ComboFix 10-01-02.05 - Computer 03/01/2010 14.32.16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.204 [GMT 1:00]
Eseguito da: c:\documents and settings\Computer\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\Computer\Dati applicazioni\.#
c:\documents and settings\Computer\Dati applicazioni\.#\MBX@9E0@15037B8.###
c:\documents and settings\Computer\Dati applicazioni\.#\MBX@9E0@15037C8.###
c:\documents and settings\Computer\Dati applicazioni\.#\MBX@9E0@15037D8.###
c:\documents and settings\Computer\Dati applicazioni\inst.exe
c:\windows\system32\systeminfo3.dll
c:\windows\system32\DRIVERS\atapi.sys . . . è infetto!!
.
((((((((((((((((((((((((( Files Creati Da 2009-12-03 al 2010-01-03 )))))))))))))))))))))))))))))))))))
.
2010-01-03 12:03 . 2010-01-03 12:04 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Temp
2010-01-03 12:03 . 2010-01-03 12:04 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Google
2010-01-03 12:03 . 2010-01-03 12:03 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Deployment
2010-01-02 15:07 . 2010-01-02 15:07 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-01-02 15:06 . 2010-01-02 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-02 13:28 . 2010-01-02 13:28 0 ----a-w- c:\windows\nsreg.dat
2010-01-02 13:28 . 2010-01-02 13:28 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-29 14:55 . 2009-12-29 14:55 -------- d-----w- c:\programmi\File comuni\xing shared
2009-12-29 14:54 . 2009-12-29 14:55 -------- d-----w- c:\programmi\File comuni\Real
2009-12-29 14:54 . 2009-12-29 14:54 -------- d-----w- c:\programmi\Real
2009-12-29 14:52 . 2009-12-29 14:52 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Nero
2009-12-27 00:13 . 2009-12-27 22:29 -------- d-----w- c:\programmi\PokerStars.IT
2009-12-24 10:04 . 2009-12-24 10:04 34494 ----a-r- c:\documents and settings\Computer\Dati applicazioni\Microsoft\Installer\{082EA2B7-C14C-4D48-8527-EF8375E99EBE}\_13C1AA92C9C643D743641D.exe
2009-12-24 10:04 . 2009-12-24 10:04 34494 ----a-r- c:\documents and settings\Computer\Dati applicazioni\Microsoft\Installer\{082EA2B7-C14C-4D48-8527-EF8375E99EBE}\_A4D3AC7C02BCE13DDA05FF.exe
2009-12-24 10:04 . 2009-12-24 10:14 -------- d-----w- c:\programmi\Burraconline
2009-12-22 08:51 . 2009-12-22 08:51 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-22 08:49 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-22 08:49 . 2009-12-22 08:49 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-12-22 08:48 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-22 08:48 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-22 08:48 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-22 08:48 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-22 08:48 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-22 08:48 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-22 08:46 . 2009-12-22 08:45 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-12-22 08:46 . 2009-12-22 08:46 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-22 08:46 . 2009-12-22 08:46 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-22 08:46 . 2009-12-22 08:46 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-22 08:46 . 2009-12-22 08:46 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-22 06:49 . 2009-12-22 06:49 -------- d-----w- c:\programmi\uTorrent
2009-12-22 06:48 . 2009-12-22 07:13 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\uTorrent
2009-12-21 16:03 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-12-21 16:03 . 2009-12-21 16:03 -------- d-----w- c:\programmi\NSS
2009-12-16 15:05 . 2009-12-16 15:05 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\TuneUp Software
2009-12-16 15:04 . 2009-12-16 15:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-12-16 15:04 . 2009-12-16 15:04 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-15 20:22 . 2009-12-15 20:22 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\Malwarebytes
2009-12-15 20:22 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 20:22 . 2009-12-15 20:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-12-15 20:22 . 2009-12-15 20:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-15 20:22 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 11:09 . 2009-12-15 11:09 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Identities
2009-12-07 14:40 . 2009-12-11 13:38 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\SAMSUNG
2009-12-07 14:29 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-12-07 14:28 . 2009-12-07 14:28 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-12-07 14:27 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-12-07 14:27 . 2009-12-11 13:36 -------- d-----w- c:\programmi\GFI
2009-12-07 14:22 . 2009-12-07 14:22 -------- d-----w- c:\windows\Downloaded Installations
