ComboFix 12-01-09.07 - emarco 18/01/2012 0:21.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3894.2171 [GMT 1:00]
Eseguito da: c:\users\emarco\Desktop\nr5e4rfv4.exe
AV: Sophos Anti-Virus *Disabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
.
((((((((((((((((((((((((( Files Creati Da 2011-12-17 al 2012-01-17 )))))))))))))))))))))))))))))))))))
.
.
2012-01-17 23:22 . 2012-01-17 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 23:13 . 2012-01-17 23:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FAAD307-D7F1-4F54-A8DE-033B30DA7821}\offreg.dll
2012-01-17 23:13 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FAAD307-D7F1-4F54-A8DE-033B30DA7821}\mpengine.dll
2012-01-12 20:58 . 2012-01-17 22:49 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-12 20:57 . 2012-01-12 20:57 -------- d-----w- c:\program files\HitmanPro
2012-01-12 20:56 . 2012-01-12 20:58 -------- d-----w- c:\programdata\HitmanPro
2012-01-12 20:43 . 2012-01-17 22:34 -------- d-----w- C:\FyK
2012-01-11 16:51 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 16:51 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:51 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 16:51 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 16:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 16:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 16:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 12:20 . 2012-01-10 12:20 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2012-01-10 12:19 . 2012-01-10 12:19 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-01-06 10:47 . 2012-01-06 10:47 -------- d-----w- c:\users\emarco\AppData\Roaming\SUPERAntiSpyware.com
2012-01-06 10:47 . 2012-01-06 10:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-05 10:01 . 2012-01-05 10:01 -------- d-----w- c:\users\emarco\AppData\Roaming\DVDVideoSoft
2012-01-05 10:00 . 2012-01-05 10:01 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-01-05 10:00 . 2012-01-05 10:00 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-01-05 09:37 . 2012-01-05 09:37 -------- d-----w- c:\programdata\eMule
2012-01-05 09:37 . 2012-01-05 09:37 -------- d-----w- c:\users\emarco\AppData\Local\eMule
2012-01-05 09:37 . 2012-01-05 09:37 -------- d-----w- c:\program files (x86)\eMule
2012-01-04 18:22 . 2012-01-04 18:22 1409 ----a-w- c:\windows\QTFont.for
2012-01-04 18:22 . 2012-01-04 18:22 -------- d-----w- c:\users\emarco\AppData\Roaming\Panasonic
2012-01-04 18:16 . 2012-01-12 21:17 -------- d-----w- c:\users\Administrator
2012-01-04 18:16 . 2012-01-04 18:16 -------- d-----w- c:\program files (x86)\MP4Tool
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2012-01-04 16:20 . 2012-01-04 16:20 143360 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2012-01-04 16:19 . 2012-01-04 16:20 -------- d-----w- c:\program files (x86)\QuickTime
2012-01-04 16:19 . 2012-01-04 16:19 -------- d-----w- c:\programdata\Apple Computer
2012-01-04 16:19 . 2012-01-04 16:19 -------- d-----w- c:\users\emarco\AppData\Local\Apple
2012-01-04 16:19 . 2012-01-04 16:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-04 16:19 . 2012-01-04 16:19 -------- d-----w- c:\programdata\Apple
2012-01-04 16:18 . 2012-01-04 16:18 -------- d-----w- c:\users\emarco\AppData\Local\ArcSoft
2012-01-04 16:17 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-01-04 16:17 . 2005-04-27 15:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-01-04 16:17 . 2012-01-04 16:17 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-01-04 16:16 . 2012-01-04 16:17 -------- d-----w- c:\windows\SysWow64\MediaImpression Slideshow
2012-01-04 16:16 . 2012-01-04 16:16 -------- d-----w- c:\program files (x86)\ArcSoft
2012-01-04 16:14 . 2007-06-21 23:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-01-04 16:14 . 2006-10-30 23:10 71840 ----a-w- c:\windows\SysWow64\EPPicMgr.dll
2012-01-04 16:14 . 2006-10-30 23:10 120992 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-01-04 16:14 . 2006-10-19 23:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-01-04 16:14 . 2006-10-19 23:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-01-04 16:13 . 2008-09-25 20:07 45056 ----a-w- c:\windows\SysWow64\PhDi2.sys
2012-01-04 16:00 . 2012-01-04 16:00 -------- d-----w- c:\users\emarco\AppData\Roaming\InstallShield
2012-01-04 15:57 . 2012-01-04 16:13 -------- d-----w- c:\program files (x86)\Panasonic
2012-01-03 20:27 . 2010-11-16 20:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-01-03 20:27 . 2012-01-03 20:29 -------- d-----w- c:\programdata\HP
2012-01-03 20:27 . 2012-01-03 20:27 -------- d-----w- c:\program files (x86)\HP
