ComboFix 10-12-26.01 - Paolo 27/12/2010 14.07.04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2045.710 [GMT 1:00]
Eseguito da: c:\prova\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Microsoft
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\aamd532.dll
c:\program files\Perfect Optimizer\Config.db
c:\program files\Perfect Optimizer\config\head.bmp
c:\program files\Perfect Optimizer\config\Lng2Const.xml
c:\program files\Perfect Optimizer\config\logo.ico
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\SmallLogo.bmp
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\Data\Service\notebook_model.bat
c:\program files\Perfect Optimizer\Data\Service\office_model.bat
c:\program files\Perfect Optimizer\FreeUse.dll
c:\program files\Perfect Optimizer\InstallDll.dll
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.exe
c:\program files\Perfect Optimizer\SEClean.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\sqlite3.dll
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\WinUpdate.exe
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\languages_v2.xml
c:\program files\webmediaplayer\resources\webmedias
c:\program files\webmediaplayer\sqlite3.dll
c:\users\Paolo\AppData\Local\atfsf.dat
c:\users\Paolo\AppData\Local\atfsf_navtmp.dat
c:\users\Paolo\AppData\Local\pblnx.dat
c:\users\Paolo\AppData\Local\pblnx_nav.dat
c:\users\Paolo\AppData\Local\pblnx_navps.dat
c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\kWab.dll
c:\windows\system32\twain.dll
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-11-27 al 2010-12-27 )))))))))))))))))))))))))))))))))))
.
2010-12-27 14:03 . 2010-12-27 14:03 -------- d-----w- c:\users\manuela\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-27 13:59 . 2010-12-27 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-26 19:29 . 2010-12-26 19:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-12-26 19:06 . 2010-12-26 19:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-26 19:05 . 2010-12-26 19:29 -------- d-----w- c:\programdata\Hitman Pro
2010-12-26 17:04 . 2010-12-26 17:12 -------- d-----w- c:\programdata\Microsoft Help
2010-12-26 13:23 . 2010-12-26 13:23 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-26 13:10 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-26 13:08 . 2010-10-28 15:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-26 13:08 . 2010-10-28 13:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-26 13:08 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-26 11:53 . 2010-12-26 11:53 -------- d-----w- c:\windows\MATS
2010-12-26 09:19 . 2010-12-26 09:19 -------- d-----w- c:\users\Paolo\AppData\Local\FixItCenter
2010-12-26 09:00 . 2010-12-26 11:53 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-12-26 04:01 . 2010-12-26 04:01 -------- d-----w- c:\programdata\Nitro PDF
2010-12-26 04:00 . 2010-12-26 04:00 -------- d-----w- c:\programdata\Bluetooth
2010-12-26 03:59 . 2010-12-26 03:59 -------- d-----w- c:\programdata\PC Suite
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\Creative
2010-12-26 03:58 . 2010-12-26 04:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\FNET
2010-12-26 03:58 . 2010-12-26 06:09 -------- d-----w- c:\programdata\GTek
2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\programdata\InstallShield
2010-12-26 03:58 . 2010-12-27 07:05 -------- d-----w- c:\programdata\LogMeIn
2010-12-26 03:58 . 2010-12-27 07:05 -------- d-----w- c:\programdata\NVIDIA
2010-12-25 19:55 . 2010-12-25 19:55 -------- d-----w- c:\windows\xxclone.arc
2010-12-25 18:44 . 2010-12-25 18:44 -------- d-----w- c:\programdata\WindowsSearch
2010-12-25 16:52 . 2010-12-25 16:52 -------- d--h--w- c:\programdata\yahoo!
