Rank: AiutAmico
Iscritto dal : 12/11/2008
Posts: 508
|
ComboFix 09-05-19.08 - agostino 20/05/2009 14.42.51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.400 [GMT 2:00]
Eseguito da: c:\documents and settings\agostino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090519-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.
/wow section - STAGE 1
"PV" non è riconosciuto come comando interno o esterno
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\agostino\Dati applicazioni\inst.exe
c:\programmi\QUAD Utilities
c:\windows\msvrc20.dll
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-04-20 al 2009-05-20 )))))))))))))))))))))))))))))))))))
.
2009-05-20 11:46 . 2009-05-20 11:53 -------- d-----w c:\windows\LastGood
2009-05-16 09:35 . 2009-05-16 09:35 -------- d-----w c:\documents and settings\LocalService\Menu Avvio
2009-05-13 10:11 . 2009-03-03 10:19 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-13 10:11 . 2009-03-03 10:19 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-13 10:11 . 2009-05-13 10:14 -------- d-----w c:\programmi\ThreatFire
2009-05-13 10:11 . 2009-05-13 10:11 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-05-11 16:36 . 2009-05-11 16:36 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2009-05-11 12:46 . 2009-05-11 12:47 -------- d-----w c:\documents and settings\agostino\Dati applicazioni\FileZilla
2009-05-10 07:52 . 2009-05-10 07:52 -------- d-----w c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\dcunningham.net
2009-05-05 16:20 . 2009-05-05 16:20 -------- d-----w c:\programmi\UltraUXThemePatcher
2009-05-05 16:01 . 2009-05-05 16:20 -------- d-----w c:\windows\VistaMizer
2009-05-01 08:11 . 2003-06-25 14:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-04-23 11:10 . 2009-04-23 11:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-04-21 13:04 . 2009-04-21 13:04 -------- d-----w c:\programmi\UnH Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 12:49 . 2009-03-07 18:11 601180192 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 07:34 . 2009-01-28 14:32 -------- d-----w c:\programmi\SpywareBlaster
2009-05-19 21:16 . 2009-03-07 18:11 7032140 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-19 21:16 . 2007-09-26 16:34 384 ----a-w c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-05-19 21:16 . 2007-09-26 16:34 384 ----a-w c:\windows\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-05-19 17:14 . 2009-01-26 09:24 -------- d-----w c:\programmi\Photocopier
2009-05-19 17:13 . 2008-12-10 16:29 1480 ----a-w c:\windows\AUTOLNCH.REG
2009-05-19 11:44 . 2007-09-26 17:30 76960 ----a-w c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-16 16:15 . 2009-02-07 16:08 -------- d--h--r c:\programmi\rnamfler
2009-05-15 05:47 . 2009-03-11 12:23 -------- d-----w c:\programmi\Spyware Terminator
2009-05-14 05:28 . 2008-11-07 17:29 -------- d-----w c:\programmi\a-squared Free
2009-05-13 15:51 . 2009-02-01 17:32 -------- d-----w c:\programmi\VDOWNLOADER
2009-05-13 06:47 . 2008-06-09 08:45 -------- d-----w c:\programmi\Google
2009-05-12 16:40 . 2008-12-19 17:45 -------- d-----w c:\programmi\FormatFactory
2009-05-05 16:22 . 2009-01-13 10:21 -------- d-----w c:\programmi\7-Zip
2009-05-05 16:20 . 2007-01-03 10:53 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-05-02 13:02 . 2008-11-29 18:50 -------- d-----w c:\programmi\Digital Support
2009-04-30 15:09 . 2004-08-19 13:39 14336 ----a-w c:\windows\system32\svchost.exe
2009-04-25 16:32 . 2008-06-06 09:45 -------- d-----w c:\programmi\eMule AdunanzA
2009-04-24 11:24 . 2008-11-09 11:15 -------- d-----w c:\programmi\IObit
2009-04-23 11:10 . 2007-09-26 16:28 -------- d-----w c:\programmi\File comuni\InstallShield
2009-04-22 10:14 . 2009-01-21 08:25 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-22 10:14 . 2009-01-21 07:59 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-18 06:21 . 2001-08-31 11:00 70544 ----a-w c:\windows\system32\perfc010.dat
2009-04-18 06:21 . 2001-08-31 11:00 440128 ----a-w c:\windows\system32\perfh010.dat
2009-04-10 06:23 . 2009-02-20 09:51 -------- d-----w c:\programmi\TuxMath
2009-04-07 06:02 . 2009-01-18 14:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 15:31 . 2008-11-15 16:03 -------- d-----w c:\programmi\Kantaris
2009-04-06 13:32 . 2009-01-18 14:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 14:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 07:30 . 2008-12-15 20:12 -------- d-----w c:\programmi\Any Video Converter
2009-04-02 15:04 . 2008-08-09 18:25 -------- d-----w c:\programmi\Java
2009-04-01 13:15 . 2009-04-01 13:15 -------- d-----w c:\programmi\Pivot Stickfigure Animator
2009-03-26 06:44 . 2008-12-08 14:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-24 10:57 . 2009-03-24 10:57 -------- d-----w c:\programmi\filehippo.com
2009-03-16 17:42 . 2009-03-16 17:42 524288 ----a-w c:\windows\opuc.dll
2009-03-13 08:46 . 2008-12-24 13:06 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-11 12:23 . 2009-03-11 12:23 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-07 13:53 . 2008-11-23 11:03 37270 ----a-w c:\windows\system32\OggDSuninst.exe
2009-03-06 14:19 . 2004-08-19 13:39 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2007-01-03 10:56 927744 ----a-w c:\windows\system32\wininet.dll
2009-02-26 13:59 . 2009-02-26 13:59 29 ----a-w c:\windows\system32\RfT_R.DAT
