ComboFix 11-07-13.03 - Beppe 13/07/2011 23.02.07.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.187 [GMT 2:00]
Eseguito da: c:\documents and settings\Beppe\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Sistema Antivirus NOD32 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: VIRUSfighter ver. 5.99 *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro PC-cillin Internet Security *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-13 al 2011-07-13 )))))))))))))))))))))))))))))))))))
.
.
2011-07-13 15:51 . 2011-07-13 15:51 -------- d-----w- C:\N360_BACKUP
2011-07-12 09:39 . 2011-07-13 07:12 -------- d-----w- c:\programmi\TuneUp Utilities 2011
2011-07-12 09:39 . 2011-07-12 09:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-07-12 09:39 . 2011-07-12 09:39 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-12 09:35 . 2011-07-08 07:44 142296 ----a-w- c:\programmi\Mozilla Firefox\components\browsercomps.dll
2011-07-12 09:35 . 2010-01-01 08:00 2106216 ----a-w- c:\programmi\Mozilla Firefox\D3DCompiler_43.dll
2011-07-12 09:35 . 2010-01-01 08:00 1998168 ----a-w- c:\programmi\Mozilla Firefox\d3dx9_43.dll
2011-07-12 09:34 . 2011-07-12 09:34 -------- d-----w- c:\programmi\File comuni\Java
2011-07-12 09:34 . 2011-05-04 02:52 476904 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-12 09:34 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 09:23 . 2011-07-12 09:23 -------- d-----w- c:\programmi\Defraggler
2011-07-12 08:26 . 2011-07-12 08:26 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\URSoft
2011-07-12 08:22 . 2006-08-24 11:44 477696 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys
2011-07-12 08:22 . 2005-06-08 16:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2011-07-12 08:22 . 2004-10-25 11:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2011-07-12 08:22 . 2004-01-14 09:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS
2011-07-12 08:22 . 2004-01-14 09:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL
2011-07-12 08:22 . 2005-06-08 16:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys
2011-07-12 08:22 . 2005-03-18 13:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys
2011-07-12 08:22 . 2003-03-14 10:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2011-07-12 08:22 . 2005-07-12 12:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2011-07-12 08:22 . 2004-03-23 14:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2011-07-12 08:18 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-12 08:18 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-07-12 08:18 . 2011-07-12 09:01 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2011-07-12 08:18 . 2011-07-12 08:18 -------- d-----w- c:\programmi\Symantec
2011-07-12 08:18 . 2011-07-12 08:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-12 08:18 . 2011-07-12 08:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-12 08:16 . 2011-07-13 08:00 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Norton 360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Windows Sidebar
2011-07-12 08:15 . 2011-07-12 08:15 -------- d-----w- c:\programmi\NortonInstaller
2011-07-12 07:58 . 2011-07-12 07:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\URSoft
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\programmi\Your Uninstaller 2010
2011-07-12 07:41 . 2011-07-12 07:41 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-16 19:16 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:25 . 2010-04-15 21:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-09-05 14:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2001-08-31 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2001-08-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2001-08-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2001-08-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2001-08-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-09-05 14:26 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-08-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-08 07:44 . 2011-07-12 09:35 142296 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-31 15:09 136176 ----atw- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SoundMan"=SOUNDMAN.EXE