2012-01-03 20:26 . 2012-01-03 20:26 -------- d-----w- c:\program files\HP
2012-01-03 20:11 . 2012-01-03 20:32 -------- d-----w- c:\users\emarco\AppData\Local\HP
2012-01-03 13:35 . 2012-01-03 13:35 -------- d-----w- c:\users\emarco\AppData\Local\S2PC
2012-01-03 13:35 . 2008-06-26 02:44 587264 ----a-w- c:\windows\system32\ssmgr64.cpl
2012-01-03 13:35 . 2012-01-03 13:35 -------- d-----w- c:\windows\Samsung
2012-01-03 13:30 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-03 13:30 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-01-03 13:30 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-03 13:30 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-03 13:30 . 2007-10-23 02:53 110592 ----a-r- c:\windows\Wiainst.exe
2012-01-03 13:28 . 2009-02-03 10:08 14848 ----a-w- c:\windows\system32\SaSegFlt.dll
2012-01-03 13:28 . 2009-02-03 10:08 160768 ----a-w- c:\windows\system32\SaMinDrv.dll
2012-01-03 13:28 . 2009-02-03 10:08 36864 ----a-w- c:\windows\system32\SaImgFlt.dll
2012-01-03 13:28 . 2009-02-03 10:08 13312 ----a-w- c:\windows\system32\SaErHdlr.dll
2012-01-03 13:27 . 2012-01-03 13:27 -------- d-----w- c:\program files (x86)\Samsung
2012-01-03 12:37 . 2012-01-03 12:37 -------- d-----w- c:\program files (x86)\FreeTime
2012-01-03 12:14 . 2012-01-03 13:38 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-01-03 07:36 . 2012-01-03 07:36 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2012-01-03 07:36 . 2012-01-03 07:36 -------- d-----w- c:\program files (x86)\Cisco Systems
2011-12-19 21:05 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-19 21:05 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 21:05 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-19 21:05 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-19 21:05 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-19 21:05 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-01-19 11:56 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 22:03 . 2011-06-09 18:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2010-11-02 09:02 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-01 09:07 . 2011-01-20 18:14 57856 ----a-w- c:\windows\system32\nmwcdclsx64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_21.13.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-13 13:46 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-04-18 09:38 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-04-18 09:38 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-01-13 13:46 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
+ 2010-11-02 08:12 . 2012-01-17 22:27 57708 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 22:27 30226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-02 08:07 . 2012-01-17 22:27 11680 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3815140021-4139662573-755630772-1000_UserData.bin
- 2011-04-18 09:38 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
+ 2012-01-13 13:46 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
- 2011-04-18 09:38 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
+ 2012-01-13 13:46 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
+ 2012-01-13 13:46 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-01-13 13:46 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
- 2010-10-29 14:37 . 2012-01-12 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 14:37 . 2012-01-17 22:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 14:37 . 2012-01-17 22:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 14:37 . 2012-01-12 19:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 22:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-12 21:13 . 2012-01-12 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 22:24 . 2012-01-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 22:24 . 2012-01-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-12 21:13 . 2012-01-12 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-18 09:39 . 2010-11-20 12:21 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-13 13:46 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-13 13:46 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll
- 2011-04-18 09:39 . 2010-11-20 13:27 395776 c:\windows\system32\webio.dll
+ 2012-01-13 13:46 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
+ 2010-11-02 06:37 . 2012-01-15 20:43 203650 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-02 14:00 . 2012-01-15 20:39 263386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-13 13:46 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