2009-02-24 14:33 . 2009-02-24 14:33 24575 ----a-w c:\windows\system32\Mpwinapppiobas69.dat
2009-02-24 09:32 . 2008-12-24 13:06 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-02-24 09:31 . 2008-12-24 13:06 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-02-20 17:08 . 2007-01-03 10:56 78336 ----a-w c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2007-03-08 15:48 579072 BAB4F995E526484A235A276E269AAF7F c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-01-03 10:51 578048 14B5D6B20467DBA209853D65D1F6A124 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 02:13 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\system32\user32.dll
[7] 2008-04-14 02:13 579584 FA94696C0727BD59E517C674CD6E7C72 c:\windows\VistaMizer\old\user32.dll
[-] 2007-06-27 14:13 824320 0C7D45E58E856198D7C4018976627E01 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 09:48 825344 69D5497609B4FB0981F17074671E072B c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:21 825344 714D8A2B05B2AAF0C6A39241A1ED914F c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 01:40 825344 39CCDA0E9B778792B06C1B9D794A9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 93DB90BE4A10EC784DDC9C8601A28AA6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 04:19 827392 FE184A2B736F216CCC22ABEEBB40787D c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:39 827904 BF9D17259082632F03F3FF5759C6AE32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 8E694EC9DA095E518D9447B3293208EA c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 19:32 827904 F303CFED3D8B8348A54F7A53DDC7CCA0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:47 827904 3F7320E0F75F2B5A7A9AD32AEA08BF21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:15 828416 C04C42D707CDB4129B86C4E96FA5C24B c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2007-01-03 10:56 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 13:23 823808 2513EAEB6C4172C7D7B5148CC41F7222 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 09:57 824832 21AA12B75CE02358E0AD8C706680869F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:49 824832 419A6F3D56E469BCBE71128A78463DA4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:04 824832 ED2A73AB0EBA3C4CB6794077CD09EC95 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 12:58 826368 61D4F43D26EC9D21BEB6F38F22B396AB c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 C1089010BCC3FD01056D26E9A36BBB79 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:15 826368 4B54220877703198E55F61CB7B87979E c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:57 826368 D590241CADEC69A1BC157DC0452C92D1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:04 826368 A4C79606C0D9835E8A5A8E5E5804AE60 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 22:31 826368 EF1520F95DD25F48C18502005F5EE995 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:03 927744 B1F5509BD1E600EE5A6CF10AB224C952 c:\windows\system32\dllcache\wininet.dll
[7] 2009-03-03 00:03 826368 0F74B461F95EC8373FFF5990DC619A75 c:\windows\VistaMizer\old\wininet.dll
[7] 2004-08-19 13:39 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 02:14 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\winlogon.exe
[7] 2008-04-14 02:14 510464 9259170D29B5A256735FCB8B80280857 c:\windows\VistaMizer\old\winlogon.exe
[7] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 17:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 06:06 2063104 F89D8E24FBE047506D60B850D00BDEE3 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-01-03 11:06 2062976 45667B9D57A4C600C51900DC3202F9B9 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 13:22 2069760 93FB9D817B37DF1191B73DB7BC2F4006 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 01:54 2069632 5E95F445B70ADCF8876D1203852262A1 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-10 17:02 2327040 03C94C082FC31C0A6EFC9D1D8EA27D28 c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 17:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 16:06 2185856 763EA08993B467A3AF048EF185B1F805 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2007-01-03 10:50 2185728 28EB809770020C886A3E1C8A48D62E21 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 13:22 2192896 0F93D9366B222D63F9402F7ED45CF2A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 01:55 2192768 7D804C28404E94F57967DE3394201D55 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:23 2450048 3D4E0F6CA3402C59AA54B61550D7DD7D c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\VistaMizer\old\ntoskrnl.exe
[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\explorer.exe
[-] 2007-06-13 13:10 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-01-03 10:48 1035776 65C5B72C274674B06403D209E6F4A54F c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:14 1554944 287B3020F1324E99F313C9E7FCFCCCCC c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 02:14 1036288 70D7F99D95615C3C278367756287DB71 c:\windows\VistaMizer\old\explorer.exe
