Ecco il file richiesto
ComboFix 09-10-10.02 - Zancanella 2009-10-11 20:32.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.446.120 [GMT 2:00]
Eseguito da: c:\documents and settings\Zancanella\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ZANCAN~1\IMPOST~1\Temp\catchme.dll
c:\documents and settings\Zancanella\Dati applicazioni\drivers\downld
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\agykekq.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\agykekq.exe
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\agykekq_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\agykekq_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\bmfsmft.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\bmfsmft.exe
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\bmfsmft_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\bmfsmft_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ehijb.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ehijb_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ehijb_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ggkigce.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ggkigce_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ggkigce_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\kcosyow.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\kcosyow.exe
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\kcosyow_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\kcosyow_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ugywk.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ugywk.exe
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ugywk_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\ugywk_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\wcesg.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\wcesg_nav.dat
c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\wcesg_navps.dat
c:\documents and settings\Zancanella\Impostazioni locali\temp\catchme.dll
C:\InfoSat.txt
C:\Muestras
c:\muestras\1421934.EXE.Muestra EliBagle v12.98
c:\muestras\1450505.EXE.Muestra EliBagle v12.98
c:\muestras\149374.EXE.Muestra EliBagle v12.98
c:\muestras\198795.EXE.Muestra EliBagle v12.98
c:\muestras\217763.EXE.Muestra EliBagle v12.98
c:\muestras\252322.EXE.Muestra EliBagle v12.98
c:\muestras\258521.EXE.Muestra EliBagle v12.98
c:\muestras\457778.EXE.Muestra EliBagle v12.98
c:\muestras\479249.EXE.Muestra EliBagle v12.98
c:\programmi\QUAD Utilities
c:\programmi\Search Settings
c:\programmi\Search Settings\kb127\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\windows\Installer\199c057.msi
c:\windows\Installer\1a0557.msi
c:\windows\Installer\2542b.msi
c:\windows\Installer\297a2a8.msi
c:\windows\Installer\35646.msi
c:\windows\Installer\3c4593.msi
c:\windows\Installer\41034.msp
c:\windows\Installer\6446a.msi
c:\windows\Installer\f85a05.msi
c:\windows\system32\AGihQqss.ini
c:\windows\system32\AGihQqss.ini2
c:\windows\system32\drivers\kungsflltpdwqe.sys
c:\windows\system32\kungsffxhoobvp.dat
c:\windows\system32\kungsflog.dat
c:\windows\system32\teakfitq.ini
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_kungsfqxovmphx
-------\Service_kungsfqxovmphx
((((((((((((((((((((((((( Files Creati Da 2009-09-11 al 2009-10-11 )))))))))))))))))))))))))))))))))))
.
2009-10-11 10:26 . 2009-10-11 10:38 -------- d-----w- c:\programmi\FindyKill
2009-10-10 23:20 . 2009-10-10 23:20 1001707 ----a-w- C:\R6252_XA14.zip
2009-10-10 21:23 . 2009-10-11 18:42 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\drivers
2009-10-07 16:36 . 2009-10-07 16:46 -------- d-----w- C:\CURRICULUM VITAE
2009-10-06 21:02 . 2009-10-09 15:20 -------- d-----w- C:\ALIM+12-12
2009-10-05 17:38 . 2009-10-05 17:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-05 17:38 . 2009-10-09 10:32 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\skypePM
2009-10-05 17:35 . 2009-10-09 11:00 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\Skype
2009-10-05 17:33 . 2009-10-05 17:33 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-05 17:33 . 2009-10-05 17:34 -------- d-----r- c:\programmi\Skype
