ComboFix 09-03-10.03 - utente 2009-03-12 23.58.43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.511.295 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mpg4c32.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-02-12 al 2009-03-12 )))))))))))))))))))))))))))))))))))
.
2009-03-12 07:31 . 2009-03-12 07:31 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-03-12 07:31 . 2009-03-12 07:31 385 --a------ c:\windows\system32\user_gensett.xml
2009-03-11 23:54 . 2009-03-11 23:54 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\BitDefender
2009-03-11 22:41 . 2009-03-11 22:41 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-03-11 22:37 . 2009-03-12 23:52 121 --a------ c:\windows\bdagent.INI
2009-03-11 21:48 . 2009-03-12 23:58 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-11 21:35 . 2009-03-11 21:35 <DIR> d-------- c:\windows\system32\logs
2009-03-11 21:35 . 2009-03-11 21:35 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\BitDefender
2009-03-11 21:34 . 2009-03-11 21:35 <DIR> d-------- c:\programmi\BitDefender
2009-03-11 21:34 . 2009-03-11 21:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2009-03-11 21:29 . 2009-03-11 21:35 <DIR> d-------- c:\programmi\File comuni\BitDefender
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Malwarebytes
2009-03-11 21:16 . 2009-03-11 21:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-11 21:16 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 21:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 21:10 . 2009-03-11 21:10 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2009-03-11 21:10 . 2009-03-11 21:10 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\SUPERAntiSpyware.com
2009-03-11 21:10 . 2009-03-11 21:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-03-11 21:09 . 2009-03-11 21:09 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-03-10 13:46 . 2009-03-10 13:46 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\DivX
2009-03-10 13:45 . 2009-03-10 13:45 <DIR> d---s---- c:\documents and settings\utente\UserData
2009-03-10 13:42 . 2009-03-10 13:42 <DIR> d-------- c:\programmi\Pinnacle
2009-03-10 13:42 . 2009-03-10 13:42 <DIR> d-------- c:\programmi\File comuni\Yahoo!
2009-03-10 13:42 . 2009-03-10 13:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Pinnacle VideoSpin
2009-03-10 13:41 . 2009-03-10 13:41 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-03-09 19:55 . 2009-03-10 00:52 <DIR> d-------- C:\Lop SD
2009-03-09 18:45 . 2009-03-09 18:50 <DIR> d-------- c:\programmi\CDBurnerXP
2009-03-09 18:45 . 2009-03-09 18:45 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Canneverbe_Limited
2009-03-08 02:07 . 2009-03-08 02:07 <DIR> d-------- c:\windows\Options
2009-03-06 21:38 . 2009-03-06 21:38 <DIR> d-------- c:\programmi\AVSMedia
2009-03-06 13:47 . 2009-03-12 23:48 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-05 19:27 . 2009-02-01 07:06 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-03-05 19:27 . 2009-02-01 07:06 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-03-05 19:27 . 2009-03-12 18:38 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2009-03-05 19:27 . 2009-02-01 06:16 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-03-05 19:27 . 2009-02-01 07:06 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-03-05 19:27 . 2009-03-13 00:00 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-03-05 19:27 . 2009-02-01 07:06 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2009-03-05 19:27 . 2009-03-11 23:54 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-03-05 19:27 . 2009-03-05 19:28 <DIR> d-------- c:\documents and settings\Administrator
2009-03-05 19:25 . 2009-03-05 22:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-05 19:23 . 2009-03-05 22:35 <DIR> d-------- c:\programmi\Lavasoft
2009-03-05 19:23 . 2009-03-05 22:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-03-05 19:23 . 2009-03-05 22:35 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\~0
2009-03-05 13:48 . 2009-03-12 21:23 <DIR> d-------- c:\programmi\SpywareBlaster
2009-03-05 13:48 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX
2009-03-05 13:46 . 2009-03-06 07:38 372 --a------ c:\windows\wininit.ini
2009-03-05 07:46 . 2009-03-05 22:27 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2009-03-05 07:46 . 2009-03-08 02:17 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-05 01:22 . 2009-03-05 01:22 2 --a------ C:\-1670713505
2009-03-05 01:22 . 2009-03-05 01:22 0 --a------ C:\hglf.exe
2009-03-05 01:21 . 2009-03-05 01:22 68,608 --a------ C:\hblyl.exe
2009-03-05 00:28 . 2009-03-05 00:28 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVS4YOU
2009-03-05 00:28 . 2009-03-05 00:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-03-03 07:43 . 2009-03-04 13:57 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\dvdcss
2009-02-28 15:51 . 2009-02-28 15:51 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\vlc