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\PokerTH-0.8.1\\pokerth.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55556:UDP"= 55556:UDP:UDP
"55555:TCP"= 55555:TCP:TCP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [13/07/2011 9.19.14 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [13/07/2011 9.19.14 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [01/07/2011 0.11.24 810616]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [13/07/2011 9.19.14 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [13/07/2011 9.19.14 116784]
R2 N360;Norton 360;c:\programmi\Norton 360\Engine\4.3.0.5\ccsvchst.exe [13/07/2011 9.15.55 126392]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [05/09/2008 16.13.18 45440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/07/2011 10.42.19 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110712.034\IDSXpx86.sys [13/07/2011 9.26.24 355256]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [05/09/2008 16.13.18 56960]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\drivers\pavboot.sys ![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS ![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS ![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S3 2oNLdNc;2oNLdNc;c:\windows\system32\drivers\2oNLdNc.sys [09/11/2009 23.53.39 25216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/01/2009 17.47.21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/01/2009 17.47.24 8320]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys
f:\NTGLM7X.sys ![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S3 utmwnjq0;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmwnjq0.sys
c:\windows\system32\Drivers\utmwnjq0.sys ![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S4 TmPfw;Trend Micro Personal Firewall; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-13 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004Core.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004UA.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{5E3EABF5-93D7-4BDA-8F12-80749F258036}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it-it.facebook.com/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\7voelaok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-nod32kui - c:\programmi\Eset\nod32kui.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpyEraser - c:\programmi\Uniblue\SpyEraser\SpyEraser.exe
MSConfigStartUp-UpdateReminder - c:\programmi\Eset\UpdateReminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1580436667-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jampjofbegkldelcjhga"=hex:62,61,61,6f,00,00
"jampjofbegkldelcjhca"=hex:62,61,61,6f,00,00
"iaminnjjpkmjblnilj"=hex:6b,61,62,6f,6b,67,66,6e,66,63,6c,69,64,63,61,70,69,6f,
61,69,70,6a,00,00
"hakkdpdcoenamjpe"=hex:6b,61,62,6f,6b,67,66,6e,67,63,66,70,70,62,6d,61,65,68,
6d,67,65,66,00,01
"haaafelfimnghdga"=hex:6e,61,66,6b,6d,64,6c,61,6e,65,6e,6a,6b,62,67,61,6a,61,
67,64,63,68,6c,6d,64,68,61,63,00,00
"jadaooidikecgjmpdike"=hex:64,62,65,6b,66,64,66,68,6d,65,6d,6e,69,62,61,6a,67,
66,64,6c,6c,64,63,6f,6e,65,6d,6d,70,62,63,6c,6b,65,65,6d,6b,6c,61,6e,00,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}\InProcServer32*]