2009-12-07 13:25 . 2009-12-07 13:25 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-07 13:22 . 2009-12-07 13:22 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\LogiShrd
2009-12-07 13:22 . 2009-06-17 08:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-12-07 13:20 . 2009-12-07 13:20 -------- d-----w- c:\programmi\Logitech
2009-12-07 13:19 . 2009-12-07 13:20 -------- d-----w- c:\programmi\File comuni\Logishrd
2009-12-07 13:19 . 2009-12-07 13:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-12-07 13:19 . 2009-12-07 13:19 -------- d-----w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-12-07 13:15 . 2008-05-12 00:08 32768 ----a-w- c:\windows\system\VRAIDlog.dll
2009-12-07 13:12 . 2009-12-07 13:15 -------- d-----w- c:\programmi\VIA
2009-12-07 13:12 . 2007-09-20 09:43 331184 ------w- c:\windows\system32\difxapi.dll
2009-12-07 13:08 . 2009-12-07 13:08 -------- d-----w- c:\programmi\Acer
2009-12-07 12:36 . 2009-12-07 12:36 -------- d-----w- c:\programmi\Driver-Soft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 11:43 . 2009-10-19 16:50 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\vlc
2009-12-29 14:54 . 2009-10-19 11:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-29 14:54 . 2009-10-19 11:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-22 08:51 . 2009-10-20 06:16 -------- d-----w- c:\programmi\File comuni\Nokia
2009-12-22 08:50 . 2009-10-20 06:16 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\Nokia
2009-12-22 08:48 . 2009-10-20 06:15 -------- d-----w- c:\programmi\Nokia
2009-12-22 08:45 . 2009-10-20 06:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-12 12:52 . 2009-10-19 11:46 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-11 13:37 . 2009-10-20 08:22 -------- d-----w- c:\programmi\Rockstar Games
2009-12-10 10:23 . 2009-10-19 12:00 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 08:12 . 2009-10-20 06:16 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\PC Suite
2009-12-07 13:21 . 2009-12-07 13:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-07 13:21 . 2009-12-07 13:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-07 13:21 . 2009-12-07 13:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-12-07 13:19 . 2009-10-19 11:46 -------- d-----w- c:\programmi\ATI Technologies
2009-12-01 15:54 . 2009-12-01 15:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-11-29 12:09 . 2009-10-19 11:50 81504 ----a-w- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-29 11:31 . 2001-08-31 10:00 78238 ----a-w- c:\windows\system32\perfc010.dat
2009-11-29 11:31 . 2001-08-31 10:00 476424 ----a-w- c:\windows\system32\perfh010.dat
2009-11-29 11:30 . 2009-10-20 08:16 -------- d-----w- c:\programmi\MSBuild
2009-11-29 11:30 . 2009-11-29 11:30 179192 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-11-29 11:23 . 2009-11-29 11:23 -------- d-----w- c:\programmi\Reference Assemblies
2009-11-29 09:49 . 2009-11-17 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2009-11-27 15:22 . 2009-11-27 15:22 139152 ----a-w- c:\documents and settings\Computer\Dati applicazioni\PnkBstrK.sys
2009-11-27 15:22 . 2009-11-27 15:22 139152 ----a-w- c:\documents and settings\Computer\Dati applicazioni\PnkBstrK.sys
2009-11-25 14:50 . 2009-10-31 13:30 -------- d-----w- c:\programmi\IObit
2009-11-24 17:49 . 2009-10-24 19:53 -------- d-----w- c:\programmi\ATI
2009-11-24 17:48 . 2009-10-19 11:46 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-11-22 11:43 . 2009-11-22 11:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-22 07:42 . 2009-11-22 07:42 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\Avira
2009-11-21 15:50 . 2009-11-21 15:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-21 15:50 . 2009-11-21 15:50 -------- d-----w- c:\programmi\Avira
2009-11-21 15:48 . 2009-11-21 15:50 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:48 . 2009-11-21 15:50 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-21 15:48 . 2009-11-21 15:50 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-21 15:00 . 2009-11-21 15:00 -------- d-----w- c:\programmi\GiocoDigitale
2009-11-21 15:00 . 2009-11-21 15:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GiocoDigitale
2009-11-18 12:34 . 2009-11-18 12:34 -------- d-----w- c:\programmi\SlySoft
2009-11-17 14:35 . 2009-11-17 14:25 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\Vso
2009-11-17 14:35 . 2009-11-17 14:25 47360 ----a-w- c:\documents and settings\Computer\Dati applicazioni\pcouffin.sys
2009-11-17 14:35 . 2009-11-17 14:25 47360 ----a-w- c:\documents and settings\Computer\Dati applicazioni\pcouffin.sys
2009-11-17 14:25 . 2009-11-17 14:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-17 14:12 . 2009-11-17 14:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2009-11-17 13:46 . 2009-10-19 19:40 -------- d-----w- c:\documents and settings\Computer\Dati applicazioni\Nero