2009-02-27 13:37 . 2009-02-27 13:37 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\Ahead
2009-02-26 07:44 . 2009-03-08 02:10 <DIR> d-------- c:\programmi\Easy Schedule Maker
2009-02-23 22:02 . 2009-02-23 22:04 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\AVS Video Converter
2009-02-23 21:45 . 2009-02-23 21:45 <DIR> d-------- c:\programmi\GSpot
2009-02-23 21:18 . 2009-03-06 21:42 <DIR> d-------- c:\programmi\File comuni\AVSMedia
2009-02-23 21:18 . 2003-05-21 23:50 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-02-23 21:18 . 2003-05-22 12:26 638,976 --a------ c:\windows\system32\divx.dll
2009-02-23 21:18 . 2004-07-03 20:59 524,288 --a------ c:\windows\system32\xvidcore.dll
2009-02-23 21:18 . 2003-05-21 23:50 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2009-02-23 21:18 . 2003-05-22 12:26 221,215 --a------ c:\windows\system32\divxdec.ax
2009-02-23 21:18 . 2003-05-21 23:50 156,910 --a------ c:\windows\WMSysPr8.prx
2009-02-23 21:18 . 2004-07-03 21:08 139,264 --a------ c:\windows\system32\xvidvfw.dll
2009-02-23 21:18 . 2003-05-21 23:50 82,944 --a------ c:\windows\system32\vct3216.acm
2009-02-23 21:18 . 2004-02-04 21:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2009-02-23 21:18 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2009-02-23 21:18 . 2003-05-21 23:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2009-02-23 21:18 . 2000-03-14 20:55 13,239 --a------ c:\windows\system32\Scg726.acm
2009-02-23 13:33 . 2008-04-14 03:14 152,576 --a------ c:\windows\system32\irftp.exe
2009-02-23 13:33 . 2008-04-14 03:14 152,576 --a--c--- c:\windows\system32\dllcache\irftp.exe
2009-02-23 13:33 . 2008-04-14 03:13 29,696 --a------ c:\windows\system32\irmon.dll
2009-02-23 13:33 . 2008-04-14 03:13 29,696 --a--c--- c:\windows\system32\dllcache\irmon.dll
2009-02-23 13:33 . 2008-04-14 03:13 8,192 --a------ c:\windows\system32\wshirda.dll
2009-02-23 13:33 . 2008-04-14 03:13 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-02-21 16:31 . 2009-03-06 13:20 <DIR> d-------- c:\programmi\DNA
2009-02-21 16:31 . 2009-02-21 16:34 <DIR> d-------- c:\programmi\BitTorrent
2009-02-21 16:31 . 2009-03-06 13:24 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\DNA
2009-02-21 16:31 . 2009-03-08 02:13 <DIR> d-------- c:\documents and settings\utente\Dati applicazioni\BitTorrent
2009-02-20 19:23 . 2009-02-20 19:23 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-20 19:22 . 2009-02-20 19:22 <DIR> d-------- C:\Temp
2009-02-19 22:41 . 2009-02-19 22:41 <DIR> d-------- c:\windows\Sun
2009-02-18 21:12 . 2009-02-18 21:12 <DIR> d-------- c:\programmi\Java
2009-02-18 21:12 . 2009-02-18 21:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-18 21:12 . 2009-02-18 21:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-18 13:15 . 2009-03-12 13:45 202 --a------ c:\windows\NeroDigital.ini
2009-02-17 23:40 . 2008-04-13 19:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-02-17 23:40 . 2008-04-13 19:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-02-17 23:40 . 2008-04-14 03:13 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-17 23:40 . 2008-04-14 03:13 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-02-17 23:40 . 2008-04-14 02:53 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-02-17 23:40 . 2008-04-14 02:53 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-02-17 23:40 . 2001-08-30 20:41 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-17 23:40 . 2001-08-30 20:41 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-17 23:40 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-17 23:40 . 2008-04-13 19:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-17 21:15 . 2009-02-17 21:15 <DIR> d-------- C:\Archivos de programa
2009-02-17 21:14 . 2009-03-05 00:09 <DIR> d-------- c:\programmi\eMule
2009-02-17 20:43 . 2009-02-17 20:43 <DIR> d-------- c:\windows\system32\it-it
2009-02-17 20:43 . 2009-02-17 20:43 <DIR> d-------- c:\windows\system32\it
2009-02-17 20:43 . 2009-02-17 20:43 <DIR> d-------- c:\windows\system32\bits
2009-02-17 20:43 . 2009-02-17 20:43 <DIR> d-------- c:\windows\l2schemas
2009-02-17 20:40 . 2009-02-17 20:40 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-17 19:24 . 2009-02-17 19:24 <DIR> d-------- c:\programmi\MSXML 4.0
2009-02-17 19:21 . 2009-02-17 19:21 <DIR> d-------- c:\programmi\EPSON
2009-02-17 19:21 . 2002-10-08 03:34 73,676 --a------ c:\windows\system32\EBPMON2.DLL
2009-02-17 19:21 . 2002-07-31 03:25 61,440 --a------ c:\windows\system32\ECBTEG.DLL
2009-02-17 19:21 . 2000-06-07 02:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2009-02-17 19:21 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-17 19:21 . 2001-09-04 03:04 182 --a------ c:\windows\system32\EBPPORT.DAT
2009-02-17 19:13 . 2009-02-17 19:14 <DIR> d-------- c:\programmi\File comuni\Adobe