- 2011-04-18 09:39 . 2010-11-20 13:27 136192 c:\windows\system32\sspicli.dll
- 2011-04-18 09:39 . 2010-11-20 13:27 340992 c:\windows\system32\schannel.dll
+ 2012-01-13 13:46 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
- 2009-07-14 11:12 . 2012-01-12 20:56 701426 c:\windows\system32\perfh010.dat
+ 2009-07-14 11:12 . 2012-01-17 22:30 701426 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-01-12 20:56 618912 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 22:30 618912 c:\windows\system32\perfh009.dat
+ 2009-07-14 11:12 . 2012-01-17 22:30 128740 c:\windows\system32\perfc010.dat
- 2009-07-14 11:12 . 2012-01-12 20:56 128740 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-01-17 22:30 107232 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-12 20:56 107232 c:\windows\system32\perfc009.dat
+ 2012-01-13 13:46 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-13 13:46 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 04:46 . 2012-01-17 22:33 150888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-01-12 21:12 461844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 22:23 461844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-13 13:46 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
- 2011-04-18 09:39 . 2010-11-20 13:26 1447936 c:\windows\system32\lsasrv.dll
- 2009-07-14 04:45 . 2012-01-11 18:31 7389805 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-13 21:48 7389805 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 02:34 . 2012-01-13 13:47 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-12-19 21:19 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-13 11:40 . 2012-01-17 22:23 21223244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3815140021-4139662573-755630772-1000-12288.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-31 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"PNMService"="c:\program files (x86)\Intel\IntelPNM\PNMService.exe" [2010-01-20 400896]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-09-16 112152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"DellBtrEvent"="c:\program files (x86)\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-13 160768]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"LaCie Hard Drive Configuration"="c:\program files (x86)\LaCie\SAFE Hard Drive\SAFE Hard Drive Configuration.exe" [2007-01-18 3624960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2009-01-30 503808]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-03-28 413696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-05 1436424]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S1 DVMIO;DVMIO;c:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-05-04 20624]
S1 SASDIFSV;SASDIFSV;c:\users\emarco\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\emarco\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-23 1039776]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-23 31136]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\program files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S2 LaCie Safe Hard Drive Enabler;LaCie Safe Hard Drive Enabler;c:\program files (x86)\LaCie\SAFE Hard Drive\SafeService.exe [2006-11-30 61440]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 mitsijm2011;Gestore dei processi di Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-04-26 330488]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-16 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-16 292128]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 37420237
*NewlyCreated* - 63230237
*Deregistered* - 37420237
*Deregistered* - 63230237
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 18:02]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 18:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 12:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 12:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
hxxp://www.lnf.infn.it/public/mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\emarco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-01-18 00:26:00
ComboFix-quarantined-files.txt 2012-01-17 23:26
ComboFix2.txt 2012-01-12 21:17
.
Pre-Run: 27.931.602.944 byte disponibili
Post-Run: 28.069.797.888 byte disponibili
.
- - End Of File - - DA9DD093FD5988E314D6D3C721B58B46
da pmarco66 » mar gen 10, 2012 1:26 pm 
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[MLI]](http://www.megalab.it/forum/images/smilies/mli.gif "MegaLab.it")
Power User.
![[B)]](http://www.megalab.it/forum/images/smilies/bash.gif "Martellate")
![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")
Esegui 