ComboFix 10-09-15.01 - Peppe 16/09/2010 13.54.20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.585 [GMT 2:00]
Eseguito da: c:\documents and settings\Peppe\Desktop\pippo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {7C9258A4-FBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-DBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-DBF8-7FFD-A02E-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-EBF8-7FFD-402F-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-EBF8-7FFD-A02E-250000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C9258A4-FBF8-7FFD-A02E-250000000000}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Peppe\Impostazioni locali\Temporary Internet Files\mvb06759.tmp
c:\windows\SW_Win3242X48.DLL
c:\windows\system\Asycfilt.dll
c:\windows\system\Cmct3it.dll
c:\windows\system\Crtdll.dll
c:\windows\system\Dciman32.dll
c:\windows\system\Mpr.dll
c:\windows\system\Msvbvm50.dll
c:\windows\system\msvbvm60.dll
c:\windows\system\Msvcrt20.dll
c:\windows\system\Msvcrt40.dll
c:\windows\system\Ntdll.dll
c:\windows\system\Oleaut32.dll
c:\windows\system\olepro32.dll
c:\windows\system\Rpcrt4.dll
c:\windows\system\VB40032.DLL
c:\windows\system32\UACxpclovdu.db
F:\Autorun.inf
La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Files Creati Da 2010-08-16 al 2010-09-16 )))))))))))))))))))))))))))))))))))
.
2010-09-15 08:10 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-09-15 07:35 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-15 07:35 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-15 07:35 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-15 07:35 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-15 07:35 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-15 07:35 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-09-15 07:35 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-09-15 07:35 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-09-15 07:35 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-09-14 06:27 . 2010-09-14 06:27 -------- d-----w- c:\documents and settings\NetworkService\Documenti
2010-09-14 06:26 . 2010-09-14 06:27 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-09-13 10:36 . 2010-09-13 10:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kodak
2010-09-10 08:45 . 2010-09-10 08:45 -------- d-sh--w- c:\documents and settings\LocalService\UserData
2010-09-09 15:59 . 2010-09-10 08:41 -------- d-----w- c:\programmi\Windows Live Safety Center
2010-09-07 13:19 . 2010-09-07 13:19 -------- d-----w- c:\programmi\File comuni\ParallelGraphics
2010-09-06 16:15 . 2010-09-06 16:16 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\MSN6
2010-09-06 16:15 . 2010-09-06 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSN6
2010-09-02 08:23 . 2010-09-02 08:23 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-09-01 15:46 . 2005-01-31 13:05 17920 ----a-w- c:\windows\system32\wnaspi32.dll
2010-08-31 08:33 . 2010-08-31 08:33 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-08-31 07:23 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-30 18:32 . 2010-08-30 18:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-30 14:03 . 2010-08-30 14:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-30 13:57 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-30 12:56 . 2010-08-30 12:56 -------- d-----w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-08-30 12:55 . 2010-08-30 12:55 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 11:15 . 2010-05-07 22:40 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-08-25 11:15 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-08-25 11:15 . 2010-08-25 11:16 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\FreeFLVConverter
2010-08-25 11:15 . 2010-08-25 11:15 -------- d-----w- c:\programmi\Free FLV Converter
2010-08-25 11:04 . 2010-08-25 11:12 -------- d-----w- c:\programmi\Need4 Video Converter 7
2010-08-24 20:53 . 2005-03-18 13:01 626688 ----a-w- c:\windows\system32\NCTImageFile.dll
2010-08-24 20:53 . 2005-02-28 13:47 344064 ----a-w- c:\windows\system32\NCTImageView.dll
2010-08-24 20:53 . 2005-02-28 13:47 335872 ----a-w- c:\windows\system32\NCTImageUtility.dll
2010-08-24 20:53 . 2005-02-28 13:47 401408 ----a-w- c:\windows\system32\NCTImageTransform.dll
2010-08-24 20:53 . 2008-04-25 08:36 98304 ----a-w- c:\windows\system32\DVM.dll
2010-08-24 20:53 . 2008-01-18 09:34 286720 ----a-w- c:\windows\system32\vic32.dll
2010-08-24 20:53 . 2007-12-03 11:02 53248 ----a-w- c:\windows\system32\RegisterExe.exe
2010-08-24 20:53 . 2010-08-24 20:53 -------- d-----w- c:\programmi\Softinterface, Inc
2010-08-24 20:45 . 2010-08-24 21:09 -------- d-----w- c:\programmi\ReaConverter 5.5 Pro
2010-08-24 19:35 . 2010-08-29 15:52 -------- d---a-w- C:\My MDTune
2010-08-24 19:35 . 2010-08-24 19:35 -------- d-----w- c:\programmi\digitalstage
2010-08-24 18:49 . 2010-08-24 18:49 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-08-24 18:22 . 2010-08-24 18:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-24 18:11 . 2010-08-24 18:11 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\DAEMON Tools Lite
2010-08-24 18:11 . 2010-08-24 18:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-08-22 10:19 . 2010-08-22 10:48 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Ableton
2010-08-22 10:19 . 2010-08-23 10:18 -------- d-----w- c:\programmi\Ableton
2010-08-19 17:41 . 2010-08-19 17:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 07:51 . 2010-08-19 07:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-19 07:46 . 2010-08-19 07:46 -------- d-sh--w- c:\documents and settings\Peppe\IECompatCache
2010-08-19 07:45 . 2010-08-19 07:45 -------- d-sh--w- c:\documents and settings\Peppe\PrivacIE
2010-08-19 07:42 . 2010-08-19 07:42 -------- d-sh--w- c:\documents and settings\Peppe\IETldCache
2010-08-18 22:16 . 2010-08-18 22:18 -------- dc-h--w- c:\windows\ie8
2010-08-18 22:06 . 2010-08-18 22:06 -------- d-----w- C:\6d9b01b9c47d73221d0937cc7c19
2010-08-17 13:35 . 2010-08-17 13:40 -------- d-----w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\Yahoo
2010-08-17 13:30 . 2010-08-17 13:35 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Yahoo!