2009-02-17 19:08 . 2004-08-19 15:23 327,168 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-02-17 18:57 . 2008-12-12 18:01 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-17 18:57 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-17 18:57 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-17 18:57 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-17 18:57 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-17 18:57 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-17 18:57 . 2008-10-16 02:00 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-17 18:57 . 2008-10-16 02:00 668,672 -----c--- c:\windows\system32\dllcache\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 20:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-11 20:38 --------- d-----w c:\programmi\ESET
2009-02-26 22:16 --------- d-----w c:\programmi\File comuni\Ahead
2009-02-26 06:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-02-26 06:30 --------- d-----w c:\documents and settings\utente\Dati applicazioni\Babylon
2009-02-17 20:09 --------- d-----w c:\programmi\CCleaner
2009-02-17 17:39 --------- d-----w c:\programmi\Google
2009-02-05 23:35 38,160 ----a-w c:\windows\system32\MLPagAx.dll
2009-02-05 23:35 189,712 ----a-w c:\windows\system32\RALMain.dll
2009-02-05 23:33 54,544 ----a-w c:\windows\system32\PCLEGetGuid.dll
2009-02-03 16:03 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-02-02 11:20 --------- d-----w c:\programmi\Ahead
2009-02-01 08:31 --------- d-----w c:\programmi\Babylon
2009-02-01 05:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-02-01 05:50 --------- d-----w c:\programmi\VideoLAN
2009-02-01 05:49 --------- d-----w c:\programmi\ScanSoft
2009-02-01 05:48 --------- d-----w c:\programmi\File comuni\InstallShield
2009-02-01 05:45 --------- d-----w c:\programmi\Microsoft AutoRoute
2009-02-01 05:40 --------- d-----w c:\programmi\DAEMON Tools Toolbar
2009-02-01 05:40 --------- d-----w c:\programmi\DAEMON Tools Lite
2009-02-01 05:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-01 05:39 --------- d-----w c:\documents and settings\utente\Dati applicazioni\DAEMON Tools
2009-02-01 05:38 --------- d-----w c:\programmi\IZArc
2009-02-01 05:36 --------- d-----w c:\programmi\Microsoft.NET
2009-02-01 05:35 --------- d-----w c:\programmi\Microsoft Works
2009-02-01 05:19 --------- d-----w c:\programmi\microsoft frontpage
2009-02-01 05:18 --------- d-----w c:\programmi\Servizi in linea
2008-12-16 16:52 61,440 ----a-w c:\programmi\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 11:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ USRobotics Wireless USB Adapter.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^Spybot - Search & Destroy.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\Spybot - Search & Destroy.lnk
backup=c:\windows\pss\Spybot - Search & Destroy.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^utente^Menu Avvio^Programmi^Esecuzione automatica^SpywareBlaster.lnk]
path=c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\SpywareBlaster.lnk
backup=c:\windows\pss\SpywareBlaster.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
--a------ 2008-06-12 02:38 34672 c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2006-05-24 17:39 2655272 c:\programmi\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2009-01-09 12:51 741376 c:\programmi\BitDefender\BitDefender 2009\bdagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
--a------ 2008-10-17 17:02 69632 c:\programmi\BitDefender\BitDefender 2009\IEShow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bittorrent dna]
--a------ 2009-02-21 16:31 321344 c:\programmi\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
--a------ 2009-02-18 21:12 148888 c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-17 11:43 1830128 c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcxmonitor]
--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluetoothauthenticationagent]
--a------ 2008-04-14 03:14 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
R1 sasdifsv;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 saskutil;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 bdvedisk;BDVEDISK;c:\programmi\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]
S2 gupdate1c99126c1e940e6;Google Update Service (gupdate1c99126c1e940e6);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
S3 arrakis3;BitDefender Arrakis Server;c:\programmi\File comuni\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 sasenum;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\DRIVERS\USRWGU.sys --> c:\windows\system32\DRIVERS\USRWGU.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9503482-fc58-11dd-9361-00112fa3d8cc}]
\Shell\AutoRun\command - G:\EmDesk.exe
\Shell\EmDesk\command - G:\EmDesk.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-03-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-17 18:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-agrsmmsg - AGRSMMSG.exe
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\utente\Dati applicazioni\Mozilla\Firefox\Profiles\6hvaeamj.default\
FF - prefs.js: browser.startup.homepage -
