ComboFix 09-08-10.06 - Roberto 15/08/2009 18.24.13.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.588 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\xxx.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\b4cb8.msi
c:\windows\system32\mfc45.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-07-15 al 2009-08-15 )))))))))))))))))))))))))))))))))))
.
2009-08-15 15:58 . 2009-08-15 15:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 07:23 . 2009-08-13 07:23 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2009-08-13 06:07 . 2009-08-15 16:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\OnlineArmor
2009-08-12 07:43 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 15:55 . 2009-08-11 16:01 240 ----a-w- C:\sccfg.sys
2009-08-11 15:55 . 2005-04-11 14:40 73728 ----a-w- c:\windows\system32\FLKill.exe
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\GrabPro
2009-08-08 16:16 . 2009-08-15 16:14 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Orbit
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\programmi\Orbitdownloader
2009-08-08 16:14 . 2009-08-08 16:15 -------- d-----w- c:\programmi\ERUNT
2009-08-08 16:12 . 2009-08-08 16:13 -------- d-----w- c:\programmi\Eusing Free Registry Cleaner
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 14:05 . 2009-08-01 14:08 -------- d-----w- c:\documents and settings\Roberto\.gimp-2.6
2009-08-01 14:04 . 2009-08-01 14:04 -------- d-----w- c:\documents and settings\Roberto\.gegl-0.0
2009-08-01 14:03 . 2009-08-01 14:03 -------- d-----w- c:\programmi\GIMP-2.0
2009-08-01 13:29 . 2008-04-15 15:17 296960 -c----w- c:\windows\system32\dllcache\termsrv.dll
2009-07-31 12:46 . 2009-07-31 12:51 -------- d-----w- c:\programmi\Memory
2009-07-30 13:14 . 2009-07-30 13:13 100976 ------w- c:\windows\system32\UrlFilter.dll
2009-07-30 13:14 . 2009-07-30 13:13 96880 ------w- c:\windows\system32\KakaTool.dll
2009-07-30 13:14 . 2009-07-30 13:13 637592 ------w- c:\windows\system32\kmon.dll
2009-07-30 13:14 . 2009-07-30 13:13 15776 ------w- c:\windows\system32\kknative.exe
2009-07-30 10:41 . 2009-07-30 10:41 -------- d-----w- c:\programmi\TaskSwitchXP
2009-07-30 10:40 . 2009-07-30 10:34 42496 ----a-w- c:\windows\system32\XPize Logo.scr
2009-07-30 10:40 . 2009-07-30 10:34 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr
2009-07-30 10:38 . 2009-07-30 10:38 -------- d-----w- c:\programmi\Anolis
2009-07-29 15:08 . 2009-07-29 15:08 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-29 15:08 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-29 15:08 . 2009-07-29 15:08 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-29 15:00 . 2009-08-08 22:54 117760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 14:58 . 2009-08-08 21:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2009-07-27 12:53 . 2009-07-27 12:53 -------- d-----w- c:\programmi\MyDefrag v4.1.1
2009-07-27 12:53 . 2009-07-25 15:00 95232 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-07-27 12:53 . 2009-07-25 15:00 854528 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-07-24 20:20 . 2009-07-24 20:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2009-07-21 19:03 . 2009-07-27 13:45 10 ----a-w- c:\windows\popcinfo.dat
2009-07-21 17:05 . 2009-07-21 17:05 -------- d-----w- c:\programmi\PopCap Games
2009-07-21 17:04 . 2009-07-21 17:06 -------- d-----w- c:\programmi\Zuma Deluxe
2009-07-20 08:43 . 2009-07-20 08:43 -------- d-----w- c:\windows\Downloaded Program Files
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 16:00 . 2009-01-12 10:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-15 15:58 . 2008-07-13 19:09 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2009-08-13 06:07 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2009-08-13 06:07 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2009-08-12 19:03 . 2009-06-26 15:59 -------- d-----w- c:\programmi\COMODO
2009-08-12 10:58 . 2008-11-03 12:33 -------- d-----w- c:\programmi\Paragon Software
2009-08-11 17:14 . 2008-05-19 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-08 23:00 . 2008-05-20 16:57 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-08 22:51 . 2009-06-11 11:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-08 22:51 . 2009-07-14 10:15 3942048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 22:49 . 2008-05-19 22:18 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-06 18:25 . 2009-05-12 09:11 -------- d-----w- c:\programmi\Desktop Maestro
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-06-11 11:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-06-11 11:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 12:13 . 2008-08-14 20:31 -------- d-----w- c:\programmi\iolo
2009-08-01 07:34 . 2008-07-03 01:29 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-31 17:58 . 2008-05-19 20:54 59920 ----a-w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-31 14:29 . 2008-05-20 16:55 -------- d-----w- c:\programmi\Google
2009-07-31 13:43 . 2008-09-25 12:34 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-30 13:14 . 2009-06-20 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Rising
2009-07-30 10:41 . 2008-05-19 20:35 765440 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-07-30 10:41 . 2005-01-28 13:22 276992 ----a-w- c:\windows\system32\audiodev.dll
2009-07-30 10:41 . 2004-08-19 12:00 50176 ----a-w- c:\windows\system32\utilman.exe
2009-07-30 10:41 . 2004-08-19 12:00 2797568 ----a-w- c:\windows\system32\logonui.exe
2009-07-30 10:41 . 2004-08-19 12:00 203776 ----a-w- c:\windows\system32\tcpmonui.dll
2009-07-30 10:41 . 2004-08-19 12:00 541696 ----a-w- c:\windows\system32\sti_ci.dll
