Ho provveduto ad installare IE7
Ecco il log Combofix
ComboFix 11-09-15.05 - Tascapane 16/09/2011 1:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1919.1334 [GMT 2:00]
Eseguito da: c:\documents and settings\Tascapane\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Sistema Antivirus NOD32 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. .
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\_Setup.dll
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.dat
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.exe
c:\documents and settings\All Users\Dati applicazioni\Tarma Installer\{7CD4632C-0D36-4618-B7A3-6ADD836499DF}\Setup.ico
c:\documents and settings\Tascapane\Dati applicazioni\Desktopicon
c:\documents and settings\Tascapane\Dati applicazioni\facemoods.com
c:\documents and settings\Tascapane\Dati applicazioni\inst.exe
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Tascapane\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Tascapane\WINDOWS
c:\programmi\facemoods.com
c:\programmi\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\windows\ehome\medctrro.exe
c:\windows\IsUn0410.exe
c:\windows\system\QTOLE32.DLL
c:\windows\system32\asr3232.dll
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-15 al 2011-09-15 )))))))))))))))))))))))))))))))))))
.
.
2011-09-15 22:45 . 2011-06-21 18:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-15 22:45 . 2011-06-21 18:38 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-15 22:45 . 2011-06-21 18:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-15 22:45 . 2011-06-21 11:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-09-15 22:45 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-09-15 22:45 . 2011-06-21 18:38 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-15 22:45 . 2011-06-21 18:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-09-15 22:45 . 2011-06-21 18:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-09-08 20:23 . 2011-09-08 20:23 -------- d-----w- c:\programmi\MediaInfo
2011-09-03 10:17 . 2011-09-09 09:12 603136 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-28 20:13 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-08-28 20:13 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-08-28 20:13 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-08-28 20:13 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-08-28 20:13 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-08-28 20:13 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-08-28 20:13 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-08-28 20:13 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-08-28 20:13 . 2011-08-28 20:13 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-08-28 20:13 . 2011-08-28 20:13 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-08-28 20:12 . 2011-08-28 20:12 -------- d-----w- c:\programmi\Auralog
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7C1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp7A1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 1409 ----a-w- c:\windows\system32\tmp6D1B2.FOT
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- c:\windows\LHSp
2011-08-28 13:08 . 1999-06-07 13:02 81920 ----a-w- c:\windows\asr3232.dll
2011-08-28 13:08 . 2011-08-28 13:08 -------- d-----w- C:\ASR3232
2011-08-28 13:08 . 1999-02-11 15:23 63488 ----a-w- c:\windows\ASR320VB.DLL
2011-08-28 13:08 . 1998-06-17 21:00 77824 ----a-w- c:\windows\system32\MSBIND.DLL
2011-08-28 13:08 . 1998-04-26 21:00 570128 ----a-w- c:\programmi\File comuni\Microsoft Shared\DAO\dao350.dll
2011-08-28 13:08 . 1998-06-23 21:00 118064 ----a-w- c:\windows\system32\MSADODC.OCX
2011-08-28 13:08 . 1998-06-17 21:00 89360 ----a-w- c:\windows\system32\VB5DB.dll
2011-08-28 13:08 . 1997-03-05 21:00 46080 ----a-w- c:\windows\system32\MCIWNDX.OCX
2011-08-28 13:07 . 2011-08-28 13:07 -------- d-----w- c:\programmi\Deamm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-19 13:39 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 20:43 . 2011-06-28 22:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2009-04-11 16:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-10-30 02:45 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2011-07-19 20:13 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-07-19 20:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2011-07-19 20:13 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2011-07-19 20:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-07-19 20:13 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2011-07-19 20:13 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2011-07-19 20:13 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-07-19 20:13 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-07-19 20:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-07-19 20:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-07-19 20:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-07-19 20:13 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-04 11:12 . 2011-07-19 20:13 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-06-24 14:10 . 2009-04-11 15:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:38 . 2004-08-19 13:39 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:38 . 2004-08-19 13:39 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:38 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:38 . 2004-08-19 13:39 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-19 13:26 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-19 13:39 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 21:34 . 2011-04-30 11:56 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 16049664]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-12-06 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Translate Client.lnk - c:\programmi\Translate Client\translateclient.exe [2011-8-9 1687552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Scheduler.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Scheduler.lnk
backup=c:\windows\pss\MRU-Blaster Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tascapane^Menu Avvio^Programmi^Esecuzione automatica^MRU-Blaster Silent Clean.lnk]
path=c:\documents and settings\Tascapane\Menu Avvio\Programmi\Esecuzione automatica\MRU-Blaster Silent Clean.lnk
backup=c:\windows\pss\MRU-Blaster Silent Clean.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftweak_RAMRush]
2009-09-17 15:47 670720 ----a-w- c:\programmi\RAMRush\RAMRush.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 02:14 172032 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2011-01-25 09:41 2781000 ----a-w- c:\programmi\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-06 19:15 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5488:TCP"= 5488:TCP:DoctorsOffice_Chat
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [19/07/2011 22:13 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [19/07/2011 22:13 194264]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/01/2010 18:36 15328]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [11/04/2009 17:51 971584]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [19/07/2011 22:13 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19/07/2011 22:13 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/07/2011 22:13 309848]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [11/04/2009 18:32 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/07/2011 22:13 19544]
R2 OODefragAgent;O&O Defrag Agent;c:\programmi\OO Software\Defrag\oodag.exe [25/01/2011 11:41 2398536]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [28/01/2010 18:36 220128]
R2 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI552.tmp [20/12/2009 15:44 189688]
S0 kiggf;kiggf;c:\windows\system32\drivers\dqnnblal.sys --> c:\windows\system32\drivers\dqnnblal.sys [?]