2009-10-05 17:33 . 2009-10-05 17:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-04 13:24 . 2009-10-09 00:13 -------- d-----w- C:\AFFITTO
2009-10-01 15:56 . 2009-10-01 17:26 -------- d-----w- C:\immagini
2009-10-01 15:48 . 2009-10-01 15:48 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{043AF2C6-8F13-4D97-B13C-0ECF538281D9}
2009-10-01 15:46 . 2009-10-01 15:46 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{567066F5-4167-42EB-91E3-FC7889D390C7}
2009-09-30 17:38 . 2004-08-04 05:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-30 17:38 . 2004-08-04 05:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-28 18:29 . 2009-09-28 18:29 -------- d-----w- c:\programmi\iPod
2009-09-28 18:28 . 2009-09-28 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 18:11 . 2009-09-28 18:12 -------- d-----w- c:\programmi\Safari
2009-09-28 11:49 . 2009-09-28 11:49 -------- d-----w- c:\programmi\Edibas
2009-09-25 20:37 . 2009-04-24 02:55 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-09-25 20:37 . 2009-09-25 21:03 -------- d-----w- c:\programmi\Nitro PDF
2009-09-24 16:32 . 2009-09-25 20:52 -------- d-----w- c:\programmi\Parsic
2009-09-24 16:32 . 2009-09-25 20:52 -------- d-----w- c:\windows\uninstall
2009-09-24 16:13 . 2009-09-26 10:34 -------- d-----w- C:\VISUAL PARSIC
2009-09-24 14:01 . 2009-09-24 14:02 -------- d-----w- C:\INSTALLA
2009-09-22 09:22 . 2009-09-27 09:26 -------- d-----w- C:\MODELLO F24
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:45 . 2008-11-11 22:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-11 17:09 . 2003-04-08 19:00 84702 ----a-w- c:\windows\system32\perfc010.dat
2009-10-11 17:09 . 2003-04-08 19:00 489980 ----a-w- c:\windows\system32\perfh010.dat
2009-10-11 15:58 . 2008-12-17 23:37 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-10-11 15:45 . 2009-08-17 14:49 -------- d-----w- c:\programmi\Games-Attack
2009-10-11 15:42 . 2008-11-10 08:56 -------- d-----w- c:\programmi\eMule
2009-10-11 15:30 . 2009-03-24 21:38 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\Techno Design IP
2009-10-11 14:57 . 2008-11-10 17:13 -------- d-----w- c:\programmi\CCleaner
2009-10-11 08:07 . 2008-11-12 21:57 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-10-10 23:28 . 2008-11-11 12:44 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-05 22:04 . 2008-11-07 23:21 -------- d-----w- c:\programmi\DipTrace
2009-10-01 16:41 . 2009-01-24 19:58 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-10-01 16:41 . 2009-01-24 19:58 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-10-01 16:41 . 2009-01-24 19:58 2117632 ----a-w- c:\windows\system32\python25.dll
2009-10-01 15:48 . 2009-04-17 19:42 -------- d-----w- c:\programmi\Iminent
2009-10-01 15:47 . 2009-04-17 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Iminent
2009-09-28 18:37 . 2009-04-16 21:13 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\Apple Computer
2009-09-28 18:30 . 2009-06-22 10:32 -------- d-----w- c:\programmi\iTunes
2009-09-28 18:29 . 2009-06-22 10:31 -------- d-----w- c:\programmi\File comuni\Apple
2009-09-28 18:23 . 2008-11-21 21:13 -------- d-----w- c:\programmi\QuickTime
2009-09-25 20:54 . 2009-09-01 20:52 -------- d-----w- c:\programmi\PCB123 V2
2009-09-25 20:48 . 2008-11-07 08:02 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-10 12:54 . 2008-11-11 12:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-11-11 12:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 11:54 . 2008-11-08 17:37 21072 ----a-w- c:\documents and settings\Zancanella\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-09 17:46 . 2009-02-08 14:26 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-08 19:47 . 2008-11-17 00:15 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-09-08 17:11 . 2009-09-08 17:10 -------- d-----w- c:\programmi\PDFCreator
2009-08-30 18:36 . 2009-07-16 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Idle Skip Clock Knob
2009-08-28 11:09 . 2009-01-25 19:33 -------- d-----w- c:\programmi\Metin2_Italiano
2009-08-20 16:01 . 2008-11-12 21:57 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\SUPERAntiSpyware.com
2009-08-17 14:49 . 2009-08-17 14:49 -------- d-----w- c:\documents and settings\Zancanella\Dati applicazioni\Games-Attack
