ComboFix 08-11-12.02 - claudia 2008-11-14 19.18.34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1472 [GMT 1:00]
Eseguito da: d:\documents and settings\claudia\Documenti\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\claudia\Impostazioni locali\Dati applicazioni\ctjyofu.dat
d:\documents and settings\claudia\Impostazioni locali\Dati applicazioni\ctjyofu_nav.dat
d:\documents and settings\claudia\Impostazioni locali\Dati applicazioni\ctjyofu_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-10-14 al 2008-11-14 )))))))))))))))))))))))))))))))))))
.
2008-11-14 13:24 . 2008-11-14 13:24 <DIR> d-------- c:\programmi\File comuni\Adobe
2008-11-14 13:21 . 2008-11-14 18:40 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\NOS
2008-11-14 13:21 . 2008-11-14 18:39 <DIR> d-------- c:\programmi\NOS
2008-11-13 16:41 . 2008-11-14 19:15 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\OnlineArmor
2008-11-13 16:41 . 2008-11-13 20:13 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\OnlineArmor
2008-11-13 16:40 . 2008-11-13 16:40 <DIR> d-------- c:\programmi\Tall Emu
2008-11-13 16:40 . 2008-10-07 00:09 178,376 --a------ c:\windows\system32\drivers\OADriver.sys
2008-11-13 16:40 . 2008-10-07 00:09 30,920 --a------ c:\windows\system32\drivers\OAmon.sys
2008-11-13 16:40 . 2008-10-07 00:09 28,872 --a------ c:\windows\system32\drivers\OAnet.sys
2008-11-13 13:06 . 2008-11-13 13:06 <DIR> d-------- d:\documents and settings\All Users\Dati applicazioni\Avira
2008-11-13 13:06 . 2008-11-13 13:06 <DIR> d-------- c:\programmi\Avira
2008-11-12 21:08 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:08 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:52 . 2008-11-12 20:52 <DIR> d-------- c:\windows\system32\Kaspersky Lab
2008-11-11 19:16 . 2008-11-11 19:16 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\Canneverbe_Limited
2008-11-11 19:16 . 2008-11-13 12:40 <DIR> d-------- c:\programmi\CDBurnerXP
2008-11-11 18:41 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-11 18:39 . 2008-11-11 18:41 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-11 18:39 . 2008-11-11 18:39 <DIR> d-------- c:\programmi\Reference Assemblies
2008-11-11 18:39 . 2008-11-11 18:39 <DIR> d-------- c:\programmi\MSBuild
2008-11-11 18:38 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-11 18:38 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-11 18:38 . 2008-07-06 11:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-11 18:38 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-11 18:38 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-11 18:38 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-11 18:38 . 2008-07-06 13:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-06 03:14 . 2008-11-06 03:14 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\CyberLink
2008-11-06 02:18 . 2008-11-06 02:18 4,888,260 --a------ d:\documents and settings\FIDEL\hdclone.3.5.2.fe.en.zip
2008-11-06 00:33 . 2008-11-09 19:30 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\Desktopicon
2008-11-06 00:33 . 2008-11-06 00:36 <DIR> d-------- c:\programmi\Unlocker
2008-11-05 21:43 . 2008-11-12 23:14 1,393 --a------ c:\windows\imsins.BAK
2008-11-05 11:30 . 2008-11-06 11:55 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\dvdcss
2008-11-01 17:39 . 2008-11-01 17:39 <DIR> d-------- d:\documents and settings\Administrator.114945350318.000\Dati applicazioni\Malwarebytes
2008-11-01 17:29 . 2004-09-03 12:45 <DIR> d--h----- d:\documents and settings\Administrator.114945350318.000\Risorse di stampa
2008-11-01 17:29 . 2004-09-03 12:45 <DIR> d--h----- d:\documents and settings\Administrator.114945350318.000\Risorse di rete
2008-11-01 17:29 . 2008-10-05 03:47 <DIR> dr------- d:\documents and settings\Administrator.114945350318.000\Preferiti
2008-11-01 17:29 . 2008-10-05 03:47 <DIR> d--h----- d:\documents and settings\Administrator.114945350318.000\Modelli
2008-11-01 17:29 . 2008-10-05 03:47 <DIR> dr------- d:\documents and settings\Administrator.114945350318.000\Menu Avvio
2008-11-01 17:29 . 2008-11-14 19:29 <DIR> d--h----- d:\documents and settings\Administrator.114945350318.000\Impostazioni locali
2008-11-01 17:29 . 2008-10-05 03:47 <DIR> dr------- d:\documents and settings\Administrator.114945350318.000\Documenti
2008-11-01 17:29 . 2006-02-23 16:31 <DIR> d-------- d:\documents and settings\Administrator.114945350318.000\Dati applicazioni\Symantec
2008-11-01 17:29 . 2008-10-05 03:47 <DIR> d-------- d:\documents and settings\Administrator.114945350318.000\Dati applicazioni\ATI
2008-11-01 17:29 . 2008-11-01 17:39 <DIR> dr-h----- d:\documents and settings\Administrator.114945350318.000\Dati applicazioni
2008-11-01 17:29 . 2008-11-01 17:29 <DIR> d-------- d:\documents and settings\Administrator.114945350318.000
2008-11-01 17:07 . 2008-11-01 17:07 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\Malwarebytes
