ComboFix 09-05-02.4 - Utente 04/05/2009 14.10.47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1378 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\bruciatutto.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\wgpybktd_navps.dat
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-04-04 al 2009-05-04 )))))))))))))))))))))))))))))))))))
.
2009-05-03 21:23 . 2009-05-03 21:23 159578 ----a-w c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-05-03 21:22 . 2009-05-03 21:22 -------- d-----w c:\programmi\ESET
2009-05-03 21:22 . 2009-05-03 21:22 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ESET
2009-05-03 21:16 . 2009-05-03 21:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Rising
2009-05-03 14:34 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\38714801.sys
2009-05-03 14:08 . 2009-05-03 14:29 -------- d-----w C:\FindyKill
2009-05-03 13:22 . 2009-05-03 13:18 146032 ----a-w c:\windows\system32\RavExt.dll
2009-05-03 13:21 . 2009-05-03 13:18 10832 ----a-w c:\windows\system32\drivers\RsNTGdi.sys
2009-05-03 13:21 . 2009-05-03 13:18 238704 ----a-w c:\windows\system32\bsmain.exe
2009-05-03 13:20 . 2009-05-03 21:15 -------- d-----w c:\programmi\Rising
2009-05-03 11:56 . 2009-05-03 11:56 -------- d-----w C:\ciao
2009-05-03 10:57 . 2009-05-04 12:15 289155104 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-03 09:12 . 2009-05-03 09:12 -------- d-----w c:\programmi\Trend Micro
2009-05-03 08:53 . 2009-05-03 08:53 -------- d-----w c:\windows\BDOSCAN8
2009-05-03 00:52 . 2009-05-03 00:52 -------- d---a-w c:\windows\system32\runouce.exe
2009-05-02 23:37 . 2009-05-02 23:37 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-05-02 23:37 . 2009-05-02 23:38 -------- d-----w c:\programmi\Fighters
2009-05-02 22:29 . 2009-05-02 22:29 28672 ----a-w c:\windows\system32\eEmpty.exe
2009-05-02 22:29 . 2008-04-13 19:14 139264 ----a-w c:\windows\system32\T.COM
2009-05-02 22:29 . 2008-04-13 19:14 151552 ----a-w c:\windows\R.COM
2009-05-02 22:29 . 2009-05-02 22:29 -------- d-----w c:\programmi\File comuni\MicroWorld
2009-05-02 22:29 . 2009-05-02 22:29 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\MicroWorld
2009-05-02 21:59 . 2009-05-02 21:59 -------- d-----w C:\VIRUSfighter
2009-05-02 12:15 . 2009-05-02 12:15 -------- d-----w c:\programmi\Panda Security
2009-05-01 18:39 . 2009-05-01 18:48 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2009-05-01 08:18 . 2002-10-21 13:02 30208 ----a-w c:\windows\system32\lfbmp13n.dll
2009-05-01 08:18 . 2002-10-22 11:53 393216 ----a-w c:\windows\system32\LFCMP13n.DLL
2009-05-01 08:18 . 2002-10-21 13:03 35328 ----a-w c:\windows\system32\lfgif13n.dll
2009-05-01 08:18 . 2002-10-21 13:39 181248 ----a-w c:\windows\system32\Lfpng13n.dll
2009-05-01 08:18 . 2002-10-21 12:53 265728 ----a-w c:\windows\system32\LTDIS13n.dll
2009-05-01 08:18 . 2002-10-21 13:01 205824 ----a-w c:\windows\system32\ltefx13n.dll
2009-05-01 08:18 . 2002-10-21 13:00 139776 ----a-w c:\windows\system32\ltfil13n.DLL
2009-05-01 08:18 . 2002-10-21 13:01 446464 ----a-w c:\windows\system32\ltimg13n.dll
2009-05-01 08:18 . 2002-10-24 15:08 443392 ----a-w c:\windows\system32\ltkrn13n.dll
2009-05-01 08:18 . 2002-10-21 13:31 1013760 ----a-w c:\windows\system32\Ltwvc13n.dll
2009-05-01 08:18 . 2005-02-21 09:34 2011136 ----a-w c:\windows\system32\XTP9510Lib.dll
2009-05-01 08:11 . 2007-09-14 07:06 139264 ------w c:\windows\system32\uniflexsup.dll
2009-05-01 08:10 . 2009-05-02 22:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
2009-04-19 07:55 . 2009-04-19 07:55 -------- d-----w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\EA Games
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\programmi\iPod
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 16:47 . 2009-04-15 16:47 -------- d-----w c:\programmi\iTunes
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\windows\system32\KB905474
2009-04-08 21:32 . 2009-03-10 20:26 1437568 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-08 21:32 . 2009-03-10 20:18 454016 ----a-w c:\windows\system32\KB905474\wgasetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 12:05 . 2001-08-31 14:00 85528 ----a-w c:\windows\system32\perfc010.dat
2009-05-04 12:05 . 2001-08-31 14:00 492826 ----a-w c:\windows\system32\perfh010.dat
2009-05-04 12:04 . 2008-05-27 18:33 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 12:02 . 2009-04-08 21:32 260 ----a-w c:\windows\Tasks\WGASetup.job
2009-05-04 12:00 . 2009-02-13 23:32 264 ----a-w c:\windows\Tasks\OGALogon.job
2009-05-04 12:00 . 2008-09-14 20:40 512 ----a-w c:\windows\Tasks\Verifica e correzione automatica.job
2009-05-03 22:00 . 2009-05-03 10:57 3358160 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-03 14:21 . 2008-09-20 06:22 -------- d-----w c:\programmi\DAEMON Tools Lite
2009-05-02 22:32 . 2009-02-13 23:32 264 ----a-w c:\windows\Tasks\OGADaily.job
2009-05-02 21:59 . 2008-05-27 18:51 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-30 21:40 . 2008-09-25 18:02 -------- d-----w c:\programmi\UpsPilot
2009-04-29 14:26 . 2008-09-14 07:08 276 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-28 10:23 . 2008-09-13 05:33 -------- d-----w c:\programmi\LimeWire