2009-07-30 10:41 . 2004-08-19 12:00 1265664 ----a-w- c:\windows\system32\rasdlg.dll
2009-07-30 10:41 . 2004-08-19 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe
2009-07-30 10:41 . 2004-08-19 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll
2009-07-30 10:41 . 2004-08-19 12:00 221696 ----a-w- c:\windows\system32\fldrclnr.dll
2009-07-30 10:41 . 2004-08-19 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll
2009-07-30 10:40 . 2004-08-19 12:00 794624 ----a-w- c:\windows\system32\sstext3d.scr
2009-07-30 10:40 . 2004-08-19 12:00 819200 ----a-w- c:\windows\system32\ss3dfo.scr
2009-07-30 10:40 . 2004-08-19 12:00 724992 ----a-w- c:\windows\system32\sspipes.scr
2009-07-30 10:40 . 2004-08-19 12:00 507904 ----a-w- c:\windows\system32\ssflwbox.scr
2009-07-30 10:40 . 2004-08-19 12:00 121856 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-30 10:40 . 2008-05-19 20:34 20992 ----a-w- c:\windows\system32\write.exe
2009-07-30 10:40 . 2004-08-19 12:00 9202176 ----a-w- c:\windows\system32\wmploc.dll
2009-07-30 10:40 . 2005-08-30 03:55 2676736 ----a-w- c:\windows\system32\quartz.dll
2009-07-30 10:40 . 2004-08-19 12:00 388096 ----a-w- c:\windows\system32\msieftp.dll
2009-07-30 10:38 . 2004-08-19 12:00 1456128 ----a-w- c:\windows\system32\setupapi.dll
2009-07-29 15:07 . 2009-01-06 23:54 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-07-29 14:59 . 2008-11-18 12:26 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-29 14:59 . 2008-07-21 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com
2009-07-29 14:58 . 2009-05-26 07:34 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-26 17:41 . 2009-04-28 18:34 28600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-25 11:12 . 2009-05-23 18:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-07-25 09:04 . 2009-05-09 19:11 -------- d-----w- c:\programmi\DivX
2009-07-24 23:12 . 2009-07-24 23:11 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-07-24 20:37 . 2008-05-24 11:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2009-07-24 20:19 . 2009-05-09 14:09 -------- d-----r- c:\programmi\Skype
2009-07-24 20:19 . 2008-05-24 11:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-07-24 09:42 . 2009-02-27 10:00 -------- d-----w- c:\programmi\Notepad++
2009-07-24 08:49 . 2008-10-18 18:12 -------- d-----w- c:\programmi\Ashampoo
2009-07-23 21:01 . 2008-07-26 08:54 -------- d-----w- c:\programmi\Safari
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:43 . 2009-07-16 14:44 802644 ----a-w- c:\windows\Fonts\trashco_ttf_download_by_loosy.ttf
2009-07-16 14:43 . 2009-07-16 14:43 77996 ----a-w- c:\windows\Fonts\S_O_T_D_.TTF
2009-07-16 14:39 . 2009-07-16 14:40 40836 ----a-w- c:\windows\Fonts\Loveable_Scruff_by_gallow.ttf
2009-07-16 14:16 . 2009-07-16 14:16 24192 ----a-w- c:\windows\Fonts\Bobel_font_by_pitters.ttf
2009-07-16 14:09 . 2009-07-16 14:11 15348 ----a-w- c:\windows\Fonts\ABC___Font_Typeface_Version_2_by_MyFox.ttf
2009-07-16 14:08 . 2009-07-16 14:10 58160 ----a-r- c:\windows\Fonts\AB_Exp_by_III_wildcard_III.ttf
2009-07-16 13:36 . 2009-01-30 16:31 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-07-16 10:25 . 2009-07-16 14:33 69396 ----a-w- c:\windows\Fonts\duepuntozero_bold.ttf
2009-07-16 10:25 . 2009-07-16 14:33 71236 ----a-w- c:\windows\Fonts\duepuntozero.ttf
2009-07-15 11:25 . 2009-07-02 14:16 -------- d-----w- c:\programmi\a-squared Anti-Malware
2009-07-13 21:43 . 2004-08-19 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_294823.exe
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_18be6784.exe
2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\programmi\Microsoft Calculator Plus
2009-07-13 12:24 . 2009-07-05 18:45 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-12 18:48 . 2009-06-03 18:42 -------- d-----w- c:\programmi\MessengerDiscovery 2
2009-07-12 18:31 . 2009-05-23 17:18 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-09 21:22 . 2009-07-16 15:03 24820 ----a-w- c:\windows\Fonts\MISO-LIG.OTF
2009-07-09 21:22 . 2009-07-16 15:03 24572 ----a-w- c:\windows\Fonts\MISO-BOL.OTF
2009-07-09 21:22 . 2009-07-16 15:03 60196 ----a-w- c:\windows\Fonts\miso-light.ttf
2009-07-09 21:22 . 2009-07-16 15:02 60860 ----a-w- c:\windows\Fonts\miso-bold.ttf
2009-07-09 21:22 . 2009-07-16 15:02 59328 ----a-w- c:\windows\Fonts\miso-regular.ttf
2009-07-09 21:22 . 2009-07-16 15:02 25024 ----a-w- c:\windows\Fonts\MISO____.OTF
2009-07-09 19:35 . 2009-06-04 14:26 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\MessengerDiscovery 2
2009-07-06 20:44 . 2009-07-07 15:59 937984 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 15:59 65536 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 15:59 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-06 20:44 . 2009-07-07 15:59 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 15:59 4722688 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 15:59 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\programmi\Avira
2009-07-05 09:03 . 2009-06-09 17:07 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 Beta 4
2009-07-04 11:08 . 2008-05-19 20:43 -------- d-----w- c:\programmi\Java
2009-07-04 07:57 . 2008-09-25 17:17 -------- d-----w- c:\programmi\Rainlendar2
2009-07-04 07:56 . 2008-07-25 01:25 -------- d-----w- c:\programmi\Uniblue
2009-07-04 07:39 . 2009-07-04 07:39 -------- d-----w- c:\programmi\Glary Utilities
2009-07-03 11:52 . 2009-07-03 11:52 -------- d-----w- c:\programmi\WhoCrashed
2009-07-02 16:51 . 2008-06-30 00:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-06-30 17:19 . 2009-07-02 13:16 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-27 13:45 . 2009-06-27 13:31 -------- d-----w- c:\programmi\BOINC