2008-11-01 17:07 . 2008-11-01 17:07 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-01 17:07 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-01 17:07 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-01 16:22 . 2008-11-01 16:22 <DIR> d-------- c:\programmi\rustok ANTIROOTKIT
2008-11-01 16:19 . 2008-11-01 16:20 <DIR> d-------- C:\Rustbfix
2008-10-28 16:09 . 2008-10-28 16:09 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\ArcSoft
2008-10-28 07:21 . 2008-10-28 07:21 <DIR> d-------- c:\programmi\Seagate
2008-10-27 16:20 . 2008-10-27 16:20 <DIR> d-------- d:\documents and settings\claudia\Dati applicazioni\vlc
2008-10-26 06:44 . 2008-10-28 07:49 <DIR> d-------- d:\documents and settings\archivio PG2
2008-10-25 14:48 . 2008-10-25 15:45 <DIR> d-------- c:\programmi\Bluetack
2008-10-24 06:02 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:09 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 07:09 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:09 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:09 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 07:09 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 07:09 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-14 11:22 . 2008-10-31 09:29 <DIR> d-------- c:\programmi\RootkitRevealer
2008-10-14 08:00 . 2008-10-14 08:01 <DIR> d-------- c:\programmi\GMER ANTI ROOTKIT
2008-10-14 07:41 . 2008-10-14 07:41 716,272 --a------ c:\windows\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 18:30 --------- d-----w c:\programmi\PEERGUARDIAN2
2008-11-14 11:28 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-14 00:49 --------- d-----w c:\programmi\eMule
2008-11-09 14:50 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-06 02:16 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\CyberLink
2008-11-06 02:06 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2008-11-06 02:06 --------- d-----w c:\programmi\Ulead Systems
2008-11-06 02:02 --------- d-----w c:\programmi\Sonic
2008-11-06 01:56 --------- d-----w c:\programmi\File comuni\Ulead Systems
2008-11-05 11:23 --------- d-----w c:\programmi\CCleaner
2008-10-31 02:00 --------- d-----w c:\programmi\File comuni\ArcSoft
2008-10-30 23:39 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Skype
2008-10-30 23:17 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\skypePM
2008-10-27 16:00 --------- d-----w c:\programmi\VideoLAN
2008-10-25 08:13 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\PC Suite
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-14 11:07 --------- d-----w c:\programmi\Sophos
2008-10-13 06:48 --------- d-----w c:\programmi\Nokia
2008-10-11 17:29 --------- d-----w c:\programmi\MSXML 6.0
2008-10-11 17:28 --------- d-----w c:\programmi\File comuni\Nokia
2008-10-11 17:27 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Installations
2008-10-10 11:26 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\VadeRetro
2008-10-08 07:22 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-08 07:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-08 07:22 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Nokia
2008-10-08 07:09 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2008-10-08 07:09 --------- d-----w c:\programmi\PC Connectivity Solution
2008-10-08 07:09 --------- d-----w c:\programmi\File comuni\PCSuite
2008-10-08 06:15 --------- d-----w c:\programmi\Nero Keygen
2008-10-07 20:38 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Sonic
2008-10-07 20:37 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Leadertech
2008-10-06 14:55 --------- d-----w c:\programmi\Google
2008-10-05 17:37 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Datalayer
2008-10-05 15:16 --------- d-----w c:\programmi\DIFX
2008-10-05 15:15 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-10-05 15:06 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-05 15:06 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Panasonic
2008-10-05 15:04 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\InstallShield
2008-10-05 15:04 --------- d-----w c:\programmi\Panasonic
2008-10-05 14:59 --------- d-----w c:\programmi\File comuni\Ahead
2008-10-05 14:59 --------- d-----w c:\programmi\Ahead
2008-10-05 14:48 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\AdobeUM
2008-10-05 14:28 --------- d-----w c:\programmi\File comuni\Apple
2008-10-05 13:50 --------- d-----w c:\programmi\Lexmark X1100 Series
2008-10-05 13:27 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Apple Computer
2008-10-05 13:27 --------- d-----w c:\programmi\QuickTime
2008-10-05 13:26 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-05 11:14 --------- d-----w c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-10-05 08:35 --------- d-----w c:\programmi\File comuni\Skype
2008-10-05 08:27 --------- d-----w c:\programmi\Picasa2