"kagjpofehomokngghkgkof"=hex:62,61,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="5012CD33B5DCB3F68A5843F75B4C954E6526B990DB3441BAF11BCD9A75967F86F29777F62FEBBA637A54ADDA9DD089CAE0925AF2FEB88F637B601B17A132267E385EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB345255C75C65A0330DE5A557BB793E012E06CC7D55FA1235C1F009983E8142A601B952A93F65430332A4200439008BC9B6F1FC8CDB0D8BD469C3EC93B2047F7954059FAEFB1B85282BEA76B54F448E302083D8BA1A49988604565822E06F3C22320DA34662310A62D8B84D25F5FE350E021C6227C99B915B7989C8706A02DD8BF855F6C219D563952ED17BEDF670E05F835DCCD87DF74588C7826E0DC27CC0459CA3E75B993C9A4A333C8A1171DE65C5E2B17DB896CEF56883292DE7B326B1812400782CB09B2BAC86C3B873588D8D0671C31292CD1C5A78522C1F5AD9C7F6982B3B5DB5032D848BD5F7785CF14C93899384591AAEDA1B5B6C7D0F9DA52E44035F66015903308BDB66A97178D8672B5B44A75764198BD6D6A1CFFECFDCABC6E08658FEDEFC6818B511737D59FCB5F82E8EA543E941B39E54541EA27396179C76F5A9AA738D9BF553C12EAAF1A00C93D6953A8808AEDB7AE2FAA4636FC0C7D8281A398925A6136695F8F9BC9B5A470BCC0E66C501BC1063B29E655B8D1C1E8382702B53668D9F9A0149B829929447DF2FC0EDD07A9B61C69ADEA5DE7D3D7896B40FE2F790DD923D3C5E139AF60F6F053D0CD82F7C4F648715ED6DEE4F8D40018F1B8B175E03436A14F073704CDBA7655B60739DF42FB17B3E918946FAC85C260C509308EEBF0DAFF852093BFCE15B5D94C24D0A36E6E56C5A238C505B00BA5DC47E2DD244AACC937D68C6C4D3DA793F944D3B99F37622194D13CBAD2D18CD71F709CD35C8AB668DD9AA648402D7774EAB2DD42449B10BB2A261DEB314C98BA109662FA0C583BF086A245D2A1CB9CAC3CFA2F63332C048DE0727A46A17A2ECA07E2252BB6CC044E4AF76EF9899B8F1CC99054287911F07394D0C3D0E9F81EF95035B75DE4ECAE1774C559F65575EE88B453B19952B9BF8CE6A4E0E8FFA1E159A66C52298E25B0C88880A335C178A3614B4C324032ADAD0A1F7423F92DD7EE3C09A29A0A9067F39D24F6EB6FAFA6FE070EC2FD12C9AD4492736CDBFF1DD80650938DFFE87789A6307B3F578F48C92731B95A44EA06ED59DCA846940377455266CF7D890DB5BE00AC866A20CAEB8D0FE88FB5B91A4FA7C8E69E925B4250180B8D3B999EA8437DC2F31C08DC7C44E58961B1222D12FF9BC61568F22D7AEC55CB39F01366713F7EBD94BBDE2488583ABD12D6BD80B6A085FDED54418257EE8942EA3F25CA5CBEC4014187E626CF1EEA1CC8B42"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2011-07-13 23:21:56
ComboFix-quarantined-files.txt 2011-07-13 21:21
.
Pre-Run: 10.963.111.936 byte disponibili
Post-Run: 10.949.443.584 byte disponibili
.
- - End Of File - - 24C553183FF321167B978CFFE942A4A6
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.187 [GMT 2:00]
Eseguito da: c:\documents and settings\Beppe\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Sistema Antivirus NOD32 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: VIRUSfighter ver. 5.99 *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro PC-cillin Internet Security *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-13 al 2011-07-13 )))))))))))))))))))))))))))))))))))
.
.
2011-07-13 15:51 . 2011-07-13 15:51 -------- d-----w- C:\N360_BACKUP
2011-07-12 09:39 . 2011-07-13 07:12 -------- d-----w- c:\programmi\TuneUp Utilities 2011
2011-07-12 09:39 . 2011-07-12 09:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-07-12 09:39 . 2011-07-12 09:39 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-12 09:35 . 2011-07-08 07:44 142296 ----a-w- c:\programmi\Mozilla Firefox\components\browsercomps.dll
2011-07-12 09:35 . 2010-01-01 08:00 2106216 ----a-w- c:\programmi\Mozilla Firefox\D3DCompiler_43.dll
2011-07-12 09:35 . 2010-01-01 08:00 1998168 ----a-w- c:\programmi\Mozilla Firefox\d3dx9_43.dll
2011-07-12 09:34 . 2011-07-12 09:34 -------- d-----w- c:\programmi\File comuni\Java
2011-07-12 09:34 . 2011-05-04 02:52 476904 ----a-w- c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-12 09:34 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 09:23 . 2011-07-12 09:23 -------- d-----w- c:\programmi\Defraggler
2011-07-12 08:26 . 2011-07-12 08:26 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\URSoft
2011-07-12 08:22 . 2006-08-24 11:44 477696 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys
2011-07-12 08:22 . 2005-06-08 16:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2011-07-12 08:22 . 2004-10-25 11:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2011-07-12 08:22 . 2004-01-14 09:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS
2011-07-12 08:22 . 2004-01-14 09:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL
2011-07-12 08:22 . 2005-06-08 16:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys
2011-07-12 08:22 . 2005-03-18 13:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys
2011-07-12 08:22 . 2003-03-14 10:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2011-07-12 08:22 . 2005-07-12 12:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2011-07-12 08:22 . 2004-03-23 14:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2011-07-12 08:18 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-12 08:18 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-07-12 08:18 . 2011-07-12 09:01 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2011-07-12 08:18 . 2011-07-12 08:18 -------- d-----w- c:\programmi\Symantec
2011-07-12 08:18 . 2011-07-12 08:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-12 08:18 . 2011-07-12 08:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-12 08:16 . 2011-07-13 08:00 -------- d-----w- c:\windows\system32\drivers\N360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Norton 360
2011-07-12 08:16 . 2011-07-12 08:16 -------- d-----w- c:\programmi\Windows Sidebar
2011-07-12 08:15 . 2011-07-12 08:15 -------- d-----w- c:\programmi\NortonInstaller
2011-07-12 07:58 . 2011-07-12 07:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\URSoft
2011-07-12 07:49 . 2011-07-12 07:49 -------- d-----w- c:\programmi\Your Uninstaller 2010
2011-07-12 07:41 . 2011-07-12 07:41 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-16 19:16 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 00:25 . 2010-04-15 21:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-09-05 14:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2001-08-31 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2001-08-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2001-08-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2001-08-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2001-08-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-09-05 14:26 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-08-31 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-07-08 07:44 . 2011-07-12 09:35 142296 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 07:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-31 15:09 136176 ----atw- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SoundMan"=SOUNDMAN.EXE
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\PokerTH-0.8.1\\pokerth.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55556:UDP"= 55556:UDP:UDP
"55555:TCP"= 55555:TCP:TCP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [13/07/2011 9.19.14 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [13/07/2011 9.19.14 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [01/07/2011 0.11.24 810616]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [13/07/2011 9.19.14 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [13/07/2011 9.19.14 116784]
R2 N360;Norton 360;c:\programmi\Norton 360\Engine\4.3.0.5\ccsvchst.exe [13/07/2011 9.15.55 126392]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [05/09/2008 16.13.18 45440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/07/2011 10.42.19 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110712.034\IDSXpx86.sys [13/07/2011 9.26.24 355256]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [05/09/2008 16.13.18 56960]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys

![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Beppe\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S3 2oNLdNc;2oNLdNc;c:\windows\system32\drivers\2oNLdNc.sys [09/11/2009 23.53.39 25216]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/01/2009 17.47.21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/01/2009 17.47.24 8320]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys

![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S3 utmwnjq0;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utmwnjq0.sys