2009-06-26 23:17 . 2009-05-05 14:48 2288640 ----a-w- c:\windows\system32\TUKernel.exe
2009-06-26 18:28 . 2009-06-26 16:01 1270256 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-23 23:12 . 2009-06-23 23:12 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2005-09-02 23:53 663040 AF06731262917615B4DF9E0E88B7E436 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2006-01-09 17:59 664576 B404779B16EB2CD8C574FB343D277521 c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-05-13 05:07 915456 4D9C680641CC367FEEFE308C6577E0CD c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:00 915456 D58780F07D0F5C83B3DB634BBB273D39 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 02:13 668672 663E74D98D2E67C1343D367388EDD711 c:\windows\ie7\wininet.dll
[7] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 817152 7AB81E00769B75B23A5FDCF8CAC76A88 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-01-15 01:05 911872 203C05A174A45270A30CDD593092D91E c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-30 10:39 928768 D9E4AB4C746AB1C0CC966B28A76718B1 c:\windows\system32\wininet.dll
[7] 2009-07-03 16:55 915456 9A9F818B89CD92F1BAD393B525A16051 c:\windows\system32\dllcache\wininet.dll
[-] 2009-07-30 10:39 1800192 A4675F36090C3D748D21D8CD493D9966 c:\windows\explorer.exe
[-] 2008-04-14 02:14 978432 3D46C53CA961C49272037F98807537BD c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-07-30 10:38 30208 23DFF363C6203BE801C279F6FFEEB5DF c:\windows\system32\ctfmon.exe
[-] 2005-10-05 00:52 3015680 8A2B19DEE3D28C8BF0DD5F3454648AFB c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2006-02-01 02:52 3035648 F3701B305DBD8A6CD781AC4DA76FF23B c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[7] 2008-03-01 12:34 3593216 14154D51ED61852B3AD4845103302ECE c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 04:19 3593728 3B3A745E1C92A877C3F237ADFBA8348C c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 15:39 3594240 8E52FEC7D214C3B62871F8637F204114 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 09:08 3594752 FA61793E4E3F5C896C0728F350E30FAF c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-10-16 19:32 3595264 6EA04EE075C69345AB9B90C7A8740A04 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 06:27 3594752 C352D6D2EFC11942BA84B996BAFFB182 c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2009-05-13 05:07 5936128 A171E96E5830B6C269591415997C15C8 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:07 5938176 C1ABBFE345CC9557BAA8FBDC8B572D06 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2008-04-14 02:13 3066880 F543C74EB47E1C1DB9362BDFE06433EE c:\windows\ie7\mshtml.dll
[7] 2008-03-01 16:28 3591680 571EAAB1E810CE9595C67A0EC9AE6DCF c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2007-08-13 16:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-06-24 08:15 3592192 080DEB244585EB5772F6E6DEA75B4380 c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:57 3866112 E01CD8C05F164938D9AB37A567E122A6 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-10-17 00:34 3593216 6325783D4583E0EEBF26AA1286F26E70 c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-12-13 06:36 3593216 CA3BD4783DC7CA85E949EA6FF5906617 c:\windows\ie8\mshtml.dll
[7] 2009-03-08 02:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-05-13 05:02 5936128 12AD3C143519BC4C0AA456F91B8330BD c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-01-15 01:13 5888512 42B04AFD48BE284B1615E890FC028CB3 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-30 10:40 6023680 7E62EBBD5044B38F68721607745DA4D5 c:\windows\system32\mshtml.dll
[7] 2009-07-19 13:12 5937152 C977B8BD90795AB2AC79C364616C35CB c:\windows\system32\dllcache\mshtml.dll
[7] 2008-04-14 02:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2009-07-30 10:39 860672 E8D99B2162A1779DA2C04BC1997A03FB c:\windows\system32\comres.dll
c:\windows\system32\appmgmts.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2008-12-15 1100048]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-30 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\programmi\Stardock\Fences\DesktopDock.dll" [2009-02-04 513384]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Dati applicazioni\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ninja.lnk]
backup=c:\windows\pss\ninja.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" /background
"FreeRAM XP"="c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DesktopMaestro"=c:\programmi\Desktop Maestro\deskmech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe"
"Google Update"="c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
"AnVir Task Manager"="c:\programmi\AnVir Task Manager\AnVir.exe" Minimized
"F.lux"="c:\documents and settings\Roberto\Local Settings\Apps\F.lux\flux.exe" /noshow
"USB Safely Remove"=c:\programmi\USB Safely Remove\USBSafelyRemove.exe /startup
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"TaskSwitchXP"=c:\programmi\TaskSwitchXP\TaskSwitchXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"mspwr"=c:\windows\system32\PuXpMan2.exe
"AppleSyncNotifier"=c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Device Detector"=DevDetect.exe -autorun
"flockbox"=c:\programmi\My Lockbox\flockbox.exe /a
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe
"PWRISOVM.EXE"=c:\programmi\PowerISO\PWRISOVM.EXE
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /QS
"AntiLogger"="c:\programmi\AntiLogger\AntiLogger.exe" /minimized
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"runeip"="c:\program files\Rising\AntiSpyware\rstray.exe" /startup
"ooccctrl.exe"=c:\programmi\OO Software\CleverCache\ooccctrl.exe /tasktray