S2 avast! Firewall;avast! Firewall;c:\programmi\AVAST Software\Avast\afwServ.exe [19/07/2011 22:13 121000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9c383d9272c48;Servizio di Google Update (gupdate1c9c383d9272c48);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [27/04/2011 0:23 8192]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [14/04/2011 13:47 8192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [22/04/2009 21:52 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 21:46]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6db1f337d224.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-22 19:52]
.
2011-03-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-05-21 10:17]
.
2011-08-13 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programmi\NCH Software\WavePad\wavepad.exe [2011-08-13 15:26]
.
2010-01-14 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\programmi\Wise Registry Cleaner\WiseRegistryCleaner.exe [2010-01-14 22:47]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download with ImTOO iPad Mate Platinum
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\windows\system32\imon.dll
TCP: Interfaces\{5FC698AD-972E-434D-AD94-E8526C8D5F62}: NameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab
FF - ProfilePath - c:\documents and settings\Tascapane\Dati applicazioni\Mozilla\Firefox\Profiles\nv2qgmx7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage -
www.google.itFF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-lZsbPGC1M3PP - c:\programmi\Y6Yqsfk\lZsbPGC1M3PP.cpl
HKLM-Run-facemoods - c:\programmi\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
AddRemove-FileMaker Pro 5.0 - c:\windows\IsUn0410.exe
AddRemove-WinNc 5 - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{7CD46~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-09-16 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI552.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3753EF0A-9EAC-8220-B080-F82A2CE1FDE3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaelhmkjodlhdcpgok"=hex:6b,61,6b,6f,66,68,64,61,68,70,61,6a,6d,70,6b,6f,63,6d,
6e,64,6c,6a,00,00
"haokjldhjcnpoldb"=hex:6b,61,6b,6f,66,68,64,61,68,70,61,6a,6d,70,6b,6f,63,6d,
6e,64,6c,6a,00,00
"gajmadbbpeplen"=hex:61,63,69,62,62,69,65,69,66,61,63,69,6a,64,6c,6e,66,67,70,
66,63,6e,63,6e,67,6d,70,62,62,6a,6e,69,62,6a,6a,66,65,6d,6e,6c,6f,62,6d,66,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="802E84F0694A0649AC9A6D24A4E0B96E9F3B3136840D2834BD8494E690E3238B2A34D130F981AF4529C3433246A2C4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808FEBC9E127BECC74CAAF1803DBF852F5C45A4B3CA1C7298CF76893D9165E465E04D9467575D6123F2FA1F4F3C3FC8EE09604AD1EC3EEE8E7C68E4CF5CC25359C73468BB947FE3EFD49C82FB94584DC36A762E9EC017DB71A1B661505EED7267E65AC337A34C8B6199A47C8DD48348ACAA2B8993F5BC99C3D633305087BB6936EBDAEDA1D274E761201D8C1DCB6DD578F715B641FD78695BBC20A3720AB144C005C8D4D2385AEF324705DAD990F572CC823FB34A8EC67560F536B5715E0BF3D566A70939AA95FA65734DAE84FAB202220129A3E4A2D94853A82281173F35CC9747703F544772C8E28EDBF8F4296BC9462C44CDDE7797D104000346C42B5386FC6491CF3CEDEFF8E7850BC915FA9C75D7437A1D959099E398AAECE7EEE5BB3E517DE9B89742419203C7A957639777924E06A320FC322DB68B5AE7EE9D7579743354509AA42C4F7E19CAF97BF1E6DF92703B91891CE7D36529C5F0876D27CA0E94B28D3AB3D8B2096086AF34E5166ECDDB2C05328E7FC2F095A8F6018D08A1D13EE25E01AC383