2010-08-17 13:28 . 2010-09-11 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2010-08-17 13:25 . 2010-09-11 22:48 -------- d-----w- c:\programmi\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 13:06 . 2008-09-26 13:06 114562592 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-09-16 12:24 . 2008-09-26 13:06 1537316 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-09-11 06:27 . 2010-09-11 06:28 2637312 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
2010-09-11 06:27 . 2010-09-11 06:28 2736640 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
2010-09-08 15:57 . 2010-07-30 05:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 10:03 . 2009-01-05 21:51 -------- d-----w- c:\programmi\WarRock
2010-09-06 22:59 . 2010-06-28 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-09-06 11:19 . 2008-12-03 07:52 21261553 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2010-09-04 22:35 . 2008-06-20 09:51 120 ----a-w- C:\drmHeader.bin
2010-09-01 20:34 . 2010-05-15 07:25 -------- d-----w- c:\programmi\SecondLifeViewer2
2010-09-01 15:46 . 2010-08-24 18:41 -------- d-----w- c:\programmi\ISOpen
2010-08-30 12:52 . 2009-08-27 06:34 -------- d-----w- c:\programmi\Lavasoft
2010-08-30 12:52 . 2009-08-27 06:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-08-27 21:18 . 2010-08-27 21:19 210432 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
2010-08-27 12:46 . 2008-07-05 13:37 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Veam
2010-08-27 12:46 . 2009-09-04 04:27 -------- d-----w- c:\documents and settings\Peppe\Dati applicazioni\Musoi
2010-08-26 18:49 . 2010-08-26 19:32 2532352 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
2010-08-26 18:49 . 2010-08-26 19:32 2931712 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2010-08-24 18:12 . 2008-04-05 12:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-24 16:42 . 2008-03-05 12:00 102400 -c--a-w- c:\documents and settings\Peppe\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-17 14:18 . 2010-08-17 15:38 2424832 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2010-08-17 14:18 . 2010-08-17 15:38 2936320 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2010-08-16 22:28 . 2010-04-11 06:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-26 05:09 . 2010-07-26 05:09 -------- d-----w- c:\programmi\Grafill
2010-07-23 09:25 . 2010-07-23 09:26 2380288 ----a-w- c:\windows\Internet Logs\xDB47.tmp
2010-07-19 18:43 . 2010-07-19 18:42 -------- d-----w- c:\programmi\KaraFun
2010-07-19 18:42 . 2010-07-19 18:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Recisio
2010-07-05 17:21 . 2001-08-31 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2010-07-05 17:21 . 2001-08-31 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2008-05-03 20:36 . 2008-05-03 20:36 1354 -c--a-w- c:\programmi\qfuwgi.txt
1998-12-04 09:59 . 2009-09-02 18:43 5811 -c--a-w- c:\programmi\UNWISE.INI
1998-12-02 10:15 . 2009-09-02 18:43 139264 ----a-w- c:\programmi\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"Realtek hd pannel"="c:\programmi\Realtek\InstallShield\RTHDCPL.exe" [2006-01-11 15961088]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-31 385024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57243:TCP"= 57243:TCP:Pando Media Booster
"57243:UDP"= 57243:UDP:Pando Media Booster
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/08/2010 15.57.08 64288]
R2 ExseNTdr;ExseNTdr;c:\windows\system32\drivers\exsentdr.sys [11/09/2000 7.30.00 30240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14.15.19 1355928]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [05/10/2005 11.44.06 468768]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2008 14.37.04 691696]
S1 as6eio;as6eio;c:\windows\system32\drivers\as6eio.sys
c:\windows\system32\drivers\as6eio.sys
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys
c:\windows\system32\drivers\bizVSerialNT.sys
S2 gupdate1cae88621e876a8;Servizio di Google Update (gupdate1cae88621e876a8);c:\programmi\Google\Update\GoogleUpdate.exe [30/04/2010 18.56.51 133104]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\Peppe\IMPOST~1\Temp\{1735A~1\atiicdxx.sys