2009-11-17 13:28 . 2009-11-17 13:29 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it[1].exe
2009-11-17 13:24 . 2009-11-17 13:24 -------- d-----w- c:\programmi\MSXML 6.0
2009-11-17 13:20 . 2009-11-17 13:20 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-17 13:20 . 2009-11-17 13:20 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-17 13:20 . 2009-11-17 13:20 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-15 09:40 . 2009-10-19 17:41 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-11-09 13:40 . 2009-10-19 12:29 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-09 11:32 . 2009-10-19 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-11-07 13:51 . 2009-11-07 13:51 -------- d-----w- c:\programmi\Trend Micro
2009-11-03 16:35 . 2009-10-20 08:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-24 19:55 . 2009-10-24 19:55 9158 ----a-r- c:\documents and settings\Computer\Dati applicazioni\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-10-20 06:26 . 2009-10-20 06:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 06:14 . 2009-10-20 06:14 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-20 06:14 . 2009-10-20 06:14 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-20 06:14 . 2009-10-20 06:14 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-20 06:14 . 2009-10-20 06:14 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-20 06:14 . 2009-10-20 06:14 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita_web[1].exe
2009-10-19 17:00 . 2009-10-19 11:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-19 11:53 . 2009-10-19 11:53 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-19 11:32 . 2009-10-19 11:32 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-06 10:52 . 2009-10-20 06:15 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-10-19 3883856]
"Google Update"="c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-11-21 209153]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-12-29 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Assistente di Traduzione IdiomaX.lnk]
backup=c:\windows\pss\Assistente di Traduzione IdiomaX.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^SetPointII.lnk]
backup=c:\windows\pss\SetPointII.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 02:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-11-20 12:51 2335880 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-11-30 19:10 344064 ----a-w- c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:39 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 08:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 13:51 1667584 ------w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-22 06:49 289584 ----a-w- c:\programmi\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIARaidUtl]
2009-02-19 15:42 4918936 ----a-w- c:\programmi\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [31/10/2009 12.59.28 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [31/10/2009 12.59.28 5248]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [21/11/2009 16.50.40 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [21/11/2009 16.50.42 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [21/11/2009 16.50.40 434945]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [07/12/2009 14.22.09 10384]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [15/12/2009 21.22.48 276816]
R2 VRAID Log Service;VRAID Log Service;c:\programmi\VIA\RAID\vialogsv.exe [07/12/2009 14.15.38 52888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15/12/2009 21.22.39 19160]
S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [24/11/2009 18.40.37 9728]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2009 7.26.39 721904]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\programmi\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-02 12:51]
2010-01-02 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-11-25 12:51]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1757981266-1606980848-1003Core.job
- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-03 12:03]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1757981266-1606980848-1003UA.job
- c:\documents and settings\Computer\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-03 12:03]
2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{75DA3D59-DD08-4F24-B60B-95EA921ED51C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = local
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-DriverUpdaterPro - c:\programmi\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-03 14:42:07
ComboFix-quarantined-files.txt 2010-01-03 13:42
Pre-Run: 165.884.399.616 byte disponibili
Post-Run: 165.859.385.344 byte disponibili
- - End Of File - - C45B8792663E109A8FB09BA7E4159139