ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\FunWebProducts
c:\programmi\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\programmi\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\programmi\MyWebSearch
c:\programmi\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\programmi\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\programmi\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\programmi\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\programmi\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\programmi\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\programmi\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\programmi\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\programmi\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\programmi\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\programmi\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\programmi\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\programmi\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\programmi\MyWebSearch\bar\Avatar\COMMON.F3S
c:\programmi\MyWebSearch\bar\Cache\02C605BF
c:\programmi\MyWebSearch\bar\Cache\02C6303A
c:\programmi\MyWebSearch\bar\Cache\02C63DD6.bin
c:\programmi\MyWebSearch\bar\Cache\02C64B92.bin
c:\programmi\MyWebSearch\bar\Cache\02C655D3.bin
c:\programmi\MyWebSearch\bar\Cache\02C65FE5.bin
c:\programmi\MyWebSearch\bar\Cache\02C669C8.bin
c:\programmi\MyWebSearch\bar\Cache\02C8FF19
c:\programmi\MyWebSearch\bar\Cache\files.ini
c:\programmi\MyWebSearch\bar\firefox\CHROME.MANIFEST
c:\programmi\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR
c:\programmi\MyWebSearch\bar\firefox\INSTALL.RDF
c:\programmi\MyWebSearch\bar\firefox\NPMYWEBS.DLL
c:\programmi\MyWebSearch\bar\Game\CHECKERS.F3S
c:\programmi\MyWebSearch\bar\Game\CHESS.F3S
c:\programmi\MyWebSearch\bar\Game\REVERSI.F3S
c:\programmi\MyWebSearch\bar\History\search3
c:\programmi\MyWebSearch\bar\icons\CM.ICO
c:\programmi\MyWebSearch\bar\icons\MFC.ICO
c:\programmi\MyWebSearch\bar\icons\PSS.ICO
c:\programmi\MyWebSearch\bar\icons\SMILEY.ICO
c:\programmi\MyWebSearch\bar\icons\Thumbs.db
c:\programmi\MyWebSearch\bar\icons\WB.ICO
c:\programmi\MyWebSearch\bar\icons\ZWINKY.ICO
c:\programmi\MyWebSearch\bar\Message\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\DOG.F3S
c:\programmi\MyWebSearch\bar\Notifier\FISH.F3S
c:\programmi\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\programmi\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAID.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\programmi\MyWebSearch\bar\Notifier\OPERA.F3S
c:\programmi\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SURFER.F3S
c:\programmi\MyWebSearch\bar\Settings\prevcfg2.htm
c:\programmi\MyWebSearch\bar\Settings\s_pid.dat
c:\programmi\MyWebSearch\bar\Settings\setting2.htm
c:\programmi\MyWebSearch\bar\Settings\setting2.htm.bak
c:\programmi\MyWebSearch\bar\Settings\settings.dat
c:\programmi\MyWebSearch\bar\Settings\settings.dat.bak
c:\windows\system32\4105062287.dat
c:\windows\system32\ehxdfdvd.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fiighquq.ini
c:\windows\system32\mkjikkbt.ini
c:\windows\system32\nflfuppl.ini
c:\windows\system32\oaahvqvl.ini
c:\windows\system32\opkxfckv.ini
c:\windows\system32\TuBabJjl.ini
c:\windows\system32\TuBabJjl.ini2
c:\windows\system32\ydpbufbd.ini
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Legacy_SCHEDULEHICQJ
-------\Service_MyWebSearchService
-------\Service_Schedulehicqj
((((((((((((((((((((((((( Files Creati Da 2009-12-28 al 2010-01-28 )))))))))))))))))))))))))))))))))))
.