2009-08-17 14:48 . 2009-08-17 14:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Games-Attack
2009-08-05 09:05 . 2003-04-08 19:00 205312 ------w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:36 . 2008-12-25 20:18 230432 ----a-w- C:\SPC230NC.DAT
2009-07-25 22:53 . 2008-11-23 00:53 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 18:56 . 2003-04-08 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-19 22:39 286208 ------w- c:\windows\system32\wmpdxm.dll
2003-06-19 10:05 . 2003-06-19 10:05 431888 --s-a-w- c:\programmi\File comuni\riched20.dll
2005-10-12 14:04 . 2005-10-12 14:04 131072 ----a-w- c:\programmi\internet explorer\plugins\LV80ActiveXControl.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
"{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\programmi\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2009-06-05 104448]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2009-06-05 14:33 104448 ----a-w- c:\programmi\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
2009-08-13 13:39 99840 ----a-w- c:\programmi\Iminent\IMBooster\Iminent.LinkToContent.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NETGEAR WG111T Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NETGEAR WG111T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111T Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^TrayMin230.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\TrayMin230.lnk
backup=c:\windows\pss\TrayMin230.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-06-08 130936]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-11-12 159600]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-11-23 93544]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-08 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2008-12-29 44928]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2008-11-07 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2008-11-07 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-07-17 28280]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-12-29 55936]
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gbxsvc;gbxsvc;g:\gerber\GerbMagic\gbxsvc.exe --> g:\gerber\GerbMagic\gbxsvc.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-11-07 17149]
S3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys --> c:\windows\system32\drivers\FWAuthDriver.sys [?]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-12-25 8576]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-11-12 95384]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\programmi\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\programmi\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2009-06-08 348752]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-12-25 461056]
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
mStart Page =
hxxp://home.sweetim.comuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search
DPF: CabBuilder -
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabFF - ProfilePath - c:\documents and settings\Zancanella\Dati applicazioni\Mozilla\Firefox\Profiles\nbl0qpxd.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.libero.it/FF - prefs.js: keyword.URL -
hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=FF - component: c:\documents and settings\Zancanella\Dati applicazioni\Mozilla\Firefox\Profiles\nbl0qpxd.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\documents and settings\Zancanella\Dati applicazioni\Mozilla\Firefox\Profiles\nbl0qpxd.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll
FF - component: c:\documents and settings\Zancanella\Dati applicazioni\Mozilla\Firefox\Profiles\nbl0qpxd.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkcontent@iminent\components\Iminent.LinkToContentFF.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-bmfsmft - c:\documents and settings\zancanella\impostazioni locali\dati applicazioni\bmfsmft.exe
AddRemove-eMule - c:\programmi\eMule\Uninstall.exe
AddRemove-Games-Attack - c:\programmi\Games-Attack\Uninstall.exe
AddRemove-GerbMagic_is1 - g:\gerber\GerbMagic\unins000.exe
AddRemove-LTspice IV - g:\lt_switcher\scad3.exe
AddRemove-McCAD GView - g:\gerber\INSTAL~1\UNWISE.EXE