c:\docume~1\Peppe\IMPOST~1\Temp\{1735A~1\atiicdxx.sys
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [08/01/2009 22.03.42 103552]
S3 EP800Camera;E-Video DC-100 USB Camera;c:\windows\system32\drivers\ep800vc.sys [05/05/2008 22.31.22 106428]
S3 esihdrv;esihdrv;\??\c:\docume~1\Peppe\IMPOST~1\Temp\esihdrv.sys
c:\docume~1\Peppe\IMPOST~1\Temp\esihdrv.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [25/03/2009 18.45.39 1527900]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [03/11/2009 15.42.15 16896]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14.15.19 15008]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [25/03/2008 1.45.16 30329]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [20/08/2004 5.39.46 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service
c:\windows\system32\GameMon.des -service
S3 VPDaemon;Lectra VigiPrint Service;c:\programmi\Lectra\VigiPrint\bin\vpdaemon.exe
c:\programmi\Lectra\VigiPrint\bin\vpdaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2010-09-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:12]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-30 16:56]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-30 16:56]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Clean Traces
IE: &Download by Orbit
IE: &Download with &DAP
IE: &Grab video by Orbit
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: Download &all with DAP
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-Convert Image_is1 - c:\programmi\Softinterface
AddRemove-DC100 - c:\programmi\DC100\DC100\Uninst.isu
AddRemove-Drive Rescue - c:\program files\Alexander Grau\Drive Rescue\DeIsL1.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-16 15:02
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BCCCB86-FD6C-D450-30F1-3DB793A48527}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahabbifnkpgobdbao"=hex:6b,61,6c,6c,65,6a,6d,68,6f,62,6e,6c,6c,68,68,6a,6b,70,
62,6d,63,66,00,00
"hanadchbmnkahplc"=hex:6b,61,6c,6c,65,6a,6d,68,6f,62,6e,6c,6c,68,68,6a,6b,70,
62,6d,63,66,00,00
[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EDA66BA8-E925-1E19-4243-A994F0F82CBD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajihflkeoiehbpkgf"=hex:6a,61,69,70,6a,6d,6b,67,67,66,64,70,6e,6f,6e,61,6c,69,
62,6e,00,00
"halgooaihnhcopad"=hex:6a,61,69,70,6a,6d,6b,67,67,66,64,70,6e,6f,6e,61,6c,69,
62,6e,00,ff
"ianhhkfkkgbkacodlp"=hex:63,61,65,70,6b,6a,00,7c
[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EFB86E60-14B3-70E8-9623-79C8DAEAE95D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eadaacamig"=hex:66,61,62,70,62,65,6f,6a,6d,6f,66,6d,00,31
"daaahpfh"=hex:64,62,70,66,64,68,6b,6f,69,69,6a,63,6e,69,63,62,67,6a,64,61,66,
6d,67,6f,62,6e,63,64,6c,65,62,6f,62,61,70,63,61,6f,64,65,00,00
"ialgbgbmncgmighdba"=hex:6a,61,68,6c,61,6b,68,66,6f,61,6a,68,69,6c,6f,6a,6e,64,
6d,61,00,00
"hajfhejmlhflpeek"=hex:6a,61,68,6c,61,6b,68,66,6f,61,6a,68,69,6c,6f,6a,6e,64,
6d,61,00,00
[HKEY_USERS\S-1-5-21-1177238915-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1BA7825-A783-9540-3A51-65658A30E8CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadpefdjajefbidigm"=hex:6b,61,70,70,6e,6c,6b,6b,6a,6c,6d,68,63,63,68,6e,6a,6b,
64,67,67,67,00,00
"hanacfjdgmgaholf"=hex:6a,61,70,70,6e,6c,6b,6b,65,6c,65,70,70,70,6c,64,64,69,
61,6c,00,6a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1016)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\jsproxy.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\EPSON\ESM2\eEBSVC.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\msiexec.exe
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
c:\programmi\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-09-16 15:18:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-16 13:18
ComboFix2.txt 2009-09-02 23:12
ComboFix3.txt 2009-09-02 09:30
ComboFix4.txt 2008-05-04 14:43
Pre-Run: 2.259.832.832 byte disponibili
Post-Run: 7.386.738.688 byte disponibili
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 606FDE0CCAAC7F1457D68732787E49BD