FE3E57877A3FB156FFD8127B512030C633A44C15FD0436CA5EDC8B4F27A06FE74A588216D8F009C64C0A57D50493D61540A0052800C666B307024FB71584FA28C477D042461D5A18099E084711C149BE58CE62227EFE3DFD0D09211F2F028E271A5CAAA222872E42E6E2016ADEEF3191ECF6AFA925CBB68C9642CCE043AC5BDC303CC22619461658889A48F8B4F5B7A3647CFAC78D601E8916A591525D3F2F6D583347A507C40E7DF1A0353066A5D279C4B320A0084DD09D1815AC6CC7D0C99313104C8CEDBC1773931A4C50C9221C8F2177DE744328DB2EAAD43CDE11C02ED8E799325354DAB604D45445281C062CD8C49F4A2575160166D59779244B75A07602F90ADCD16D8B2883375E5BC0F70E675E5AC97BBF43BA6214FB48842FEAE37C784F701D319B7C50BB51BF008BB2E0CE9D29129E853951A7FC0092023C12C181D169FC3FBE2C8B02A726EEA23A914775CDEDDC04DCA7C6BB84156D11EF493056DDE2FA0EA9F24D1ED6DFB4C41E02B2671B6A6C6C5D98F5BADC9541AE1323A1EF542A043BB22F3491292A493890B14DA82ED4F29A9A483ECF6B68D780E358BC72B84465BFBDFF57D092F1E419777829B9D7C125C3E73A066DC49606F38E0012A344EC11FAC72FC97F5F6EFDBF719BDB284BD7CD641B142535E240187E8B72F316DAE8C46C4986E83317FF66C318820AEAC72F112E16F5A83AE50734D1E633A8D6796718D2F"
"OODEFRAG14.00.00.01PROFESSIONAL"="6AB7881C85050F5C697C1130AAA3ED65D3C7B4B2D975480E37EB9D4F0E0BF1CDDC0E41DC9784DDCBC0566C45D3622CBC8F6051467C29C702BC8B367B7FCD15A0230BA6BAE8F7B005B8D6BC446013BF15CF5DF43730ADC918E81018E76129AAEB983C2FF3663E9306F5AE89B5D4C713C7A1B3D7FBB26839A85256CB964B7741247B82D4369EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6679DB7CE019D40AA5CA9C6AECB7A5D14078DDD3D353FF39FBBD68EFD8E99FBE5E972E25823FCC88B89512AEE536E5A6317339B3E413CA209FB1504917419B2407FF206C709860620BCD6E4E6740A590F31BBE40157B68F90523B3DE9610527E03C910F3A427EC2E0EAEAFBA2AA33C0D58204BF95E303DC71AE1DDDB4EBB4EC2F09B8661A2EE1A205132BB9EC41AD635BC4FEF441B94A30D92421D3D211D61B876F62350714844C34D9492A3D64109BB354B392FA100A33EEE8C2CADAAF6D4CBAA19F6C511A0D6C0B0A8A1C4627C7446935BB687081919444D691B4950BCD1E0CF1953E82CD76B11C8F4825E9FC93407B0CC48C030B0783E8EEB14900CAA2B4B259FBA2529E0F50E9FAEF9BBFC087F25B2293D7C411E2385853D8824C79E735DCF29ED431E1F801F002819D94AE8BC46E67FA678057F16A084AD21DE087704BA87E5ED2C04F2C7D1B7C140BE669DA2310EBE71CB20BD3D8DDBFFE9CD5C7E2252A61AF60D883F285CBE7CF86E9F486FD0C66571C89397F4436C2D046F971B7F5E9221A8401FE6CDDD565F1F9853C704AA7B05C50EB533B735D84CF25CCA1BD74E4EC3A0B7A278A4E833A4C10560CD18095481CE47131A52F98DC17878555955A0A91C002384295A192CD43B92B15361E824F514B678D2FC51FC6557E8EF1B567BD8471BD5DFEA628B22ED1AA06ED7D220B8BCA3A4D859B091A62CE6082BCE85D585DA454C76BAD340A8C83DBA00FD913C067EAA7D71C06CD2AEFD9C7B563C903A45847A106FDEC9FAF3C7A8865D5D4F8AB70A7D46FB7586E625962122D73CD236354D745570D7BC4B238EBB1F3844BDF44598BBFB123D4C748A6666320E1390DC8D56D21B5574383149BA09BA0BF6A597976B32E6E8C903C5809FA9FFE04A412FC06AD5D4AFB043FC629F64D711236782B42532AAA85F3B10252467169977F0B9B2E56E3F2FE50DFB544DE1424E688D732DB31809C05BA8F26788448B63B8BCF35C0B7E543C90FD0BDF55EFE25110B92D784A642B36678C69D980455EEF1DDC04D4F35550128FA81AFEA0F639AC6BE4A5820224410668E47B270A88E4FA360C0DB1447E828CA23E650751ED7DB9EF624E7BBA62084A8B70725E2E9AD4B1B5035CDE97B9BE546E876D8894B3A7219DB472B83C9B21BB201FEA7F6D13385"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(1288)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2011-09-16 01:19:04
ComboFix-quarantined-files.txt 2011-09-15 23:18
.
Pre-Run: 6.015.234.048 byte disponibili
Post-Run: 6.767.640.576 byte disponibili
.
- - End Of File - - 324A4DA6DF0BDDB3F7F54872DDC97048