AddRemove-Techno Design IP Notify - c:\programmi\Techno Design IP\LiveSearch Notification.exe
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1085031214-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58F3E2B2-69B5-960C-5642-0F4B696A36B8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajgbodobkgofnkbfo"=hex:6a,61,69,68,66,6b,68,65,6c,62,6f,6e,64,69,6e,6d,70,62,
65,6b,00,05
"halfhmihgjenkakc"=hex:6b,61,69,68,65,6b,67,69,6d,6d,62,62,61,61,68,67,6f,6a,
6e,64,6a,64,00,00
"handnbmobfmjeobf"=hex:61,61,00,00
"handnbmoddggfalf"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-1085031214-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD525FAE-E2B4-196E-C6D7-4032C5E298AF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hakibclcchjffpka"=hex:61,61,00,00
"hakibclcihdgnmmh"=hex:61,61,00,00
"iagkaihejienclcmbk"=hex:6a,61,65,6e,66,63,68,63,6d,6a,63,64,67,65,65,65,65,64,
70,6a,00,53
"haajoonlbbpgikmp"=hex:6a,61,66,6e,67,62,64,68,67,61,6e,6f,6a,6e,61,6a,6e,68,
69,6b,00,07
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{58F3E2B2-69B5-960C-5642-0F4B696A36B8}\InProcServer32*]
"jahgkplegnilfeedbkoj"=hex:6a,61,69,68,66,6b,68,65,6c,62,6f,6e,64,69,6e,6d,70,
62,65,6b,00,05
"iahgeanjfpchaigdnf"=hex:6a,61,69,68,6d,6b,6d,63,69,68,6e,70,6a,6c,68,6e,63,70,
6e,64,00,15
"iahggbdkmidhgmpmmj"=hex:61,61,00,00
"iahggbdkmibcaconcg"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD525FAE-E2B4-196E-C6D7-4032C5E298AF}\InProcServer32*]
"iamjjmnhbhccmmeage"=hex:61,61,00,00
"iamjjmnhbhmckmmped"=hex:61,61,00,00
"jamjfjpkfmbhgiejkimc"=hex:6a,61,65,6e,66,63,68,63,6d,6a,63,64,67,65,65,65,65,
64,70,6a,00,53
"iamjhjbjfddmdamfmd"=hex:6b,61,6b,6d,6d,61,6c,68,70,61,64,70,6b,70,6c,6e,67,64,
62,6d,6e,6d,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="61348F5CA0437D5FDDC0430B92428426BCA35422294F4793E9E1483A082EDEB929CF4C4EBD3BA89E6A874EE6BF66D431766F6952BE48B1CDE2CD21F3C1B8D54AE07172981E839021CDE9AA67B0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407A2D97226D213B555A4385A05A68F1AE2DC9CA10CC82198F31959BC5383B8ABA2713C8AE8B11DEDD427A08BFD20558AC156688AFB41822F3533B9CB6B758EFE9B5795502F61A5256924BF290C54856A402C6F577FBD19DEFD3655C46C36629700C8EE3D8F123E794BC8AD874A0CE40FFA2CE6093879D4F701B09EF01D11F2DFB433968316C00E0CB60735E32B952A7420E7B8019C3399ED80F6BD7D96D56FE2324D91B6A2EDB623F813585B7143003A72358108F5ACC058D5200B7849D7FDD2070E9552671EC6287467CB7038E80521C92F93C761AD94736D0616D8F66F3683D3318FB3EE59C6AA203FF789EA614C92913475515180D69F4648A1F43678A66F4EB79D1B122E2FD9859D77F04A895E17C865DD178CF139E0F6CBA30B735150313FE594AD822BEE8D42C59DD5EB44335F02A9BC71AAD766DDA5B4C6BAEBDEA60C83C2FBF5C2E6E7BF89436E49B875BD3EE6ABB29B9B8679E30F71E808B20814E38D1B0F602C77EF0DA1E121C16B88DDA830D7163420D9806184AD9EDAAEB875C0E280BBBFE87CD0B8E432A29B96EA6CBB2E616FBECDAF826C69DFAD819BDF1C519A4528C7FA944928C00B14131F0D33B5443E7C238F6B763AB53D8EAA06724C65E3012B93B3640B643983C9CB3DE5F279E829AEAC217247A8F54072EB53E6BE728012CE9EBA95BB9C627ACBCA7EEDDC8D299F2C8A16315637CB2B3ABC38B921904396D34C8ED476226810D67CC2A3981D2264CD505394F689E87D7CFA40EA15FC97F3ADE0FB52C66B882A5C2EBE8841F6887CA2759390F167188005E44AFCAE1AF95284052AC2B21195F17E91FA22E50EA3B369D4E31C823DB4BF519F88F8F7E97C1D32488D5E2C52F4D399BED57A0A7A4D9799AFA530D81AAD8915358368EB174285471A73E22090218136AEFE9E24F477F85DA610CB98B20970348F145D7D6F087E0851FA90EA51A96F97C0FA9F9EDDA2EE90C32BF35BDEDECBCB80E96912E197C0E926192BDE3FAF583136A29459376755C5EFD5AC2B995BB72A3D87A5008354491B3694FB43A7E9372CB62317282871C6417C40010A053E9350DCC2AC970F33D6788309CFD07D23CE63CB7EC3CFFCFE297D9B7380E962DB80F5DA492098603D6D97F2677736D4B7A36A6406BC8D23E42028E5C5BC341A9CE7051A96A036770F56BE4FF2C694E99BFE8253E5A80FAC0896A356674D453AFDF21D5DFE581C7ADA1EE9C342978218D4EE264D"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\Crypserv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\programmi\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-11 20:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-11 18:49
ComboFix2.txt 2008-11-11 11:52
Pre-Run: 12,881,637,376 byte disponibili
Post-Run: 12,708,564,992 byte disponibili
344 --- E O F --- 2009-09-09 15:13
Grazie...
Saluti cordiali