SEGUONO I LOG RICHIESTI
QUALI SOFTWARE MI CONSIGLI ?
GRAZIE !
*************************************************
Malwarebytes' Anti-Malware 1.41
Versione del database: 2907
Windows 5.1.2600 Service Pack 3
05/10/2009 10.14.41
mbam-log-2009-10-05 (10-14-41).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 170580
Tempo trascorso: 46 minute(s), 35 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
************************************************************************
ComboFix 09-10-04.01 - desktop 05/10/2009 10.21.55.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1419 [GMT 2:00]
Eseguito da: c:\documents and settings\desktop\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4116899310-64440567-312699812-1000
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\desktop\Dati applicazioni\Desktopicon
c:\documents and settings\desktop\Dati applicazioni\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\desktop\Dati applicazioni\Microsoft\Clip Organizer\Offic10.MGC
C:\InfoSat.txt
c:\windows\Installer\dc9f10.msi
c:\windows\system32\42KJE738.ocx
c:\windows\system32\ICON.ico
c:\windows\system32\OGACheckControl.dll
----- BITS: Possibili siti infetti -----
hxxp://www.photoshow.com
.
((((((((((((((((((((((((( Files Creati Da 2009-09-05 al 2009-10-05 )))))))))))))))))))))))))))))))))))
.
2009-10-04 20:50 . 2009-10-04 21:11 -------- d-----w- C:\FindyKill
2009-10-04 01:30 . 2009-10-04 01:30 -------- d-----w- c:\temp\twain
2009-10-04 01:27 . 2009-10-04 01:27 -------- d-----w- c:\programmi\File comuni\Fellowes
2009-10-04 01:27 . 2002-02-28 01:27 60416 ------w- c:\windows\system32\miroDV2Bmp.dll
2009-10-04 01:27 . 2002-04-24 02:02 40960 ------w- c:\windows\system32\langserv.dll
2009-10-04 00:10 . 2009-10-04 00:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\QuickTime
2009-10-04 00:08 . 2002-02-28 01:28 81920 ------w- c:\windows\system32\vdrmux.dll
2009-10-04 00:08 . 2002-02-28 01:28 46592 ------w- c:\windows\system32\vdrcodec.dll
2009-10-03 23:19 . 2001-10-31 07:14 77824 ----a-w- c:\windows\system32\mplaw7.dll
2009-10-03 23:19 . 2001-10-31 07:14 77824 ----a-w- c:\windows\system32\mplaa6.dll
2009-10-03 23:19 . 2001-10-31 07:14 65536 ----a-w- c:\windows\system32\mplapx.dll
2009-10-03 23:19 . 2001-10-31 07:14 65536 ----a-w- c:\windows\system32\mplam6.dll
2009-10-03 23:19 . 2001-10-31 07:14 1650688 ----a-w- c:\windows\system32\mplva6.dll
2009-10-03 23:19 . 2001-10-31 07:14 1581056 ----a-w- c:\windows\system32\mplvw7.dll
2009-10-03 23:19 . 2001-10-31 07:14 1552384 ----a-w- c:\windows\system32\mplvm6.dll
2009-10-03 23:19 . 2001-10-31 07:14 1122304 ----a-w- c:\windows\system32\mplvpx.dll
2009-10-03 23:19 . 2001-09-17 10:20 19968 ----a-w- c:\windows\system32\cpuinf32.dll
2009-10-03 23:19 . 2009-10-03 23:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MAGIX
2009-10-03 14:27 . 2009-10-03 14:27 110304 ----a-w- c:\windows\system32\drivers\ACEDRV09.sys
2009-10-03 14:17 . 2009-10-03 14:21 -------- d-----w- c:\programmi\File comuni\MAGIX Shared
2009-10-03 14:09 . 1998-10-15 14:28 85504 ----a-w- c:\windows\system32\HtmlWH.dll
2009-10-03 07:41 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-10-03 01:28 . 2009-10-03 17:10 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\MAGIX
2009-10-03 01:15 . 2007-04-27 07:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-10-03 01:13 . 2009-10-03 23:22 -------- d-----w- c:\windows\system32\MAGIX
2009-10-03 01:13 . 2007-12-04 12:20 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-10-03 00:48 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-10-03 00:48 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-10-02 14:02 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\desktop\Dati applicazioni\U3\temp\cleanup.exe
2009-10-02 14:02 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\desktop\Dati applicazioni\U3\temp\Launchpad Removal.exe
2009-09-30 10:57 . 2009-09-30 10:57 -------- d-----w- c:\programmi\File comuni\Yahoo!
