45056 C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-06-26 08:00:04 . 2009-10-27 12:37:06 441766 C:\WINDOWS\system32\perfh009.dat
+ 2009-10-27 12:05:11 . 2008-10-16 12:13:40 202776 C:\WINDOWS\LastGood\system32\wuweb.dll
+ 2009-10-27 12:05:09 . 2008-10-16 12:12:22 323608 C:\WINDOWS\LastGood\system32\wucltui.dll
+ 2009-10-27 12:05:01 . 2008-10-16 12:12:20 561688 C:\WINDOWS\LastGood\system32\wuapi.dll
+ 2009-10-26 15:50:29 . 2009-10-26 15:50:29 861696 C:\WINDOWS\Installer\27cda.msi
+ 2009-10-26 15:50:29 . 2009-10-26 15:50:29 136448 C:\WINDOWS\Installer\{2B3E3BBD-DE22-4579-B173-9EB4BBB26D4C}\egui.exe
+ 2009-01-05 14:44:12 . 2009-01-05 14:44:12 741376 C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2009-10-19 16:27:20 . 2009-10-19 16:27:20 401008 C:\WINDOWS\Downloaded Program Files\fslauncher.dll
+ 2009-08-04 13:06:34 . 2009-08-04 13:06:34 132352 C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2009-01-05 14:44:12 . 2009-10-26 10:28:07 142848 C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2009-01-05 14:44:12 . 2009-01-05 14:44:12 741376 C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2009-01-05 14:44:10 . 2009-10-26 10:28:06 107800 C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2009-10-27 12:05:05 . 2008-10-16 12:13:40 1809944 C:\WINDOWS\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 13:46:46 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 13:46:46 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 13:46:18 131072]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 18:58:42 1343488]
"HP Mobile Broadband"="c:\SWsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 13:30:44 439600]
"hpWirelessAssistant"="C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 13:51:00 488752]
"egui"="C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 07:46:42 1451264]
"IDTSysTrayApp"="sttray.exe" - C:\WINDOWS\sttray.exe [2008-08-30 00:03:24 442477]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 04:00:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
R0 pxscan;pxscan;C:\WINDOWS\system32\drivers\pxscan.sys --> C:\WINDOWS\system32\drivers\pxscan.sys [?]
R3 pxkbf;pxkbf;C:\WINDOWS\system32\drivers\pxkbf.sys --> C:\WINDOWS\system32\drivers\pxkbf.sys [?]
S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [26/10/2009 12.13.42 28552]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
S1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys --> C:\WINDOWS\system32\drivers\nod32drv.sys [?]
S2 ekrn;Eset Service;C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 8.47.58 468224]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [15/04/2008 5.00.00 3584]
S2 pxrts;pxrts;C:\WINDOWS\system32\drivers\pxrts.sys --> C:\WINDOWS\system32\drivers\pxrts.sys [?]
S3 AESTAud;AE Audio Service;C:\WINDOWS\system32\drivers\AESTAud.sys [12/11/2008 3.43.55 112128]
S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\ndiskio.sys [?]
S3 UnhookMBRS;UnhookMBRS;\??\C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\unhookmbrs.sys --> C:\DOCUME~1\massimo\IMPOST~1\Temp\b52d5e4c.nmc\nse\bin\unhookmbrs.sys [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mbr
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - C:\Documents and Settings\massimo\Dati applicazioni\Mozilla\Firefox\Profiles\ljxunb94.default\
.