2010-10-18 15:21 . 2008-10-21 16:10 -------- d-----w- c:\programmi\Radical Games
2010-01-27 09:32 . 2010-01-20 10:20 1260800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-01-27 09:32 . 2010-01-20 10:20 3777280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-01-26 14:06 . 2010-01-26 14:06 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcp71.dll
2010-01-26 14:06 . 2010-01-26 14:06 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\jmc.dll
2010-01-26 14:06 . 2010-01-26 14:06 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-669a8eb3-n\msvcr71.dll
2010-01-26 14:05 . 2010-01-26 14:05 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-sse.dll
2010-01-26 14:05 . 2010-01-26 14:05 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21211365-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 61440 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-sse.dll
2010-01-21 14:18 . 2010-01-21 14:18 503808 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcp71.dll
2010-01-21 14:18 . 2010-01-21 14:18 499712 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\jmc.dll
2010-01-21 14:18 . 2010-01-21 14:18 348160 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\msvcr71.dll
2010-01-21 14:18 . 2010-01-21 14:18 12800 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-2f7dba8c-n\decora-d3d.dll
2010-01-21 14:18 . 2010-01-21 14:18 315392 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_awt.dll
2010-01-21 14:18 . 2010-01-21 14:18 114688 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-79d072e5-n\jogl_cg.dll
2010-01-21 14:18 . 2010-01-21 14:18 20480 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-6e0d5a6b-n\gluegen-rt.dll
2010-01-20 22:27 . 2010-01-20 22:34 -------- d-----w- C:\GTL
2010-01-12 13:52 . 2010-01-12 13:52 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 13:50 . 2010-01-12 13:50 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2010-01-12 13:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 13:49 . 2010-01-12 13:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-12 13:49 . 2010-01-12 13:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-12 13:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 08:04 . 2010-01-07 08:04 -------- d-----w- c:\programmi\FotoSketcher
2010-01-07 07:22 . 2010-01-07 07:22 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVG8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 12:32 . 2008-09-14 21:59 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2
2010-01-26 16:24 . 2009-12-23 14:13 -------- d-----w- c:\programmi\rFactor
2010-01-22 08:37 . 2001-08-31 11:00 83084 ----a-w- c:\windows\system32\perfc010.dat
2010-01-22 08:37 . 2001-08-31 11:00 488230 ----a-w- c:\windows\system32\perfh010.dat
2010-01-21 14:18 . 2005-01-01 18:23 -------- d-----w- c:\programmi\File comuni\Java
2010-01-21 14:17 . 2005-01-01 18:23 -------- d-----w- c:\programmi\Java
2010-01-12 16:45 . 2008-10-21 18:00 -------- d-----w- c:\programmi\CCleaner
2009-12-31 08:04 . 2009-12-01 23:18 3966744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-12-28 11:18 . 2009-12-28 11:18 -------- d-----w- c:\programmi\Mio Technology
2009-12-28 11:17 . 2005-01-01 18:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-23 11:52 . 2009-12-23 11:41 -------- d-----w- c:\programmi\Relay Anticheat Client
2009-12-22 08:55 . 2009-12-01 19:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 08:55 . 2009-12-01 19:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 08:55 . 2009-12-01 19:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-22 08:55 . 2009-12-01 19:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 08:55 . 2009-12-01 19:30 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-21 14:23 . 2009-12-21 14:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-12-21 11:32 . 2008-10-13 17:02 -------- d-----w- c:\programmi\Nokia
2009-12-21 11:28 . 2008-10-13 17:02 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-21 11:26 . 2009-12-21 11:26 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-12-21 11:24 . 2009-12-21 11:24 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-21 11:24 . 2009-12-21 11:24 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-21 11:23 . 2009-11-27 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canneverbe_Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2009-12-20 13:11 . 2009-12-20 13:11 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-18 07:11 . 2009-12-21 11:23 61789728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-18 07:11 . 2009-12-18 07:00 61789728 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 16:14 . 2009-01-26 22:07 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-12-16 17:43 . 2009-12-16 17:14 -------- d-----w- c:\programmi\World Racing 2
2009-12-16 17:17 . 2008-09-16 09:19 -------- d-----w- c:\programmi\Codemasters
2009-12-15 22:45 . 2009-11-27 12:25 2432 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-15 12:05 . 2009-12-05 12:19 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-09 18:15 . 2009-12-09 18:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-09 18:08 . 2008-10-13 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-09 18:05 . 2009-12-09 18:05 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\Sleep.exe
2009-12-09 18:05 . 2009-12-09 18:05 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\msxml6Exec.exe
2009-12-09 18:05 . 2009-12-09 18:05 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\Installer\CommonCustomActions\vcredistExec.exe
2009-12-09 18:05 . 2009-12-09 18:06 24445536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{12D6E140-AEDB-4F78-9D4A-643786772120}\NokiaSoftwareUpdaterSetup_2.4.1IT.exe
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-05 13:58 . 2009-12-05 13:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-05 13:57 . 2008-10-13 17:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-12-05 12:18 . 2009-12-05 12:18 -------- d-----w- c:\programmi\AoA Audio Extractor
2009-12-02 18:48 . 2009-12-02 18:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\BRS
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2009-12-02 18:39 . 2009-12-02 18:39 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-02 18:39 . 2009-12-02 18:39 -------- d-----w- c:\programmi\OpenAL
2009-12-02 18:39 . 2009-12-02 18:39 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-01 19:30 . 2009-12-01 19:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-01 19:30 . 2009-12-01 19:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-01 19:30 . 2009-12-01 19:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-01 19:28 . 2009-06-18 08:42 -------- d-----w- c:\programmi\AVG
2009-12-01 18:44 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-12-01 18:41 . 2005-01-01 18:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-01 18:41 . 2009-12-01 18:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-11-27 12:46 . 2005-01-01 14:29 28944 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-27 12:07 . 2009-11-27 12:07 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-11-27 12:07 . 2009-11-27 12:07 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-11-27 12:07 . 2009-11-27 12:07 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-11-27 12:07 . 2009-11-27 12:07 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-11-27 12:07 . 2009-11-27 12:07 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-11-27 12:07 . 2009-11-27 12:07 94628904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-11-26 15:20 . 2009-11-26 15:20 152576 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-26 15:20 . 2009-11-26 15:20 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 17:11 . 2009-12-02 18:40 1347584 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-11-01 12:11 . 2009-12-02 18:40 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
.