2008-10-05 07:25 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\SUPERAntiSpyware.com
2008-10-05 07:25 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-10-05 07:25 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-10-05 06:44 --------- d-----w c:\programmi\Alwil Software
2008-10-05 06:42 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-05 06:13 --------- d-----w c:\programmi\MSXML 4.0
2008-10-05 05:52 --------- d-----w c:\programmi\Telecom Italia
2008-10-05 05:46 3,141,206 ----a-w C:\CurrentVersion.reg
2008-10-05 05:46 236 ----a-w C:\Ndis.reg
2008-10-05 05:46 228 ----a-w C:\Afd.reg
2008-10-05 05:46 15,048 ----a-w C:\Tcpip.reg
2008-10-05 05:38 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\Motive
2008-10-05 05:34 --------- d-----w c:\programmi\Motive
2008-10-05 05:34 --------- d-----w c:\programmi\File comuni\Motive
2008-10-05 05:34 --------- d-----w c:\programmi\Common Files
2008-10-05 05:34 --------- d-----w c:\programmi\Alice ti aiuta
2008-10-05 05:21 155,995 ----a-w c:\windows\java\Packages\GPN5BFNN.ZIP
2008-10-05 05:07 --------- d-----w c:\programmi\Java
2008-10-05 02:47 --------- d-----w d:\documents and settings\claudia\Dati applicazioni\ATI
2008-10-05 02:47 --------- d-----w c:\windows\system32\config\systemprofile\Dati applicazioni\ATI
2008-10-05 02:46 --------- d-----w d:\documents and settings\All Users\Dati applicazioni\VadeRetro
2008-10-05 02:44 --------- d-----w c:\programmi\ShowTime
2008-10-05 02:44 --------- d-----w c:\programmi\Servizi in linea
2008-10-05 02:44 --------- d-----w c:\programmi\Realtek AC97
2008-10-05 02:41 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-10-05 02:41 --------- d-----w c:\programmi\AvRack
2008-10-05 02:40 --------- d-----w c:\programmi\Windows Media Components
2008-10-05 02:40 --------- d-----w c:\programmi\Realtek Sound Manager
2008-10-05 02:40 --------- d-----w c:\programmi\Real
2008-10-05 02:40 --------- d-----w c:\programmi\Norman
2008-10-05 02:40 --------- d-----w c:\programmi\microsoft frontpage
2008-10-05 02:40 --------- d-----w c:\programmi\File comuni\xing shared
2008-10-05 02:40 --------- d-----w c:\programmi\File comuni\Real
2008-10-05 02:40 --------- d-----w c:\programmi\File comuni\Java
2008-10-05 02:40 --------- d-----w c:\programmi\File comuni\InstallShield
2008-10-05 02:40 --------- d-----w c:\programmi\ATI Technologies
2008-10-05 02:40 --------- d-----w c:\programmi\AMD
2008-10-03 16:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 08:57 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 13:22 2,192,896 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"@OnlineArmor GUI"="c:\programmi\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6216192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-10-07 886984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PHOTOfunSTUDIO -viewer-.lnk]
path=d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]
--a------ 2006-11-21 15:26 936960 c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 14:43 45056 c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:01 57344 c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-04-21 14:41 438359 c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-14 03:14 172032 c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-06 15:14 68856 c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-10-24 13:45 90112 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
"c:\\Programmi\\PEERGUARDIAN2\\pg2.exe"=
"c:\\Programmi\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Programmi\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"=
"c:\\Programmi\\Tall Emu\\Online Armor\\oaui.exe"=
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-10-07 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-10-07 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-10-07 28872]
R2 OAcat;Online Armor Helper Service;c:\programmi\Tall Emu\Online Armor\oacat.exe [2008-10-07 1402568]
R2 SvcOnlineArmor;Online Armor;c:\programmi\Tall Emu\Online Armor\oasrv.exe [2008-10-07 3314688]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2.tmp [ ]
S3 usbscan;Driver scanner USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-14 c:\windows\Tasks\Garanzia estesa.job
- c:\apps\SMP\PBCARNOT.EXE []
2008-11-14 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE []
.
- - - - ORFÃOS REMOVIDOS - - - -
MSConfigStartUp-SmpcSys - c:\apps\SMP\SmpSys.exe
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/igR0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Default_Search_URL =
hxxp://www.google.com/ieR1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-14 19:30:39
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
Ora fine scansione: 2008-11-14 19.35.04
ComboFix-quarantined-files.txt 2008-11-14 18:34:36
Pre-Run: 19.890.724.864 byte disponibili
Post-Run: 19,877,261,312 byte disponibili
303 --- E O F --- 2008-11-12 22:15:49