2010-12-25 09:47 . 2010-12-25 09:47 -------- d-----w- c:\programdata\Ashampoo
2010-12-25 08:46 . 2010-12-25 08:46 -------- d-----w- c:\program files\XXCLONE
2010-12-21 13:01 . 2010-11-10 04:33 6273872 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{146508FC-DC02-4163-8A2B-2FA50D986892}\mpengine.dll
2010-12-20 20:03 . 2010-12-20 20:03 -------- d-----w- C:\Giochi
2010-12-20 15:31 . 2010-12-20 17:23 -------- d-----w- c:\users\Paolo\AppData\Roaming\XBMC
2010-12-20 15:31 . 2010-12-20 15:34 -------- d-----w- c:\program files\XBMC
2010-12-20 15:08 . 2010-12-20 15:08 -------- d-----w- c:\users\Paolo\.invoicex
2010-12-18 14:41 . 2010-12-18 14:41 -------- d-----w- c:\users\Paolo\AppData\Roaming\NPLUTO Corporation
2010-12-16 19:35 . 2010-12-16 19:35 -------- d-----w- c:\program files\Common Files\Skype
2010-12-15 17:40 . 2010-12-15 17:40 -------- d-----w- c:\users\Paolo\.filestore
2010-12-15 12:01 . 2010-12-27 13:07 -------- d-----w- c:\users\Paolo\AppData\Local\freetvradio Air
2010-12-15 12:00 . 2010-12-15 17:16 -------- d-----w- c:\users\Paolo\AppData\Roaming\freeTVRadio
2010-12-15 11:57 . 2010-12-15 11:58 -------- d-----w- c:\program files\freeTVRadio
2010-12-12 10:03 . 2010-12-12 10:03 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-12-06 11:51 . 2010-12-06 12:20 -------- d-----w- c:\users\Public\installer heroes of the sky
2010-12-03 18:31 . 2010-12-03 18:31 -------- d-----w- c:\users\Paolo\AppData\Roaming\Avira
2010-12-01 19:45 . 2010-07-25 16:48 3728840 ----a-w- c:\windows\system32\GameMon.des
2010-12-01 19:44 . 2004-12-31 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-12-01 19:44 . 2003-07-16 15:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2010-12-01 19:44 . 2010-12-01 19:44 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-11-30 20:16 . 2010-12-18 12:32 -------- d-----w- C:\GamesCampus
2010-11-30 19:19 . 2010-12-18 20:04 -------- d-----w- c:\users\Paolo\AppData\Local\PMB Files
2010-11-30 19:18 . 2010-11-30 19:18 -------- d-----w- c:\program files\Pando Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-26 13:23 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-22 05:54 . 2009-05-28 13:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-22 05:54 . 2009-05-28 13:36 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-08 12:12 . 2008-06-12 16:35 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 12:11 . 2008-06-12 16:35 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 12:11 . 2008-06-12 16:35 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 12:11 . 2008-06-12 16:35 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-16 00:10 . 2010-11-16 00:10 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-10-22 13:59 . 2010-10-22 13:59 286720 ----a-w- c:\windows\iun507.exe
2010-10-19 09:41 . 2009-10-03 12:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-11 18:59 . 2010-10-11 18:59 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-10-01 13:48 . 2007-10-09 02:40 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-01 13:48 . 2007-10-09 02:40 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-01 10:19 . 2008-06-12 16:35 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-03-11 20:38 . 2010-03-30 05:05 653312 ----a-w- c:\program files\Common Files\SetupDLL.dll
2010-07-29 04:30 . 2008-09-19 19:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-04-13 15:52 . 2010-04-13 15:52 286720 ----a-w- c:\program files\mozilla firefox\components\htservice.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}]
2010-08-19 12:27 135840 ----a-w- c:\program files\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"WinSent"="c:\users\Paolo\Downloads\winsent1110128_en\winsent.exe" [2009-06-29 382464]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-02-08 177616]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-07-04 398568]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2008-05-08 390752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-11-12 433152]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-26 208896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-29 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-08-11 249856]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"00Hotkeys"="c:\program files\Qliner Hotkeys\HotKeys.exe" [2006-12-02 45056]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"FlipViewer Library"="c:\program files\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" [2008-12-04 409288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2009-08-05 3788800]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HHOTTViewGSB"="c:\program files\HHOTT\HHOTT View\HTGSB.exe" [2010-04-13 492544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2010-3-23 288176]
Memento.lnk - c:\program files\Memento\Memento.exe [2003-5-18 253952]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk.disabled
backup=c:\windows\pss\PalTalk.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pblnx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-28 01:19 733184 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\IT\Programs\registration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Laplink Web Server]
2007-08-09 12:19 1152304 ----a-w- c:\program files\Laplink Everywhere\LapLinkEverywhere.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate1c9dd3c515177b6;Google Update Service (gupdate1c9dd3c515177b6);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 133104]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R3 Access Remote PC Service 5.1;Access Remote PC Service 5.1;c:\program files\Access Remote PC 5.1\rpcsetup.exe [2007-11-26 2220784]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-10 15872]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-09-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-09-01 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-03 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-03 72728]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-13 33280]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-08-05 23680]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-29 30192]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