2009-04-24 17:48 . 2008-09-14 19:51 370 ----a-w c:\windows\Tasks\1-Click Maintenance.job
2009-04-23 20:46 . 2009-01-15 19:27 -------- d-----w c:\programmi\Messenger Plus! Live
2009-04-15 16:47 . 2008-09-14 07:07 -------- d-----w c:\programmi\File comuni\Apple
2009-04-07 05:15 . 2008-05-28 10:05 106288 ----a-w c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-01 12:28 . 2008-05-27 18:53 -------- d-----w c:\programmi\Java
2009-03-25 17:53 . 2008-05-27 18:50 -------- d-----w c:\programmi\Bonjour
2009-03-25 17:52 . 2008-05-27 18:34 -------- d-----w c:\programmi\QuickTime Alternative
2009-03-24 06:34 . 2008-05-28 21:34 -------- d-----w c:\programmi\MessengerDiscovery
2009-03-23 09:52 . 2008-12-18 22:43 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2009-03-23 09:51 . 2008-12-18 22:42 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-03-20 22:25 . 2009-03-20 22:25 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-03-19 14:32 . 2008-09-14 07:10 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 18:14 . 2009-03-16 18:14 -------- d-----w c:\programmi\Unity
2009-03-14 15:23 . 2008-10-12 12:52 -------- d-----w c:\programmi\Spyware Terminator
2009-03-14 09:22 . 2008-10-13 22:00 -------- d-----w c:\programmi\WinClamAVShield
2009-03-10 15:16 . 2008-05-29 11:00 -------- d-----w c:\programmi\eMule
2009-03-09 18:16 . 2009-03-09 18:16 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-09 03:19 . 2008-11-02 00:11 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2008-04-13 19:13 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2008-04-13 19:13 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 10:13 . 2008-12-18 23:00 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2009-02-20 17:08 . 2008-04-13 19:13 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2008-04-13 18:50 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2008-04-13 18:55 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-13 18:54 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2008-04-13 19:14 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-13 19:13 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-13 19:13 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-13 19:13 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-13 19:13 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-08-31 14:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2008-04-13 19:13 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-27 18:57 . 2008-05-27 18:57 24 --sh--w c:\windows\S3AA97D86.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 14:26 1966080 ----a-w c:\programmi\vmntoolbar\vmntoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\programmi\vmntoolbar\vmntoolbar.dll" [2007-09-24 1966080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TuneUp MemOptimizer"="c:\programmi\PULITORI\Tune up 2008\MemOptimizer.exe" [2008-06-20 154368]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"CnxDslTaskBar"="c:\programmi\I-Storm USB ADSL Modem\CnxDslTb.exe" [2003-05-14 454656]
"Launch LCDMon"="c:\programmi\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\programmi\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Winpower"="c:\programmi\UpsPilot\Winpower.exe" [2009-01-31 114688]
"TrayServer"="e:\magix video deluxe 2008 plus italiano\TrayServer.exe" [2007-07-27 90112]
"TI WLAN"="c:\programmi\Wireless LAN Utility\TIWLANCu.exe" [2005-07-20 1159168]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"QuickTime Task"="c:\programmi\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
is-A76N0.lnk - c:\documents and settings\Utente\Desktop\Virus Removal Tool\is-A76N0\startup.exe [2009-5-3 65536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\PULITORI\SuperAntispyware\SASSEH.DLL" [2008-10-11 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-10-11 15:41 352256 ----a-w c:\programmi\PULITORI\SuperAntispyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\
0autocheck autochk *\
0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVD.exe"
"SkinClock"=e:\atomic clock\Atomic Alarm Clock\AtomicAlarmClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
"Ulead AutoDetector v2"=c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
"UCam_Menu"="e:\you cam 2\YouCam\MUITransfer\MUIStartMenu.exe" "e:\you cam 2\YouCam" update "Software\CyberLink\YouCam\2.0"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Trackmania Forever\\TmNationsForever\\TmForever.exe"=
"c:\\Programmi\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"e:\\Xfire\\xfire.exe"=
"e:\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Programmi\\Octoshape Streaming Services\\Utente\\OctoshapeClient.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Utente\\Desktop\\MaRkUs89\\[TUTTI GLI SCRIPT DI MIRC]\\mIRC angelcity\\mirc.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"e:\\Pechino 2008\\Beijing.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\WebCamXP\\webcamXP.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Rfactor\\rFactor.exe"=