------- Sigcheck -------
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-23 68856]
"LogitechSoftwareUpdate"="c:\programmi\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"NokiaOviSuite2"="c:\programmi\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"lxbymon.exe"="c:\programmi\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"EzPrint"="c:\programmi\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"WMAAD"="c:\programmi\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - c:\programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 08:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\rFactor\\rFactor.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1579:TCP"= 1579:TCP:jzqjx
"53:TCP"= 53:TCP:websrvx
"4662:TCP"= 4662:TCP:emule_TCP
"4672:TCP"= 4672:TCP:emule_UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [01/01/2005 19.40.40 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [01/01/2005 19.40.40 5248]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [01/12/2009 20.30.19 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [01/12/2009 20.30.50 161800]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2008 21.08.46 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/12/2009 20.30.44 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/12/2009 20.30.50 360584]
R2 avg9wd;AVG WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [22/12/2009 9.55.25 285392]
R2 avgfws9;AVG Firewall;c:\programmi\AVG\AVG9\avgfws9.exe [22/12/2009 9.55.19 2304192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/05/2009 16.13.01 54752]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [01/12/2009 20.30.19 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [01/12/2009 20.30.19 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [01/12/2009 20.30.19 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programmi\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [22/12/2009 9.55.20 5832712]
S2 gufkk;Universal Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 hicqj;Server Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 mrkbgka;System Server;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 ytrxvmh;Support Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [01/12/2009 20.30.12 30104]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 ICScsiSV;Image Converter SCSI Service;c:\programmi\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [26/01/2009 23.07.51 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\programmi\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [26/01/2009 23.07.50 67760]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/01/2010 14.50.01 38224]
S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [01/01/2005 19.36.28 500736]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mrkbgka
hicqj
ytrxvmh
gufkk
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://home.mywebsearch.com/index.jhtml ... n=77ce5c28uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemDefault_Search_URL =
hxxp://www.google.com/ieuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchAssistant =
hxxp://www.google.com/ieIE: &Search -
http://edits.mywebsearch.com/toolbaredi ... xdm200YYITIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Trasferisci mediante Image Converter 3 - c:\programmi\SONY\IMAGE CONVERTER 3\menu.htm
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\e600a54r.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage -
www.google.itFF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{FABDB739-D383-47F3-AACF-B8B3EA1158F0} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-NavLogon - (no file)
Notify-nnnmmnlL - nnnmmnlL.dll
AddRemove-Historic GT & Touring cars mod for rFactor - c:\programmi\rFactor\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-28 13:32
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll >>UNKNOWN [0x867D61F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664fc3
\Driver\ACPI -> ACPI.sys @ 0xf73a7cb8
\Driver\atapi -> 0x8665dde0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Driver NT scheda Fast Ethernet VIA PCI 10/100Mb -> SendCompleteHandler -> NDIS.sys @ 0xf7216ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7223b21
SendHandler -> NDIS.sys @ 0xf720187b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gufkk]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hicqj]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mrkbgka]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytrxvmh]
"ServiceDll"="c:\windows\system32\zjbtpjxu.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\rundll32.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.exe
c:\programmi\OpenOffice.org 2.4\program\soffice.BIN
c:\programmi\Logitech\Video\FxSvr2.exe
c:\windows\ATKKBService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\lxbycoms.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Nokia\NoA\nokiaaserver.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-28 13:36:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-28 12:36
Pre-Run: 3.558.604.800 byte disponibili
Post-Run: 3.527.397.376 byte disponibili
- - End Of File - - C2F87EB70F6ACB7A3E89016D5826BB49