ComboFix 10-08-20.01 - Giovanni 21/08/2010 19.27.24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1366 [GMT 2:00]
Eseguito da: c:\documents and settings\Giovanni\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\qsrkwpnxuvfo.sys
c:\windows\system32\sysmwwod.dll
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_qsrkwpnxuvfo
-------\Service_qsrkwpnxuvfo
((((((((((((((((((((((((( Files Creati Da 2010-07-21 al 2010-08-21 )))))))))))))))))))))))))))))))))))
.
2010-08-20 21:16 . 2010-08-20 21:16 -------- d-----w- c:\documents and settings\Giovanni\DoctorWeb
2010-08-20 21:12 . 2010-08-21 17:35 -------- d-----w- c:\programmi\AVG Anti-Rootkit Free
2010-08-20 21:12 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-08-19 17:21 . 2010-08-19 17:30 -------- d-----r- C:\Documents
2010-08-18 15:46 . 2010-06-28 20:37 165456 begin_of_the_skype_highlighting 37 165456 end_of_the_skype_highlighting ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-18 15:46 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-18 15:46 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-18 15:46 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-18 15:46 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-18 15:46 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-18 15:46 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-18 15:46 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-18 15:45 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-18 15:45 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-18 15:45 . 2010-08-18 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-08-17 20:46 . 2010-08-17 20:46 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-17 20:40 . 2010-07-21 17:50 81920 ----a-w- C:\remover.exe
2010-08-17 20:38 . 2010-08-19 20:26 -------- d-----w- c:\programmi\Softwin
2010-08-17 19:47 . 2010-08-17 19:47 -------- d-----w- c:\programmi\Sophos
2010-08-16 22:24 . 2010-08-16 22:24 92722 ----a-w- c:\windows\system32\prfc0410.dat
2010-08-16 22:24 . 2010-08-16 22:24 509016 ----a-w- c:\windows\system32\prfh0410.dat
2010-08-16 22:13 . 2010-08-16 22:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-16 18:06 . 2010-08-16 18:06 -------- d-----w- c:\programmi\DivX
2010-08-16 14:48 . 2010-08-16 22:12 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\vlc
2010-08-16 14:44 . 2010-08-16 14:44 -------- d-----w- c:\programmi\VideoLAN
2010-08-15 11:00 . 2010-08-15 11:00 -------- d-----w- c:\temp\Adolfo1
2010-08-15 10:43 . 2010-08-15 10:43 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\LEAPS
2010-08-15 10:37 . 2010-08-15 10:37 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\Pegasys Inc
2010-08-15 10:35 . 2010-08-15 10:34 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-08-15 10:35 . 2010-08-15 10:34 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-08-15 10:35 . 2010-08-15 10:34 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-08-15 10:35 . 2010-08-15 10:35 -------- d-----w- c:\programmi\Pegasys Inc
2010-08-15 09:52 . 2010-08-15 09:52 -------- d-----w- c:\programmi\File comuni\Ahead
2010-08-15 09:52 . 2010-08-15 09:52 -------- d-----w- c:\programmi\Ahead
2010-08-15 09:45 . 2010-08-15 10:13 -------- d-----w- c:\programmi\Nero
2010-08-15 09:45 . 2010-08-15 09:46 -------- d-----w- c:\programmi\File comuni\Nero
2010-08-15 08:52 . 2010-08-15 09:48 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\Nero
2010-08-15 07:31 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-08-15 07:31 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-15 07:31 . 2010-08-12 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-15 07:31 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-15 07:31 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-13 16:17 . 2010-08-13 16:17 57054 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54166 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 57532 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSASPDecoder\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 56458 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54174 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DSAACDecoder\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54153 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54644 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 57409 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 54101 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-13 16:17 . 2010-08-13 16:17 52963 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-13 16:16 . 2010-08-13 16:16 54073 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Qt4.5\Uninstaller.exe
2010-08-13 16:16 . 2010-08-13 16:16 -------- d-----w- c:\programmi\File comuni\DivX Shared
2010-08-13 16:16 . 2010-08-13 16:16 56969 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\ASPEncoder\Uninstaller.exe
2010-08-13 16:15 . 2010-08-13 16:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-08-13 16:09 . 2010-06-09 23:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-13 16:09 . 2010-06-09 23:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-11 09:31 . 2010-08-11 09:31 -------- d-----w- c:\programmi\Pinnacle Systems