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" /min
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9880:TCP"= 9880:TCP:*:Disabled:BitComet 9880 TCP
"9880:UDP"= 9880:UDP:*:Disabled:BitComet 9880 UDP
"24905:TCP"= 24905:TCP:*:Disabled:BitComet 24905 TCP
"24905:UDP"= 24905:UDP:*:Disabled:BitComet 24905 UDP
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [03/11/2008 14.34.26 40368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/01/2009 10.20.52 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [30/12/2008 4.19.36 17264]
R1 AntiLog32;AntiLog32;c:\programmi\AntiLogger\AntiLog32.sys [02/02/2009 19.45.53 108912]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [05/07/2009 20.45.07 97608]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10.53.16 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10.53.14 72944]
R2 AntiVirFirewallService;Avira Firewall;c:\programmi\Avira\AntiVir Desktop\avfwsvc.exe [05/07/2009 20.45.03 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [05/07/2009 20.45.03 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [05/07/2009 20.45.06 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [05/07/2009 20.45.04 434945]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [29/07/2009 17.08.06 604488]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\programmi\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 17.22.32 229648]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [02/12/2008 3.51.08 208144]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [05/07/2009 20.45.07 69632]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S1 mchInjDrv;madCodeHook DLL injection driver;\??\c:\windows\system32\Drivers\mchInjDrv.sys c:\windows\system32\Drivers\mchInjDrv.sys
S2 gupdate1c961f9cab9357a;Google Update Service (gupdate1c961f9cab9357a);c:\programmi\Google\Update\GoogleUpdate.exe [19/12/2008 18.49.41 133104]
S3 BioNT_BS;BioNT_BS;c:\programmi\Paragon Software\Total Defrag 2009\BlueScrn\biont_bs.sys [29/03/2009 14.32.57 18248]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [24/06/2009 1.11.47 30192]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10.53.16 7408]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-15 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-07-04 09:50]
2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 12:56]
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]
2009-07-19 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-03 07:22]
2009-05-04 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\programmi\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-yayxvsrR - yayxvsrR.dll
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... T:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 18:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="4D80CE41D48FA1059FFE1FEC9363086B5CD090E8062FA085EA75FEA56E0FF02A9B0408109B412DED8B011BFBBB3F699B58BA4A9BF5659AA4A2C5780355B2E7BEE7F25042860EC8F522EE8A09E62576603F59095BDCD02EDE61FE40E00717BDE6F9186A2FB8B1E8E4299B1638C2A718A6F2A67BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DD4167A04F6122FE44E213CA51D36D5BD6F9C8DCC2B0EB1C3A7C1203E352B9ECCC3C6853AAF14DF885329C22DDA7B80571BCBFEB04048C9F5A563BB59C1E4C3F54FB3A4DBB9E7C67F721861F9A7829F751AE50742EECC41D2CD9311A52756096AE4386853770A0E6C6BD7036906E285BD1A7F0BF6FAF1B424DF309BCD8832F5BC7320079E0C2BC5C1FD41366FBCE96AA9CD9F92D56AC1A5091E927C8CCD5E724E71B0D950E0B05FC971A4AE93531B6908EAC3C8FB09FAF574510079B323F8CC58551DDF8DA333B0218E4442EF9BAA03F82D5B7E186610EEAB4437FA2A79CFB5669D903A13C6FC75B8A3D66DB5250398F2D3CAA6EFD228BE4B47698E6704E74258CA29AEACFC114BD402094DA647BF73409F69D95B691D73C1AD3AE379BBF6EC60E0F8273DC1A2B40EFE78A69A9BB33D7E5983D447037D0351CFC4D103DBE99288E78432BACF9B185274B7DDFC8064079FC9587533BF0DC4918894CE3665DE742B6D4882B1AA16C0E040CF80CC970C4269411E403381C076EBB7AAF9DE9C2B38F803316B3D9664DA4FC33A3B1D4817C8F3917ADEEFF04337A0C0FC92598855E6753B2068121C8B7A066466E216BA27542F118A9AA5F7F20CC18CF3FD97F6986F78B0EC1875884395C20DB76DF15F9205DB9A5EE525C664DBB5846CC59DF56521AC7FE1BBC16D7708152A84F50167E15D900EF952524FDBF5381B3716065BDEB192473AB7E5A0C88D62AD973BA548D2C5B54B5599244A5588D6429AC0FBBEDC3CFEACAA1862B98DCA630E309FD6BC57098A3C5C962A327E29F4F0CEB9447C693C98D9580ACE17CB442543032B22C394D69FC96FC90145B950CA248199B0B4C594DBFA5D5ED55AC166874CB487A39D6442DBE1E1D55F889DD8E05B529EAC4B640A1740C70D35E65E7E412A628411D2554378787B848BC0F504169957A8B4E76E45EE5E19AE3F6648BDD8E29915B0ABA5B50384F9C0647BBF761F6619BCDA783DD4DB8DC881D946D73D2C7FDD4FDDB64E57DC7F0C9AD785AE3901CF1505C32B612A290C3E6780B817756C8EA5EF8746F74CBCE7D6C56C74A73718623C4CA7F51F99F619DAE5BF3149C59D22DC5331717F1D2CC2F01B381DC64212B2F285550FEB5DB7F9ED283B6A61EF184E627EF39075338913E694679DDA0D705993C3AD73"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\SETUPAPI.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1676)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\OO Software\CleverCache\ooccag.exe
c:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-15 18.37.09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-15 16:37
Pre-Run: 72.749.158.400 byte disponibili
Post-Run: 72.709.300.224 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NOGUIBOOT /BOOTLOGO
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /FASTDETECT /TUTag=3QPKTG-BAK
520 --- E O F --- 2009-08-12 18:02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.588 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\xxx.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\b4cb8.msi
c:\windows\system32\mfc45.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-07-15 al 2009-08-15 )))))))))))))))))))))))))))))))))))
.