![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S4 TmPfw;Trend Micro Personal Firewall; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-13 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programmi\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004Core.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-839522115-1004UA.job
- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-05-31 15:09]
.
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{5E3EABF5-93D7-4BDA-8F12-80749F258036}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it-it.facebook.com/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\7voelaok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-nod32kui - c:\programmi\Eset\nod32kui.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpyEraser - c:\programmi\Uniblue\SpyEraser\SpyEraser.exe
MSConfigStartUp-UpdateReminder - c:\programmi\Eset\UpdateReminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\programmi\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\programmi\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1580436667-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jampjofbegkldelcjhga"=hex:62,61,61,6f,00,00
"jampjofbegkldelcjhca"=hex:62,61,61,6f,00,00
"iaminnjjpkmjblnilj"=hex:6b,61,62,6f,6b,67,66,6e,66,63,6c,69,64,63,61,70,69,6f,
61,69,70,6a,00,00
"hakkdpdcoenamjpe"=hex:6b,61,62,6f,6b,67,66,6e,67,63,66,70,70,62,6d,61,65,68,
6d,67,65,66,00,01
"haaafelfimnghdga"=hex:6e,61,66,6b,6d,64,6c,61,6e,65,6e,6a,6b,62,67,61,6a,61,
67,64,63,68,6c,6d,64,68,61,63,00,00
"jadaooidikecgjmpdike"=hex:64,62,65,6b,66,64,66,68,6d,65,6d,6e,69,62,61,6a,67,
66,64,6c,6c,64,63,6f,6e,65,6d,6d,70,62,63,6c,6b,65,65,6d,6b,6c,61,6e,00,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{14AAE74F-4F5F-FEBF-DAFC-B1CB01EE3EC6}\InProcServer32*]
"kagjpofehomokngghkgkof"=hex:62,61,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="5012CD33B5DCB3F68A5843F75B4C954E6526B990DB3441BAF11BCD9A75967F86F29777F62FEBBA637A54ADDA9DD089CAE0925AF2FEB88F637B601B17A132267E385EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CC038D530D6EB345255C75C65A0330DE5A557BB793E012E06CC7D55FA1235C1F009983E8142A601B952A93F65430332A4200439008BC9B6F1FC8CDB0D8BD469C3EC93B2047F7954059FAEFB1B85282BEA76B54F448E302083D8BA1A49988604565822E06F3C22320DA34662310A62D8B84D25F5FE350E021C6227C99B915B7989C8706A02DD8BF855F6C219D563952ED17BEDF670E05F835DCCD87DF74588C7826E0DC27CC0459CA3E75B993C9A4A333C8A1171DE65C5E2B17DB896CEF56883292DE7B326B1812400782CB09B2BAC86C3B873588D8D0671C31292CD1C5A78522C1F5AD9C7F6982B3B5DB5032D848BD5F7785CF14C93899384591AAEDA1B5B6C7D0F9DA52E44035F66015903308BDB66A97178D8672B5B44A75764198BD6D6A1CFFECFDCABC6E08658FEDEFC6818B511737D59FCB5F82E8EA543E941B39E54541EA27396179C76F5A9AA738D9BF553C12EAAF1A00C93D6953A8808AEDB7AE2FAA4636FC0C7D8281A398925A6136695F8F9BC9B5A470BCC0E66C501BC1063B29E655B8D1C1E8382702B53668D9F9A0149B829929447DF2FC0EDD07A9B61C69ADEA5DE7D3D7896B40FE2F790DD923D3C5E139AF60F6F053D0CD82F7C4F648715ED6DEE4F8D40018F1B8B175E03436A14F073704CDBA7655B60739DF42FB17B3E918946FAC85C260C509308EEBF0DAFF852093BFCE15B5D94C24D0A36E6E56C5A238C505B00BA5DC47E2DD244AACC937D68C6C4D3DA793F944D3B99F37622194D13CBAD2D18CD71F709CD35C8AB668DD9AA648402D7774EAB2DD42449B10BB2A261DEB314C98BA109662FA0C583BF086A245D2A1CB9CAC3CFA2F63332C048DE0727A46A17A2ECA07E2252BB6CC044E4AF76EF9899B8F1CC99054287911F07394D0C3D0E9F81EF95035B75DE4ECAE1774C559F65575EE88B453B19952B9BF8CE6A4E0E8FFA1E159A66C52298E25B0C88880A335C178A3614B4C324032ADAD0A1F7423F92DD7EE3C09A29A0A9067F39D24F6EB6FAFA6FE070EC2FD12C9AD4492736CDBFF1DD80650938DFFE87789A6307B3F578F48C92731B95A44EA06ED59DCA846940377455266CF7D890DB5BE00AC866A20CAEB8D0FE88FB5B91A4FA7C8E69E925B4250180B8D3B999EA8437DC2F31C08DC7C44E58961B1222D12FF9BC61568F22D7AEC55CB39F01366713F7EBD94BBDE2488583ABD12D6BD80B6A085FDED54418257EE8942EA3F25CA5CBEC4014187E626CF1EEA1CC8B42"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2011-07-13 23:21:56
ComboFix-quarantined-files.txt 2011-07-13 21:21
.
Pre-Run: 10.963.111.936 byte disponibili
Post-Run: 10.949.443.584 byte disponibili
.
- - End Of File - - 24C553183FF321167B978CFFE942A4A6