ComboFix 11-04-28.01 - laura 29/04/2011 4.21.11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1428 [GMT 2:00]
Eseguito da: c:\documents and settings\laura\Desktop\ComboFix.exe
AV: Ashampoo Anti-MalWare *Disabled/Updated* {91BDFB4E-BA7E-4ABC-9472-A79BA394CA4B}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\mazuki.dll
c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk
c:\documents and settings\laura\Dati applicazioni\cacaoweb
c:\documents and settings\laura\Dati applicazioni\OfferBox
c:\documents and settings\laura\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\laura\Dati applicazioni\PriceGong
c:\documents and settings\laura\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\laura\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\laura\WINDOWS
c:\programmi\save tube video company
c:\programmi\save tube video company\SaveTubeVideo\BrowserStartPage.dll
c:\programmi\save tube video company\SaveTubeVideo\Config.dat
c:\programmi\save tube video company\SaveTubeVideo\downloader.exe
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome.manifest
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\content\about.xul
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\content\settings.js
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.js
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.xul
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\locale\en-US\toolbar.properties
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\about.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\aboutDlg.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\bigbutton.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\gripper.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\savevideo2.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\search.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\settings.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\showstatus.png
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\skin\skysearchtoolbar.css
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\anti-viruses.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\archivators.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\auto credit.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\auto insurance.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\baccarat.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\bingo.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\body-building.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\casino.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\credit.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\free downloaders.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\general health.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\health and life.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\home.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\keno.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\men`s health.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\mp3 dvd players.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\pain relief.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\pets.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\poker.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\weight loss.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\chrome\words\women`s health.txt
c:\programmi\save tube video company\SaveTubeVideo\FF\components\ISwslib.xpt
c:\programmi\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.js
c:\programmi\save tube video company\SaveTubeVideo\FF\components\nsIRdsHistoryService.xpt
c:\programmi\save tube video company\SaveTubeVideo\FF\components\rdstb-autocomplete.js
c:\programmi\save tube video company\SaveTubeVideo\FF\components\swslib.dll
c:\programmi\save tube video company\SaveTubeVideo\FF\install.rdf
c:\programmi\save tube video company\SaveTubeVideo\FF\tmp
c:\programmi\save tube video company\SaveTubeVideo\InstallHelper.exe
c:\programmi\save tube video company\SaveTubeVideo\MinBHO.dll
c:\programmi\Save Tube Video Company\SaveTubeVideo\SaVEtubevideo.dll
c:\programmi\save tube video company\SaveTubeVideo\ToolbarUpdate.exe
c:\programmi\save tube video company\SaveTubeVideo\transport_dll.dll
c:\programmi\save tube video company\SaveTubeVideo\unins000.dat
c:\programmi\save tube video company\SaveTubeVideo\unins000.exe
c:\programmi\save tube video company\SaveTubeVideo\update.dat
c:\programmi\save tube video company\SaveTubeVideo\update.dll
c:\windows\Fsubea.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\sshnas21.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_npf
-------\Service_SSHNAS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-03-28 al 2011-04-29 )))))))))))))))))))))))))))))))))))
.
.