2009-08-15 15:58 . 2009-08-15 15:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-13 07:23 . 2009-08-13 07:23 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Avira
2009-08-13 06:07 . 2009-08-15 16:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\OnlineArmor
2009-08-12 07:43 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 15:55 . 2009-08-11 16:01 240 ----a-w- C:\sccfg.sys
2009-08-11 15:55 . 2005-04-11 14:40 73728 ----a-w- c:\windows\system32\FLKill.exe
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\GrabPro
2009-08-08 16:16 . 2009-08-15 16:14 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Orbit
2009-08-08 16:16 . 2009-08-08 16:16 -------- d-----w- c:\programmi\Orbitdownloader
2009-08-08 16:14 . 2009-08-08 16:15 -------- d-----w- c:\programmi\ERUNT
2009-08-08 16:12 . 2009-08-08 16:13 -------- d-----w- c:\programmi\Eusing Free Registry Cleaner
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 14:05 . 2009-08-01 14:08 -------- d-----w- c:\documents and settings\Roberto\.gimp-2.6
2009-08-01 14:04 . 2009-08-01 14:04 -------- d-----w- c:\documents and settings\Roberto\.gegl-0.0
2009-08-01 14:03 . 2009-08-01 14:03 -------- d-----w- c:\programmi\GIMP-2.0
2009-08-01 13:29 . 2008-04-15 15:17 296960 -c----w- c:\windows\system32\dllcache\termsrv.dll
2009-07-31 12:46 . 2009-07-31 12:51 -------- d-----w- c:\programmi\Memory
2009-07-30 13:14 . 2009-07-30 13:13 100976 ------w- c:\windows\system32\UrlFilter.dll
2009-07-30 13:14 . 2009-07-30 13:13 96880 ------w- c:\windows\system32\KakaTool.dll
2009-07-30 13:14 . 2009-07-30 13:13 637592 ------w- c:\windows\system32\kmon.dll
2009-07-30 13:14 . 2009-07-30 13:13 15776 ------w- c:\windows\system32\kknative.exe
2009-07-30 10:41 . 2009-07-30 10:41 -------- d-----w- c:\programmi\TaskSwitchXP
2009-07-30 10:40 . 2009-07-30 10:34 42496 ----a-w- c:\windows\system32\XPize Logo.scr
2009-07-30 10:40 . 2009-07-30 10:34 1634304 ----a-w- c:\windows\system32\Windows XP 3D Flag.scr
2009-07-30 10:38 . 2009-07-30 10:38 -------- d-----w- c:\programmi\Anolis
2009-07-29 15:08 . 2009-07-29 15:08 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-29 15:08 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-29 15:08 . 2009-07-29 15:08 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-29 15:00 . 2009-08-08 22:54 117760 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 14:58 . 2009-08-08 21:08 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\vlc
2009-07-27 12:53 . 2009-07-27 12:53 -------- d-----w- c:\programmi\MyDefrag v4.1.1
2009-07-27 12:53 . 2009-07-25 15:00 95232 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-07-27 12:53 . 2009-07-25 15:00 854528 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-07-24 20:20 . 2009-07-24 20:41 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2009-07-21 19:03 . 2009-07-27 13:45 10 ----a-w- c:\windows\popcinfo.dat
2009-07-21 17:05 . 2009-07-21 17:05 -------- d-----w- c:\programmi\PopCap Games
2009-07-21 17:04 . 2009-07-21 17:06 -------- d-----w- c:\programmi\Zuma Deluxe
2009-07-20 08:43 . 2009-07-20 08:43 -------- d-----w- c:\windows\Downloaded Program Files
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 16:00 . 2009-01-12 10:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-15 15:58 . 2008-07-13 19:09 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\uTorrent
2009-08-13 06:07 . 2004-08-19 12:00 81240 ----a-w- c:\windows\system32\perfc010.dat
2009-08-13 06:07 . 2004-08-19 12:00 482458 ----a-w- c:\windows\system32\perfh010.dat
2009-08-12 19:03 . 2009-06-26 15:59 -------- d-----w- c:\programmi\COMODO
2009-08-12 10:58 . 2008-11-03 12:33 -------- d-----w- c:\programmi\Paragon Software
2009-08-11 17:14 . 2008-05-19 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-08 23:00 . 2008-05-20 16:57 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-08 22:51 . 2009-06-11 11:35 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-08 22:51 . 2009-07-14 10:15 3942048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 22:49 . 2008-05-19 22:18 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-06 18:25 . 2009-05-12 09:11 -------- d-----w- c:\programmi\Desktop Maestro
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-06-11 11:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-06-11 11:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 12:13 . 2008-08-14 20:31 -------- d-----w- c:\programmi\iolo
2009-08-01 07:34 . 2008-07-03 01:29 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-31 17:58 . 2008-05-19 20:54 59920 ----a-w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-31 14:29 . 2008-05-20 16:55 -------- d-----w- c:\programmi\Google
2009-07-31 13:43 . 2008-09-25 12:34 1 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-30 13:14 . 2009-06-20 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Rising
2009-07-30 10:41 . 2008-05-19 20:35 765440 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-07-30 10:41 . 2005-01-28 13:22 276992 ----a-w- c:\windows\system32\audiodev.dll
2009-07-30 10:41 . 2004-08-19 12:00 50176 ----a-w- c:\windows\system32\utilman.exe
2009-07-30 10:41 . 2004-08-19 12:00 2797568 ----a-w- c:\windows\system32\logonui.exe
2009-07-30 10:41 . 2004-08-19 12:00 203776 ----a-w- c:\windows\system32\tcpmonui.dll
2009-07-30 10:41 . 2004-08-19 12:00 541696 ----a-w- c:\windows\system32\sti_ci.dll
2009-07-30 10:41 . 2004-08-19 12:00 1265664 ----a-w- c:\windows\system32\rasdlg.dll
2009-07-30 10:41 . 2004-08-19 12:00 399360 ----a-w- c:\windows\system32\fsquirt.exe
2009-07-30 10:41 . 2004-08-19 12:00 201728 ----a-w- c:\windows\system32\mdminst.dll
2009-07-30 10:41 . 2004-08-19 12:00 221696 ----a-w- c:\windows\system32\fldrclnr.dll
2009-07-30 10:41 . 2004-08-19 12:00 808960 ----a-w- c:\windows\system32\dmdlgs.dll