"e:\\Sam broadcaster\\SAMBC.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Prince of persia\\Prince of Persia.exe"=
"e:\\Prince of persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Civilitazion IV\\Colonization.exe"=
"e:\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"e:\\Programmi meteo\\F5\\f5.exe"=
"c:\\Programmi\\SecondLife\\SLVoice.exe"=
"e:\\Programmi meteo\\macis-v\\McIDAS-V\\adde\\bin\\mcservl.exe"=
"e:\\Programmi meteo\\macis-v\\McIDAS-V\\jre\\bin\\javaw.exe"=
"e:\\Programmi meteo\\F5\\F5\\f5.exe"=
"e:\\Programmi meteo\\VirtualStorm\\Virtual Storm\\osgNavRelease.exe"=
"e:\\Programmi meteo\\VirtualStorm\\Virtual Storm\\omniNames.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Utente\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\UpsPilot\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 pavboot;pavboot; [x]
R3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2003-05-14 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [2003-05-14 633344]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2003-05-14 108387]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 SASENUM;SASENUM;c:\programmi\PULITORI\SuperAntispyware\SASENUM.SYS [2008-09-03 7408]
R3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 xmasbus;xmasbus;c:\windows\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
S0 xmasscsi;xmasscsi;c:\windows\System32\Drivers\xmasscsi.sys [2003-12-20 5504]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-08 34312]
S1 is-A76N0drv;is-A76N0drv;c:\windows\system32\DRIVERS\38714801.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\PULITORI\SuperAntispyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\programmi\PULITORI\SuperAntispyware\SASKUTIL.sys [2008-09-03 55024]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-12 141312]
S2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-08 468224]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 PTK License-FIGHTERS-18665827;PTK License-FIGHTERS-18665827;c:\programmi\Fighters\licenseservice.exe [2008-11-18 283272]
S2 PTK Live Update-FIGHTERS-18665827;PTK Live Update-FIGHTERS-18665827;c:\programmi\Fighters\updateservice.exe [2008-11-18 307848]
S2 PTK Scanner-FIGHTERS-18665827;PTK Scanner-FIGHTERS-18665827;c:\programmi\Fighters\ScannerService.exe [2008-11-18 311944]
S2 PTK SharedAccess-FIGHTERS-18665827;PTK SharedAccess-FIGHTERS-18665827;c:\programmi\Fighters\configservice.exe [2008-11-18 139912]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-10-22 33792]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2006-12-21 1294336]
S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\DRIVERS\pcam800.sys [2003-01-03 210792]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\programmi\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 TUSB1150;802.11g WLAN USB Adapter;c:\windows\system32\DRIVERS\tusb1150.sys [2005-06-03 494848]
S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\PULITORI\Tune up 2008\OneClick.exe [2008-06-20 07:27]
2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-05-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-05-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-05-04 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\PULITORI\Tune up 2008\OneClickStarter.exe [2008-06-20 07:27]
2009-05-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-DAEMON Tools Lite - c:\programmi\DAEMON Tools Lite\daemon.exe
HKLM-Run-nod32kui - c:\programmi\Eset\nod32kui.exe
Notify-WgaLogon - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.ituInternet Connection Wizard,ShellNext =
hxxp://support.asus.com/download/downlo ... uage=en-usuInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\programmi\Opanda\IExif 2.3\IExifMap.htm
IE: Sothink SWF Catcher - c:\programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - c:\programmi\Opanda\IExif 2.3\IExifCom.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\u62u8kl9.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/sli ... pab&query=FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Utente\Dati applicazioni\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Octoshape Streaming Services\Utente\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
FF - plugin: c:\programmi\Octoshape Streaming Services\Utente\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\programmi\QuickTime Alternative\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\Unity\WebPlayer\loader\npUnity3D32.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-04 14:15
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:58,88,68,c4,56,2b,d9,ed,02,97,1a,78,f8,b5,b7,c2,65,d0,06,21,ab,
0f,42,a2,80,00,ac,bf,30,9f,23,e5,4f,7d,74,23,28,c7,58,10,66,3b,5f,ee,c2,f5,\
"rkeysecu"=hex:2e,6e,1a,ff,02,95,f5,bd,1e,7c,d1,b2,df,98,a1,19
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\programmi\PULITORI\SuperAntispyware\SASWINLO.dll
.
Ora fine scansione: 2009-05-04 14.17.53
ComboFix-quarantined-files.txt 2009-05-04 12:17
Pre-Run: 17.578.590.208 byte disponibili
Post-Run: 17.815.900.160 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
363 --- E O F --- 2009-04-29 22:18