2010-08-10 08:02 . 2010-08-10 08:02 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\EPSON
2010-08-08 08:52 . 2010-08-08 08:52 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\Free Mp3 Wma Ogg Converter
2010-08-08 08:49 . 2010-08-08 08:49 -------- d-----w- c:\programmi\AutocompletePro
2010-08-08 08:49 . 2010-08-08 08:49 -------- d-----w- c:\programmi\Free Mp3 Wma Ogg Converter
2010-07-23 19:57 . 2010-07-23 19:57 -------- d-----w- c:\documents and settings\Giovanni\Impostazioni locali\Dati applicazioni\ArcSoft
2010-07-23 19:57 . 2010-08-11 09:54 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\ArcSoft
2010-07-23 19:57 . 2010-07-23 19:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2010-07-23 19:57 . 2004-05-04 09:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-23 19:57 . 2010-07-23 19:57 -------- d-----w- c:\programmi\File comuni\ArcSoft
2010-07-23 19:57 . 2010-07-23 19:57 -------- d-----w- c:\programmi\ArcSoft
2010-07-23 19:54 . 2010-07-23 19:54 -------- d-----w- c:\programmi\Philips
2010-07-23 19:54 . 2010-07-23 19:54 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 17:33 . 2010-06-22 17:03 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-00531102}.dat
2010-08-21 17:33 . 2010-06-22 17:03 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00531102}.dat
2010-08-16 21:21 . 2010-06-27 09:33 -------- d-----w- c:\programmi\Unlocker
2010-08-15 09:45 . 2010-06-28 17:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-08-15 07:31 . 2010-06-28 17:05 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-08-13 16:18 . 2010-08-13 16:18 57344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-13 16:18 . 2010-08-13 16:18 56765 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-13 16:18 . 2010-08-13 16:18 56997 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
2010-08-13 16:18 . 2010-08-13 16:18 53600 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
2010-08-13 16:18 . 2010-08-13 16:18 57715 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
2010-08-13 16:18 . 2010-08-13 16:18 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\DivX
2010-08-13 16:18 . 2010-08-13 16:18 84054 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\TransferWizard\Uninstaller.exe
2010-08-13 16:15 . 2010-08-13 16:18 1062184 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
2010-08-13 16:06 . 2010-08-13 16:18 895256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-08-13 15:43 . 2003-04-08 12:00 92722 ----a-w- c:\windows\system32\perfc010.dat
2010-08-13 15:43 . 2003-04-08 12:00 509016 ----a-w- c:\windows\system32\perfh010.dat
2010-08-11 09:31 . 2010-06-22 17:21 -------- d-----w- c:\programmi\Pinnacle
2010-07-23 19:58 . 2010-06-22 17:01 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-16 17:26 . 2010-07-16 17:25 -------- d-----w- c:\programmi\VirtualDub 1.9.9
2010-07-04 15:47 . 2010-07-03 17:15 -------- d-----w- c:\programmi\IrfanView
2010-07-04 15:44 . 2010-06-27 10:06 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\Winamp
2010-07-04 15:44 . 2010-06-27 10:06 -------- d-----w- c:\programmi\Winamp
2010-07-04 15:44 . 2010-07-04 15:44 -------- d-----w- c:\programmi\Winamp Detect
2010-07-04 15:44 . 2010-07-04 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2010-07-04 15:44 . 2010-07-04 15:44 -------- d-----w- c:\programmi\File comuni\Jasc Software Inc
2010-07-04 15:44 . 2010-07-04 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SlySoft
2010-07-04 10:13 . 2010-07-03 17:19 -------- d-----w- c:\programmi\File comuni\Logitech
2010-07-04 09:01 . 2010-07-04 09:01 -------- d-----w- c:\programmi\Alwil Software
2010-07-03 17:19 . 2010-07-03 17:19 -------- d-----w- c:\programmi\Logitech
2010-06-30 12:31 . 2004-08-19 14:39 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 10:01 . 2010-06-22 17:01 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-06-27 10:01 . 2010-06-27 10:01 -------- d-----w- c:\documents and settings\Giovanni\Dati applicazioni\Jasc Software Inc
2010-06-27 10:01 . 2010-06-27 10:00 -------- d-----w- c:\programmi\Jasc Software Inc
2010-06-27 09:51 . 2010-06-27 09:45 -------- d-----w- c:\programmi\SlySoft
2010-06-27 09:49 . 2010-06-27 09:49 -------- d-----w- c:\programmi\Elaborate Bytes
2010-06-27 09:29 . 2010-06-27 09:29 -------- d-----w- c:\programmi\Ashampoo
2010-06-27 07:25 . 2010-06-22 17:05 73768 ----a-w- c:\documents and settings\Giovanni\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-25 17:45 . 2010-06-25 17:45 -------- d-----w- c:\programmi\MSXML 4.0
2010-06-25 17:38 . 2010-06-25 17:38 -------- d-----w- c:\programmi\CCleaner
2010-06-25 17:35 . 2010-06-25 16:57 -------- d-----w- c:\programmi\File comuni\Adobe
2010-06-25 17:31 . 2010-06-25 17:31 -------- d-----r- c:\documents and settings\Giovanni\Dati applicazioni\Brother
2010-06-25 17:11 . 2010-06-23 17:58 -------- d-----w- c:\programmi\Google
2010-06-25 17:07 . 2010-06-25 17:07 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-25 15:38 . 2010-06-25 15:36 -------- d-----w- c:\programmi\Service Tuner