2009-07-30 10:40 . 2004-08-19 12:00 794624 ----a-w- c:\windows\system32\sstext3d.scr
2009-07-30 10:40 . 2004-08-19 12:00 819200 ----a-w- c:\windows\system32\ss3dfo.scr
2009-07-30 10:40 . 2004-08-19 12:00 724992 ----a-w- c:\windows\system32\sspipes.scr
2009-07-30 10:40 . 2004-08-19 12:00 507904 ----a-w- c:\windows\system32\ssflwbox.scr
2009-07-30 10:40 . 2004-08-19 12:00 121856 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-30 10:40 . 2008-05-19 20:34 20992 ----a-w- c:\windows\system32\write.exe
2009-07-30 10:40 . 2004-08-19 12:00 9202176 ----a-w- c:\windows\system32\wmploc.dll
2009-07-30 10:40 . 2005-08-30 03:55 2676736 ----a-w- c:\windows\system32\quartz.dll
2009-07-30 10:40 . 2004-08-19 12:00 388096 ----a-w- c:\windows\system32\msieftp.dll
2009-07-30 10:38 . 2004-08-19 12:00 1456128 ----a-w- c:\windows\system32\setupapi.dll
2009-07-29 15:07 . 2009-01-06 23:54 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-07-29 14:59 . 2008-11-18 12:26 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-29 14:59 . 2008-07-21 15:15 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\SUPERAntiSpyware.com
2009-07-29 14:58 . 2009-05-26 07:34 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-26 17:41 . 2009-04-28 18:34 28600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-25 11:12 . 2009-05-23 18:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-07-25 09:04 . 2009-05-09 19:11 -------- d-----w- c:\programmi\DivX
2009-07-24 23:12 . 2009-07-24 23:11 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-07-24 20:37 . 2008-05-24 11:05 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2009-07-24 20:19 . 2009-05-09 14:09 -------- d-----r- c:\programmi\Skype
2009-07-24 20:19 . 2008-05-24 11:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-07-24 09:42 . 2009-02-27 10:00 -------- d-----w- c:\programmi\Notepad++
2009-07-24 08:49 . 2008-10-18 18:12 -------- d-----w- c:\programmi\Ashampoo
2009-07-23 21:01 . 2008-07-26 08:54 -------- d-----w- c:\programmi\Safari
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 14:43 . 2009-07-16 14:44 802644 ----a-w- c:\windows\Fonts\trashco_ttf_download_by_loosy.ttf
2009-07-16 14:43 . 2009-07-16 14:43 77996 ----a-w- c:\windows\Fonts\S_O_T_D_.TTF
2009-07-16 14:39 . 2009-07-16 14:40 40836 ----a-w- c:\windows\Fonts\Loveable_Scruff_by_gallow.ttf
2009-07-16 14:16 . 2009-07-16 14:16 24192 ----a-w- c:\windows\Fonts\Bobel_font_by_pitters.ttf
2009-07-16 14:09 . 2009-07-16 14:11 15348 ----a-w- c:\windows\Fonts\ABC___Font_Typeface_Version_2_by_MyFox.ttf
2009-07-16 14:08 . 2009-07-16 14:10 58160 ----a-r- c:\windows\Fonts\AB_Exp_by_III_wildcard_III.ttf
2009-07-16 13:36 . 2009-01-30 16:31 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-07-16 10:25 . 2009-07-16 14:33 69396 ----a-w- c:\windows\Fonts\duepuntozero_bold.ttf
2009-07-16 10:25 . 2009-07-16 14:33 71236 ----a-w- c:\windows\Fonts\duepuntozero.ttf
2009-07-15 11:25 . 2009-07-02 14:16 -------- d-----w- c:\programmi\a-squared Anti-Malware
2009-07-13 21:43 . 2004-08-19 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_294823.exe
2009-07-13 16:30 . 2009-07-13 16:30 23558 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{BE82A2BE-FCD3-4C93-B727-6B2764433775}\_18be6784.exe
2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\programmi\Microsoft Calculator Plus
2009-07-13 12:24 . 2009-07-05 18:45 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-12 18:48 . 2009-06-03 18:42 -------- d-----w- c:\programmi\MessengerDiscovery 2
2009-07-12 18:31 . 2009-05-23 17:18 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-09 21:22 . 2009-07-16 15:03 24820 ----a-w- c:\windows\Fonts\MISO-LIG.OTF
2009-07-09 21:22 . 2009-07-16 15:03 24572 ----a-w- c:\windows\Fonts\MISO-BOL.OTF
2009-07-09 21:22 . 2009-07-16 15:03 60196 ----a-w- c:\windows\Fonts\miso-light.ttf
2009-07-09 21:22 . 2009-07-16 15:02 60860 ----a-w- c:\windows\Fonts\miso-bold.ttf
2009-07-09 21:22 . 2009-07-16 15:02 59328 ----a-w- c:\windows\Fonts\miso-regular.ttf
2009-07-09 21:22 . 2009-07-16 15:02 25024 ----a-w- c:\windows\Fonts\MISO____.OTF
2009-07-09 19:35 . 2009-06-04 14:26 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\MessengerDiscovery 2
2009-07-06 20:44 . 2009-07-07 15:59 937984 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-06 20:44 . 2009-07-07 15:59 65536 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-06 20:44 . 2009-07-07 15:59 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-06 20:44 . 2009-07-07 15:59 103424 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-06 20:44 . 2009-07-07 15:59 4722688 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-06 20:44 . 2009-07-07 15:59 344064 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-05 18:45 . 2009-07-05 18:45 -------- d-----w- c:\programmi\Avira
2009-07-05 09:03 . 2009-06-09 17:07 -------- d-----w- c:\programmi\Mozilla Firefox 3.5 Beta 4
2009-07-04 11:08 . 2008-05-19 20:43 -------- d-----w- c:\programmi\Java
2009-07-04 07:57 . 2008-09-25 17:17 -------- d-----w- c:\programmi\Rainlendar2
2009-07-04 07:56 . 2008-07-25 01:25 -------- d-----w- c:\programmi\Uniblue
2009-07-04 07:39 . 2009-07-04 07:39 -------- d-----w- c:\programmi\Glary Utilities
2009-07-03 11:52 . 2009-07-03 11:52 -------- d-----w- c:\programmi\WhoCrashed
2009-07-02 16:51 . 2008-06-30 00:44 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\IObit
2009-06-30 17:19 . 2009-07-02 13:16 106496 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Plugins\npcoolirisplugin.dll
2009-06-27 13:45 . 2009-06-27 13:31 -------- d-----w- c:\programmi\BOINC
2009-06-26 23:17 . 2009-05-05 14:48 2288640 ----a-w- c:\windows\system32\TUKernel.exe