R3 HSFHWCD2;HSFHWCD2;c:\windows\system32\DRIVERS\HSFHWCD2.sys [x]
R3 HSXHWCD2;HSXHWCD2;c:\windows\system32\DRIVERS\HSXHWCD2.sys [2006-11-08 243712]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 267568]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-01-27 255488]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-07-25 3728840]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-12-16 40368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-11 721904]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-08-05 7936]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2008-05-08 31856]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-02-24 143360]
S2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2010-02-01 124336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-26 311296]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-26 266240]
S2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [2009-03-18 189696]
S2 ServerProxyService;ServerProxyService;c:\program files\Laplink Everywhere\ServerProxyService.exe [2007-08-09 136496]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 winShadow;winShadow;c:\program files\Laplink\winShadow\shwSrvc.exe [2007-08-09 673072]
S3 AVMNgBasM779;AVerMedia M779 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys [2007-02-13 49280]
S3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys [2007-02-13 219648]
S3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys [2007-02-13 147584]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-03 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-03 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-03 72728]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-09 5632]
S3 shwMirror;shwMirror;c:\windows\system32\DRIVERS\shwMirror.sys [2006-11-02 3584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
2010-12-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:06]
2010-12-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-04 11:22]
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 13:25]
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 13:25]
2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584481910-1332423684-1337546778-1001Core.job
- c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 12:26]
2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584481910-1332423684-1337546778-1001UA.job
- c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 12:26]
2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{691529E4-74B1-4052-8097-D0726F93B092}.job
- c:\windows\system32\msfeedssync.exe [2010-12-26 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://it.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager -
file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager -
file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager -
file://c:\program files\Free Download Manager\dllink.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B05AA15F-FB82-4431-80D3-B2393EDDAC18} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\azrghvcw.default\
FF - prefs.js: browser.startup.homepage -
hxxp://it.yahoo.com/FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 7\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Open IT Online:
extension@openitonline.com - %profile%\extensions\extension@openitonline.com
FF - Ext: Dizionario italiano:
it-IT@dictionaries.addons.mozilla.org - %profile%\extensions\it-IT@dictionaries.addons.mozilla.org
FF - Ext: Cooliris:
piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: YouPlayer:
youplayer@addons.mozilla.org - %profile%\extensions\youplayer@addons.mozilla.org
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - Ext: Alltid Hattrick Statistics: {fd048119-78ee-487f-8fb1-1668d3a6859b} - %profile%\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: CountdownClock: {19D3B002-1AD1-4a69-A5B3-AA98773DBB86} - %profile%\extensions\{19D3B002-1AD1-4a69-A5B3-AA98773DBB86}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Linky:
linky@gemal.dk - %profile%\extensions\linky@gemal.dk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-Nitro PDF Professional - (no file)
AddRemove-UBCD4Win_is1 - f:\ubcd4win\unins000.exe
AddRemove-{EA12F03F-0973-4715-9CBA-F2845999E777}_is1 - c:\program files\Perfect Optimizer\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-27 15:04
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
Scansione files nascosti ...
c:\users\Paolo\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scansione completata con successo
Files nascosti: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-584481910-1332423684-1337546778-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,1c,66,c3,6b,cb,8d,c9,68,53,92,91,18,38,e2,a5,6b,54,8e,6e,f2,a4,b8,
2d,d9,00,a0,4d,21,37,32,97,a8,24,6f,9f,ec,73,a2,8b,e0,6d,a3,7f,f0,03,c6,e5,\
"??"=hex:01,fb,0f,39,3d,9a,7b,5f,d0,14,b2,0b,14,ad,f9,42
[HKEY_USERS\S-1-5-21-584481910-1332423684-1337546778-1001\Software\SecuROM\License information*]
"datasecu"=hex:48,be,6d,58,e5,46,ed,12,d2,58,9d,b8,96,1b,04,91,47,bc,5b,19,a2,
29,93,52,00,50,ee,67,7e,05,a9,cd,6a,74,b3,c8,7c,ce,84,43,dc,6f,a0,e5,f6,f2,\
"rkeysecu"=hex:d3,f0,df,eb,2e,5e,50,a6,13,ae,a6,17,a8,7b,dc,dd
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-12-27 15:14:21
ComboFix-quarantined-files.txt 2010-12-27 14:14
Pre-Run: 46.605.426.688 byte disponibili
Post-Run: 46.945.574.912 byte disponibili
- - End Of File - - A3EE5308A6DD0FF5162A269AAED0B5C2