2010-06-24 12:15 . 2008-01-17 17:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-01-17 17:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-01-17 17:48 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 14:31 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 18:20 . 2010-06-22 16:04 86327 ------w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-23 18:06 . 2010-06-23 18:06 -------- d-----w- c:\programmi\Microsoft Money
2010-06-23 17:59 . 2010-06-23 17:59 -------- d-----w- c:\programmi\File comuni\Java
2010-06-23 17:58 . 2010-06-23 17:58 503808 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-533056dc-n\msvcp71.dll
2010-06-23 17:58 . 2010-06-23 17:58 499712 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-533056dc-n\jmc.dll
2010-06-23 17:58 . 2010-06-23 17:58 348160 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-533056dc-n\msvcr71.dll
2010-06-23 17:58 . 2010-06-23 17:58 61440 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3798a8ef-n\decora-sse.dll
2010-06-23 17:58 . 2010-06-23 17:58 12800 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3798a8ef-n\decora-d3d.dll
2010-06-23 17:58 . 2010-06-23 17:58 411368 ------w- c:\windows\system32\deployJava1.dll
2010-06-23 17:58 . 2010-06-23 17:58 -------- d-----w- c:\programmi\Java
2010-06-23 17:57 . 2010-06-23 17:57 79488 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\jre1.6.0_20\gtapi.dll
2010-06-23 17:57 . 2010-06-23 17:57 152576 ------w- c:\documents and settings\Giovanni\Dati applicazioni\Sun\Java\jre1.6.0_20\lzma.dll
2010-06-23 17:53 . 2010-06-23 17:53 -------- d-----w- c:\programmi\MSBuild
2010-06-23 17:49 . 2010-06-23 17:49 -------- d-----w- c:\programmi\Reference Assemblies
2010-06-23 17:42 . 2010-06-23 17:42 -------- d-----w- c:\programmi\Microsoft.NET
2010-06-23 16:35 . 2010-06-23 16:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SmartSound Software Inc
2010-06-23 16:35 . 2010-06-23 16:35 -------- d-----w- c:\programmi\SmartSound Software
2010-06-22 17:05 . 2010-06-22 17:05 137 ------w- c:\documents and settings\Giovanni\Impostazioni locali\Dati applicazioni\fusioncache.dat
2010-06-22 16:01 . 2010-06-22 16:01 21840 ------w- c:\windows\system32\emptyregdb.dat
2010-06-21 15:27 . 2004-08-03 22:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-19 14:39 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-06-22 16:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-19 14:39 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2010-08-13 16:18 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-08-13 16:18 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-08-13 16:18 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-08-13 16:18 133616 ------w- c:\windows\system32\pxafs.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59 153184 ----a-w- c:\programmi\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-10 90112]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"PCLEPCI"="c:\progra~1\PINNAC~1\PPE\PPE.EXE" [2003-09-23 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Philips GoGear VIBE Device Manager.lnk - c:\programmi\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-7-23 1611152]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/08/2010 17.46.04 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/08/2010 17.46.05 165456]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [22/06/2010 19.23.56 132940]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/08/2010 17.46.05 17744]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [22/06/2010 18.24.57 1759036]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [25/06/2010 19.11.21 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4B.tmp
c:\windows\system32\4B.tmp
S3 PAC7311;Trust WB-3300p Mini HiRes Webcam;c:\windows\system32\drivers\PA707UCM.SYS [23/06/2010 19.30.42 154752]
.
Contenuto della cartella 'Scheduled Tasks'
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-25 17:11]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-25 17:11]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.itmStart Page =
hxxp://www.libero.itIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {6ECC6C62-0B9F-4BF4-985A-4877733A8C63} = 193.70.152.15,193.70.152.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
ActiveSetup-{4DFB08AC-A3C7-8F27-1FBE-20712E2E1C0E} - k:\software\Nero Burning Rom System\Nero 8 Premium\keygen.exe
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-842925246-1417001333-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-842925246-1417001333-682003330-1003)
@Denied: (Full) (LocalSystem)
"View"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,2c,00,00,00,3a,00,00,00,2c,03,00,00,39,02,00,00,d8,00,00,\
"FindFlags"=dword:0000000e
"LastKey"=""
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\bgsvcgen.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-21 19:38:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-21 17:38
Pre-Run: 84.688.420.864 byte disponibili
Post-Run: 84.672.114.688 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 32A0156115AC39CFA87EDF00BEEE04A7