2009-06-26 18:28 . 2009-06-26 16:01 1270256 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-23 23:12 . 2009-06-23 23:12 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2005-09-02 23:53 663040 AF06731262917615B4DF9E0E88B7E436 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2006-01-09 17:59 664576 B404779B16EB2CD8C574FB343D277521 c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2009-05-13 05:07 915456 4D9C680641CC367FEEFE308C6577E0CD c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:00 915456 D58780F07D0F5C83B3DB634BBB273D39 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 02:13 668672 663E74D98D2E67C1343D367388EDD711 c:\windows\ie7\wininet.dll
[7] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:57 817152 7AB81E00769B75B23A5FDCF8CAC76A88 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-05-13 05:02 915456 F45D1DF0F6FD7AD945824CC9A0CE5597 c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-01-15 01:05 911872 203C05A174A45270A30CDD593092D91E c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-07-30 10:39 928768 D9E4AB4C746AB1C0CC966B28A76718B1 c:\windows\system32\wininet.dll
[7] 2009-07-03 16:55 915456 9A9F818B89CD92F1BAD393B525A16051 c:\windows\system32\dllcache\wininet.dll
[-] 2009-07-30 10:39 1800192 A4675F36090C3D748D21D8CD493D9966 c:\windows\explorer.exe
[-] 2008-04-14 02:14 978432 3D46C53CA961C49272037F98807537BD c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-07-30 10:38 30208 23DFF363C6203BE801C279F6FFEEB5DF c:\windows\system32\ctfmon.exe
[-] 2005-10-05 00:52 3015680 8A2B19DEE3D28C8BF0DD5F3454648AFB c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2006-02-01 02:52 3035648 F3701B305DBD8A6CD781AC4DA76FF23B c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[7] 2008-03-01 12:34 3593216 14154D51ED61852B3AD4845103302ECE c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 04:19 3593728 3B3A745E1C92A877C3F237ADFBA8348C c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 15:39 3594240 8E52FEC7D214C3B62871F8637F204114 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 09:08 3594752 FA61793E4E3F5C896C0728F350E30FAF c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-10-16 19:32 3595264 6EA04EE075C69345AB9B90C7A8740A04 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 06:27 3594752 C352D6D2EFC11942BA84B996BAFFB182 c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2009-05-13 05:07 5936128 A171E96E5830B6C269591415997C15C8 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 13:07 5938176 C1ABBFE345CC9557BAA8FBDC8B572D06 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2008-04-14 02:13 3066880 F543C74EB47E1C1DB9362BDFE06433EE c:\windows\ie7\mshtml.dll
[7] 2008-03-01 16:28 3591680 571EAAB1E810CE9595C67A0EC9AE6DCF c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2007-08-13 16:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-06-24 08:15 3592192 080DEB244585EB5772F6E6DEA75B4380 c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:57 3866112 E01CD8C05F164938D9AB37A567E122A6 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-10-17 00:34 3593216 6325783D4583E0EEBF26AA1286F26E70 c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-12-13 06:36 3593216 CA3BD4783DC7CA85E949EA6FF5906617 c:\windows\ie8\mshtml.dll
[7] 2009-03-08 02:41 5937152 D469A0EBA2EF5C6BEE8065B7E3196E5E c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[7] 2009-05-13 05:02 5936128 12AD3C143519BC4C0AA456F91B8330BD c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-01-15 01:13 5888512 42B04AFD48BE284B1615E890FC028CB3 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-30 10:40 6023680 7E62EBBD5044B38F68721607745DA4D5 c:\windows\system32\mshtml.dll
[7] 2009-07-19 13:12 5937152 C977B8BD90795AB2AC79C364616C35CB c:\windows\system32\dllcache\mshtml.dll
[7] 2008-04-14 02:13 845824 C43124F63818E65CAFA49D3957C3CA67 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2009-07-30 10:39 860672 E8D99B2162A1779DA2C04BC1997A03FB c:\windows\system32\comres.dll
c:\windows\system32\appmgmts.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2008-12-15 1100048]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-28 16248320]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-07-30 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\programmi\Stardock\Fences\DesktopDock.dll" [2009-02-04 513384]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Dati applicazioni\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ninja.lnk]
backup=c:\windows\pss\ninja.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" /background
"FreeRAM XP"="c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"TuneUp MemOptimizer"="c:\programmi\TuneUp Utilities 2009\MemOptimizer.exe" autostart
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DesktopMaestro"=c:\programmi\Desktop Maestro\deskmech.exe /H
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe"
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe"
"Google Update"="c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
"AnVir Task Manager"="c:\programmi\AnVir Task Manager\AnVir.exe" Minimized
"F.lux"="c:\documents and settings\Roberto\Local Settings\Apps\F.lux\flux.exe" /noshow
"USB Safely Remove"=c:\programmi\USB Safely Remove\USBSafelyRemove.exe /startup
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe"
"TaskSwitchXP"=c:\programmi\TaskSwitchXP\TaskSwitchXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
"mspwr"=c:\windows\system32\PuXpMan2.exe
"AppleSyncNotifier"=c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Device Detector"=DevDetect.exe -autorun
"flockbox"=c:\programmi\My Lockbox\flockbox.exe /a
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
"Collegamento alla pagina delle proprietà di High Definition Audio"=HDAShCut.exe
"PWRISOVM.EXE"=c:\programmi\PowerISO\PWRISOVM.EXE
"RegistryMechanic"=c:\programmi\Registry Mechanic\RegMech.exe /QS
"AntiLogger"="c:\programmi\AntiLogger\AntiLogger.exe" /minimized
"Google Quick Search Box"="c:\programmi\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"runeip"="c:\program files\Rising\AntiSpyware\rstray.exe" /startup