2011-04-28 23:07 . 2011-04-28 23:07 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\photoOptimizeHistoryDataBase
2011-04-28 23:07 . 2011-04-28 23:12 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Ashampoo Photo Optimizer 4
2011-04-24 18:31 . 2011-04-28 01:18 -------- d-----w- C:\Music
2011-04-24 18:29 . 2011-04-24 18:29 -------- d-----w- c:\programmi\Sagasoft
2011-04-23 20:12 . 2011-04-23 20:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2011-04-23 20:10 . 2011-04-23 20:10 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2011-04-23 15:24 . 2011-04-23 15:24 -------- d-----w- c:\programmi\Trend Micro
2011-04-21 18:37 . 2011-04-21 19:42 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Paint.NET
2011-04-21 18:36 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-04-21 18:34 . 2011-04-21 18:36 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-21 18:34 . 2011-04-21 18:34 -------- d-----w- c:\programmi\MSBuild
2011-04-21 18:33 . 2011-04-21 18:33 -------- d-----w- c:\programmi\Reference Assemblies
2011-04-21 18:33 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-21 18:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-21 18:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-21 18:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-21 18:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-21 18:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-21 18:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-21 18:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-21 18:33 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-21 18:25 . 2011-04-21 18:25 -------- d-----r- C:\AHCache
2011-04-17 00:21 . 2011-04-24 18:40 -------- d-----w- C:\My Music
2011-04-15 23:36 . 2011-04-15 23:36 -------- d-----w- c:\programmi\Solveig Multimedia
2011-04-15 23:36 . 2011-04-15 23:36 -------- d-----w- c:\programmi\File comuni\Solveig Multimedia
2011-04-15 22:39 . 2011-04-25 15:19 -------- d-----w- C:\OutputFolder
2011-04-13 17:14 . 2011-04-13 17:14 -------- d-----w- c:\programmi\Image Mender
2011-04-12 19:26 . 2011-04-12 19:26 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-12 19:25 . 2011-04-12 19:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2011-04-12 19:25 . 2011-04-12 19:25 -------- d-----w- c:\programmi\File comuni\ArcSoft
2011-04-12 19:25 . 2011-04-23 15:01 -------- d-----w- c:\programmi\ArcSoft
2011-04-12 19:25 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-04-12 19:24 . 2011-04-12 19:26 -------- d-----w- c:\documents and settings\laura\Dati applicazioni\ArcSoft
2011-04-10 19:27 . 2011-04-10 19:27 -------- d-----w- c:\documents and settings\laura\Dati applicazioni\Ashampoo Movie Menu
2011-04-10 19:27 . 2011-04-10 19:27 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Ashampoo Movie Menu
2011-04-05 20:22 . 2007-04-12 12:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2011-04-05 20:22 . 2006-09-26 11:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2011-04-05 20:22 . 2011-04-05 20:22 -------- d-----w- c:\programmi\Ultra Video Joiner
2011-04-04 12:57 . 2011-04-04 12:57 -------- d-----w- c:\documents and settings\laura\Dati applicazioni\Media Get LLC
2011-04-04 12:57 . 2011-04-04 12:57 -------- d-----w- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Media Get LLC
2011-04-04 12:57 . 2011-04-04 12:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Media Get LLC
2011-04-04 12:57 . 2011-04-04 12:57 -------- d-----w- c:\programmi\MediaGet
2011-03-31 19:41 . 2011-03-31 19:41 -------- d-----w- c:\documents and settings\laura\Dati applicazioni\FreeMoviesToDVD
2011-03-31 19:40 . 2009-01-23 18:08 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-03-31 19:40 . 2009-01-23 18:08 15360 ----a-w- c:\windows\system32\inetfr.DLL
2011-03-31 19:40 . 2009-01-23 18:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-03-31 19:40 . 2009-01-23 18:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-03-31 19:40 . 2009-01-23 18:08 115920 ----a-w- c:\windows\system32\msinet.OCX
2011-03-31 19:40 . 2009-01-23 18:08 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-03-30 18:14 . 2011-03-30 18:14 -------- d-----w- c:\programmi\File comuni\Java
2011-03-30 18:14 . 2011-03-30 18:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 18:14 . 2011-03-30 18:14 472808 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-30 18:14 . 2011-03-30 18:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 18:14 . 2011-03-30 18:14 -------- d-----w- c:\programmi\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 17:57 . 2011-03-07 18:02 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-29 22:00 . 2011-03-29 22:00 22 --sha-w- c:\documents and settings\laura\Dati applicazioni\Sys6925.Config Collection.sys
2011-03-29 18:00 . 2011-03-24 17:48 78044 ----a-w- c:\documents and settings\All Users\Dati applicazioni\bdinstall.bin
2011-03-05 15:45 . 2011-03-05 15:45 147456 ----a-w- c:\windows\system32\fmod.dll