www.google.itFF - component: c:\programmi\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-13 00:01:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629d4b-2ad3-4e50-b716-a66c15c63153}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,89,08,81,d9,5e,
96,e1,c7,e2,63,26,f1,3f,c8,ff,68,f4,93,52,e5,71,65,65,9d,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604bb98a-a94f-4a5c-a67c-d8d3582c741c}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,c7,34,f0,77,ae,
e4,16,ff,6a,9c,d6,61,af,45,84,18,57,d1,f6,f4,e0,d8,98,fa,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373fb-9cd8-4e47-b990-5a4466c16034}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,89,7c,88,e4,9f,
7c,8f,78,ff,7c,85,e0,43,d4,0e,fe,84,7c,10,bd,39,c5,13,1f,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554ccd-f60f-4708-ad98-d0152d08c8b9}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,1f,7a,a2,bd,d8,
bf,d9,64,86,8c,21,01,be,91,eb,e7,38,c7,5d,da,aa,40,8b,d5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7eb537f9-a916-4339-b91b-ded8e83632c0}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,3d,33,60,e6,
81,65,eb,f5,1d,4d,73,a8,13,5c,05,64,9d,2c,66,24,f5,de,d5,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395e8-7a56-4fb1-843b-3e52d94db145}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,ba,f8,66,b3,45,
9d,8e,cd,df,20,58,62,78,6b,cf,c8,b3,5f,cf,d6,57,ab,2b,15,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ac3ed30b-6f1a-4bfc-a4f6-2ebdccd34c19}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,0b,91,78,2b,fc,
7b,f6,8e,fb,a7,78,e6,12,2f,9a,ea,7e,d6,f9,34,04,32,33,b8,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{de5654ca-eb84-4df9-915b-37e957082d6d}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,3d,a1,7e,f9,72,
07,4c,40,01,3a,48,fc,e8,04,4a,f1,ae,09,f0,55,09,ce,5f,6d,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e39c35e8-7488-4926-92b2-2f94619ac1a5}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,58,d2,89,c8,1d,
73,bc,09,f6,0f,4e,58,98,5b,89,c9,cf,e3,67,b2,2a,cf,5b,07,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eacafce5-b0e2-4288-8073-c02ff9619b6f}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,90,b5,1f,4d,c4,
1e,24,ac,3d,ce,ea,26,2d,45,aa,78,82,70,c8,c9,ac,57,f0,e2,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f8f02add-7366-4186-9488-c21cb8b3dcec}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,40,ef,b2,27,e7,
bd,5e,82,2a,b7,cc,b5,b9,7f,41,e7,be,f6,e0,99,59,34,8b,ff,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fee45de2-a467-4bf9-bf2d-1411304bcd84}\inprocserver32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,c2,70,57,ac,16,
82,c6,49,6c,43,2d,1e,aa,22,2f,9c,2b,2e,03,b6,bb,03,8c,14,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{292AE934-4F49-40bb-9E7E-6F6398ED9C31}]
@DACL=(02 0000)
"FriendlyName"="Nero Fast CD-Burning Plug-in"
"Description"="Scrivere CD"
"Capabilities"=dword:40000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Player\SP0\KB952069_WM9\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB938464\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB946648\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB950760\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB950762\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB950974\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB951066\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB951376-v2\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB951698\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB951748\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB951978\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB952287\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB952954\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB954211\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB954459\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB954600\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB955069\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB955839\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB956802\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB956803\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB956841\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB957097\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB958215\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB958644\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB958687\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB960714\Filelist]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP4\KB960715\Filelist]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
.
Ora fine scansione: 2009-03-13 0.02.56
ComboFix-quarantined-files.txt 2009-03-12 23:02:53
ComboFix2.txt 2009-03-06 12:33:25
ComboFix3.txt 2009-03-06 12:21:51
Pre-Run: 44.337.729.536 byte disponibili
Post-Run: 44,326,379,520 byte disponibili
423 --- E O F --- 2009-02-25 02:00:28