"ooccctrl.exe"=c:\programmi\OO Software\CleverCache\ooccctrl.exe /tasktray
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" /min
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9880:TCP"= 9880:TCP:*:Disabled:BitComet 9880 TCP
"9880:UDP"= 9880:UDP:*:Disabled:BitComet 9880 UDP
"24905:TCP"= 24905:TCP:*:Disabled:BitComet 24905 TCP
"24905:UDP"= 24905:UDP:*:Disabled:BitComet 24905 UDP
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [03/11/2008 14.34.26 40368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/01/2009 10.20.52 64160]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [30/12/2008 4.19.36 17264]
R1 AntiLog32;AntiLog32;c:\programmi\AntiLogger\AntiLog32.sys [02/02/2009 19.45.53 108912]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [05/07/2009 20.45.07 97608]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10.53.16 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10.53.14 72944]
R2 AntiVirFirewallService;Avira Firewall;c:\programmi\Avira\AntiVir Desktop\avfwsvc.exe [05/07/2009 20.45.03 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [05/07/2009 20.45.03 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [05/07/2009 20.45.06 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [05/07/2009 20.45.04 434945]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [29/07/2009 17.08.06 604488]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\programmi\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 17.22.32 229648]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [02/12/2008 3.51.08 208144]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [05/07/2009 20.45.07 69632]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S1 mchInjDrv;madCodeHook DLL injection driver;\??\c:\windows\system32\Drivers\mchInjDrv.sys c:\windows\system32\Drivers\mchInjDrv.sys
S2 gupdate1c961f9cab9357a;Google Update Service (gupdate1c961f9cab9357a);c:\programmi\Google\Update\GoogleUpdate.exe [19/12/2008 18.49.41 133104]
S3 BioNT_BS;BioNT_BS;c:\programmi\Paragon Software\Total Defrag 2009\BlueScrn\biont_bs.sys [29/03/2009 14.32.57 18248]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [24/06/2009 1.11.47 30192]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10.53.16 7408]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-15 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-07-04 09:50]
2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-20 12:56]
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-162531612-725345543-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-03 10:36]
2009-07-19 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-03 07:22]
2009-05-04 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\programmi\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-yayxvsrR - yayxvsrR.dll
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/firefox?client=fir ... T:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\wxxh5j28.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAskSBr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 18:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="4D80CE41D48FA1059FFE1FEC9363086B5CD090E8062FA085EA75FEA56E0FF02A9B0408109B412DED8B011BFBBB3F699B58BA4A9BF5659AA4A2C5780355B2E7BEE7F25042860EC8F522EE8A09E62576603F59095BDCD02EDE61FE40E00717BDE6F9186A2FB8B1E8E4299B1638C2A718A6F2A67BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DD4167A04F6122FE44E213CA51D36D5BD6F9C8DCC2B0EB1C3A7C1203E352B9ECCC3C6853AAF14DF885329C22DDA7B80571BCBFEB04048C9F5A563BB59C1E4C3F54FB3A4DBB9E7C67F721861F9A7829F751AE50742EECC41D2CD9311A52756096AE4386853770A0E6C6BD7036906E285BD1A7F0BF6FAF1B424DF309BCD8832F5BC7320079E0C2BC5C1FD41366FBCE96AA9CD9F92D56AC1A5091E927C8CCD5E724E71B0D950E0B05FC971A4AE93531B6908EAC3C8FB09FAF574510079B323F8CC58551DDF8DA333B0218E4442EF9BAA03F82D5B7E186610EEAB4437FA2A79CFB5669D903A13C6FC75B8A3D66DB5250398F2D3CAA6EFD228BE4B47698E6704E74258CA29AEACFC114BD402094DA647BF73409F69D95B691D73C1AD3AE379BBF6EC60E0F8273DC1A2B40EFE78A69A9BB33D7E5983D447037D0351CFC4D103DBE99288E78432BACF9B185274B7DDFC8064079FC9587533BF0DC4918894CE3665DE742B6D4882B1AA16C0E040CF80CC970C4269411E403381C076EBB7AAF9DE9C2B38F803316B3D9664DA4FC33A3B1D4817C8F3917ADEEFF04337A0C0FC92598855E6753B2068121C8B7A066466E216BA27542F118A9AA5F7F20CC18CF3FD97F6986F78B0EC1875884395C20DB76DF15F9205DB9A5EE525C664DBB5846CC59DF56521AC7FE1BBC16D7708152A84F50167E15D900EF952524FDBF5381B3716065BDEB192473AB7E5A0C88D62AD973BA548D2C5B54B5599244A5588D6429AC0FBBEDC3CFEACAA1862B98DCA630E309FD6BC57098A3C5C962A327E29F4F0CEB9447C693C98D9580ACE17CB442543032B22C394D69FC96FC90145B950CA248199B0B4C594DBFA5D5ED55AC166874CB487A39D6442DBE1E1D55F889DD8E05B529EAC4B640A1740C70D35E65E7E412A628411D2554378787B848BC0F504169957A8B4E76E45EE5E19AE3F6648BDD8E29915B0ABA5B50384F9C0647BBF761F6619BCDA783DD4DB8DC881D946D73D2C7FDD4FDDB64E57DC7F0C9AD785AE3901CF1505C32B612A290C3E6780B817756C8EA5EF8746F74CBCE7D6C56C74A73718623C4CA7F51F99F619DAE5BF3149C59D22DC5331717F1D2CC2F01B381DC64212B2F285550FEB5DB7F9ED283B6A61EF184E627EF39075338913E694679DDA0D705993C3AD73"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\SETUPAPI.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1676)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Stardock\Fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\OO Software\CleverCache\ooccag.exe
c:\programmi\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-15 18.37.09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-15 16:37
Pre-Run: 72.749.158.400 byte disponibili
Post-Run: 72.709.300.224 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NOGUIBOOT /BOOTLOGO
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /FASTDETECT /TUTag=3QPKTG-BAK
520 --- E O F --- 2009-08-12 18:02