2011-02-09 20:58 . 2011-01-07 01:46 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\programmi\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Backup4all Scheduler"="c:\programmi\Softland\Backup4all Professional 4\b4aSched.exe" [2010-12-14 2122576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"Ashampoo Anti-Malware Guard"="c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" [2010-08-26 3314176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\docume~1\ALLUSE~1\AVP11\mzvkbd3.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 -c--a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 -c--a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 -c--a-w- c:\programmi\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup4all Scheduler]
2010-12-14 15:23 2122576 ----a-w- c:\programmi\Softland\Backup4all Professional 4\b4aSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-09-29 18:32 3245408 -c--a-w- c:\programmi\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet]
2011-03-11 12:04 4482792 ----a-w- c:\programmi\MediaGet\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\laura\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\laura\\Impostazioni locali\\Dati applicazioni\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Lexmark\\Dashboard\\LX__Dashboard.exe"=
"c:\\WINDOWS\\system32\\lxeacoms.exe"=
"c:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
"c:\\Programmi\\Softland\\Backup4all Professional 4\\Backup4all.exe"=
"c:\\Programmi\\Softland\\Backup4all Professional 4\\b4aCmd.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [15/03/2011 20.18.17 97112]
R1 SASDIFSV;SASDIFSV;d:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20.41.30 67656]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [07/01/2011 3.45.57 95592]
R2 AAMW_WSC_Service_XP;Ashampoo Anti-Malware WSC Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_XP.exe [29/04/2011 3.02.22 53248]
R2 AAMWService;Ashampoo Anti-Malware Service;c:\programmi\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [29/04/2011 3.02.32 1309528]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service
c:\windows\system32\lxeacoms.exe -service
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [07/05/2010 0.19.06 132184]
S1 SABKUTIL;SABKUTIL;\??\c:\programmi\SUPERAntiSpyware\SABKUTIL.sys
c:\programmi\SUPERAntiSpyware\SABKUTIL.sys
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [26/10/2010 17.25.10 98984]
S3 uvnc_service;uvnc_service;c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\CrossLoop\winvnc.exe [21/08/2010 12.54.19 1590216]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [14/06/2010 0.29.58 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [14/06/2010 0.29.54 85696]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/01/2011 3.46.17 436792]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-28 c:\windows\Tasks\b4a_Nuovo Backup.job
- c:\programmi\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2010-12-14 15:23]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1326574676-682003330-1004Core.job
- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-17 17:33]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1326574676-682003330-1004UA.job
- c:\documents and settings\laura\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-11-17 17:33]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.com/mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Scarica con IDM - c:\documents and settings\laura\Desktop\Programmi\IEExt.htm
IE: Scarica con IDM contenuti video FLV - c:\documents and settings\laura\Desktop\Programmi\IEGetVL.htm
IE: Scarica con Mipony -
file://c:\programmi\MiPony\Browser\IEContext.htm
IE: Scarica tutti i link con IDM - c:\documents and settings\laura\Desktop\Programmi\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\laura\Dati applicazioni\Mozilla\Firefox\Profiles\rr3vr6eg.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://search.conduit.com/ResultsExt.as ... 2465030&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
FF - Ext: Softonic-IT Community Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - %profile%\extensions\{e3393495-8103-46a0-8181-270273eddd60}
FF - Ext: IDM CC:
mozilla_cc@internetdownloadmanager.com - c:\documents and settings\laura\Dati applicazioni\IDM\idmmzcc3
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ares - c:\programmi\Ares\Ares.exe
AddRemove-SaveTubeVideo_is1 - c:\programmi\Save Tube Video Company\SaveTubeVideo\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-04-29 04:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3404)
c:\programmi\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\lxeacoms.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\Softland\Backup4all Professional 4\b4aShutMon.exe
.
**************************************************************************
.
Ora fine scansione: 2011-04-29 04:30:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-04-29 02:30
.
Pre-Run: 36.387.745.792 byte disponibili
Post-Run: 36.312.772.608 byte disponibili
.
- - End Of File - - D1A545399D49D7283AFEBDC15AD22966