[7] 2004-08-19 13:39 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 02:14 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 02:14 15360 F53CDDEF33A4C41336A782BE3D170158 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"CM"="c:\progra~1\VCM\cm.exe" [2006-01-01 126976]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2008-11-28 3061248]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"DriverMax"="c:\programmi\Innovative Solutions\DriverMax\devices.exe" [2009-01-30 5386584]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" [2009-03-23 146432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\programmi\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 57344]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCTVRemote"="c:\programmi\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"CloneDVDElbyDelay"="c:\programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 45056]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-26 2176000]
"wrna3ls"="c:\programmi\rnamfler\naomf.exe" [2006-04-01 1253960]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe" [2004-06-14 221184]
"ThreatFire"="c:\programmi\ThreatFire\TFTray.exe" [2009-03-03 263440]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\agostino\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
VCM.lnk - c:\programmi\VCM\cm.exe [2008-11-22 126976]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Pinnacle Scheduler.lnk - c:\programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-9-27 245760]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Pinnacle\\PCTV Stereo\\TeleText\\WebServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21928:TCP"= 21928:TCP:BitComet 21928 TCP
"21928:UDP"= 21928:UDP:BitComet 21928 UDP
"11603:TCP"= 11603:TCP:BitComet 11603 TCP
"11603:UDP"= 11603:UDP:BitComet 11603 UDP
"17054:TCP"= 17054:TCP:BitComet 17054 TCP
"17054:UDP"= 17054:UDP:BitComet 17054 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/01/2009 9.59.34 64160]
R0 ndisrd;ndisrd;c:\windows\system32\drivers\ndisrd.sys [22/11/2008 15.02.32 15340]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [13/05/2009 12.11.08 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [13/05/2009 12.11.09 39184]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/08/2004 18.22.54 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 10.30.12 114768]
R1 is-QVPF3drv;is-QVPF3drv;c:\windows\system32\drivers\38729904.sys [07/03/2009 20.10.59 148496]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/12/2008 15.06.54 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11/03/2009 14.23.32 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 10.30.12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 953168]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/12/2008 15.06.56 73840]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26/09/2007 18.28.18 15840]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26/09/2007 18.56.01 698368]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [26/09/2007 19.07.59 44544]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/12/2008 15.06.29 95640]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26/09/2007 19.11.17 6400]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [13/05/2009 12.11.09 33040]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 SASENUM;SASENUM; [x]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [02/03/2009 14.17.03 49632]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - TFNETMON
*Deregistered* - mchInjDrv
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 10:13]
2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{A6A01747-FD5F-45F8-86D4-862341F42BC4}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 10:56]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
IE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Add to Local Website Archive - c:\documents and settings\agostino\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b1,0c,63,da,a9,
0d,c8,4d,e2,63,26,f1,3f,c8,ff,68,e8,df,dc,61,e9,53,46,05,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,9a,6e,b1,4a,3a,
12,bd,0b,6a,9c,d6,61,af,45,84,18,6b,23,25,13,31,c4,00,28,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,81,17,29,ac,39,
bd,69,24,ff,7c,85,e0,43,d4,0e,fe,25,72,64,22,4e,46,77,61,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,58,67,86,82,d7,
ba,11,26,86,8c,21,01,be,91,eb,e7,09,5a,14,75,03,04,64,d6,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ca,c2,27,c4,12,
37,35,71,f5,1d,4d,73,a8,13,5c,05,e9,d1,b3,ac,40,f2,12,cb,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,37,92,f5,39,19,
81,c5,ec,df,20,58,62,78,6b,cf,c8,3c,5a,32,ee,3d,03,b9,e5,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,67,4f,0e,b1,0e,
35,7c,5d,fb,a7,78,e6,12,2f,9a,ea,af,3b,28,9c,ef,3b,1e,d5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,25,ad,7b,43,
95,83,35,01,3a,48,fc,e8,04,4a,f1,94,86,5b,0c,a3,fe,eb,1f,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,f7,6d,d6,79,c6,
66,ca,76,f6,0f,4e,58,98,5b,89,c9,37,4d,82,34,41,85,30,c7,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ed,aa,a1,87,8b,
22,68,00,3d,ce,ea,26,2d,45,aa,78,81,bf,0a,7c,a0,df,d9,33,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,06,7f,85,4a,c4,
6f,f7,e8,2a,b7,cc,b5,b9,7f,41,e7,e3,c6,f8,59,53,2e,14,f1,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,33,28,cc,f4,63,
14,5b,1d,6c,43,2d,1e,aa,22,2f,9c,3f,97,0b,4a,2a,60,96,02,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-05-20 14.53.07
ComboFix-quarantined-files.txt 2009-05-20 12:53
Pre-Run: 25.301.196.800 byte disponibili
Post-Run: 25.338.621.952 byte disponibili
343 --- E O F --- 2009-05-13 15:19
Questo il log di KomboFix.
|