2009-09-30 10:57 . 2009-09-30 10:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Studio 12
2009-09-30 10:57 . 2009-09-30 10:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Plus
2009-09-29 21:32 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-09-29 21:32 . 2009-09-29 21:34 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-09-28 22:56 . 2005-07-12 12:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2009-09-28 22:56 . 2002-09-24 09:12 466624 ----a-w- c:\windows\system32\LTRPR13n.DLL
2009-09-28 22:56 . 2002-09-24 09:12 194248 ----a-w- c:\windows\system32\LTRFD13n.DLL
2009-09-28 22:56 . 2002-09-24 09:12 79360 ----a-w- c:\windows\system32\lfeps13s.dll
2009-09-28 22:56 . 2002-09-24 09:12 74752 ----a-w- c:\windows\system32\lfgif13s.dll
2009-09-28 22:56 . 2002-09-24 09:12 185856 ----a-w- c:\windows\system32\lfpng13s.dll
2009-09-28 22:56 . 2002-08-03 02:34 73728 ------w- c:\windows\system32\MMAviAx.dll
2009-09-28 22:56 . 2002-02-28 01:27 114759 ------w- c:\windows\system32\Aviprax.dll
2009-09-28 22:47 . 2009-09-28 22:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SmartSound Software Inc
2009-09-28 22:47 . 2009-09-28 22:47 -------- d-----w- c:\programmi\SmartSound Software
2009-09-28 22:45 . 2003-11-25 04:02 57856 ----a-w- c:\windows\system32\masd32.dll
2009-09-28 22:45 . 2003-11-25 04:02 138752 ----a-w- c:\windows\system32\mase32.dll
2009-09-28 22:45 . 2003-11-25 04:02 136192 ----a-w- c:\windows\system32\mamc32.dll
2009-09-28 22:45 . 2003-11-25 04:02 196096 ----a-w- c:\windows\system32\macd32.dll
2009-09-28 22:45 . 2003-11-25 04:02 27648 ----a-w- c:\windows\system32\ma32.dll
2009-09-28 22:45 . 2004-02-24 11:04 41219 ----a-w- c:\windows\RSETPATH.exe
2009-09-28 22:44 . 2009-09-28 22:44 25214 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
2009-09-28 22:44 . 2009-09-28 22:44 25214 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe
2009-09-28 22:44 . 2004-01-23 15:44 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2009-09-28 14:24 . 2009-09-28 14:24 -------- d-----w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\Pinnacle
2009-09-28 13:52 . 2009-09-28 13:52 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\DivX
2009-09-28 13:50 . 2009-09-28 13:50 29926 ----a-r- c:\documents and settings\desktop\Dati applicazioni\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-09-28 13:50 . 2009-09-28 13:50 -------- d-----w- c:\programmi\File comuni\Pinnacle
2009-09-28 13:50 . 2009-09-28 13:50 -------- d-----w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-09-28 13:49 . 2009-09-28 13:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2009-09-25 09:16 . 2009-09-25 09:24 17561072 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\rp\.exe
2009-09-25 09:15 . 2009-09-25 09:16 8405312 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-09-25 09:11 . 2009-09-25 09:11 10309448 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\chr\ChromeInstaller.exe
2009-09-25 09:05 . 2009-09-25 09:05 64000 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\gcapi_dll.dll
2009-09-25 09:05 . 2009-09-25 09:05 52288 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\gtapi.dll
2009-09-25 09:05 . 2009-09-25 09:05 50688 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\fftbapi.dll
2009-09-25 09:05 . 2009-09-25 09:05 114688 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\RUP\inst_config\compat.dll
2009-09-24 20:41 . 2009-09-28 22:45 -------- d-----w- c:\programmi\DivX
2009-09-24 19:28 . 2009-09-24 19:28 435720 ----a-w- c:\documents and settings\desktop\Dati applicazioni\Real\Update\setup3.08\setup.exe
2009-09-16 14:38 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-09-14 13:31 . 2009-09-14 13:31 -------- d-----w- c:\programmi\FileHippo.com
2009-09-14 13:18 . 2009-09-14 13:18 -------- d-----w- c:\programmi\QuickTime
2009-09-14 11:17 . 2009-09-04 15:44 515416 ------w- c:\windows\system32\XAudio2_5.dll
2009-09-14 11:17 . 2009-09-04 15:44 238936 ------w- c:\windows\system32\xactengine3_5.dll
2009-09-14 11:17 . 2009-09-04 15:29 1974616 ------w- c:\windows\system32\D3DCompiler_42.dll
2009-09-14 11:17 . 2009-09-04 15:29 5501792 ------w- c:\windows\system32\d3dcsx_42.dll
2009-09-14 11:17 . 2009-09-04 15:29 453456 ------w- c:\windows\system32\d3dx10_42.dll
2009-09-14 11:17 . 2009-09-04 15:29 235344 ------w- c:\windows\system32\d3dx11_42.dll
2009-09-14 11:17 . 2009-09-04 15:29 1892184 ------w- c:\windows\system32\D3DX9_42.dll
2009-09-13 21:29 . 2009-09-13 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-09-13 21:29 . 2009-09-13 21:29 -------- d-----w- c:\programmi\McAfee Security Scan
2009-09-13 21:28 . 2009-09-13 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-09-13 21:05 . 2009-10-02 13:24 -------- d-----w- c:\windows\Logs
2009-09-13 19:39 . 2009-09-28 19:42 154268 ------w- c:\windows\system32\mlfcache.dat
2009-09-13 19:29 . 2009-09-13 19:29 -------- d-----w- c:\programmi\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 22:17 . 2009-01-20 14:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-04 21:40 . 2009-01-15 21:43 -------- d-----w- c:\programmi\Creative
2009-10-04 21:39 . 2009-01-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Creative
2009-10-04 21:32 . 2001-08-31 12:00 90920 ----a-w- c:\windows\system32\perfc010.dat
2009-10-04 21:32 . 2001-08-31 12:00 508470 ----a-w- c:\windows\system32\perfh010.dat
2009-10-04 11:53 . 2009-02-04 18:01 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Nero
2009-10-04 11:27 . 2009-02-04 18:07 -------- d-----w- c:\programmi\File comuni\Simple Star Shared
2009-10-04 11:27 . 2009-02-04 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-10-04 09:24 . 2009-01-14 13:52 219272 ----a-w- c:\documents and settings\desktop\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-04 09:23 . 2009-01-14 23:31 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\MailWasherFree
2009-10-04 00:08 . 2009-01-14 19:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-02 14:02 . 2009-01-30 17:12 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\U3
2009-10-01 10:25 . 2009-01-15 09:55 -------- d-----w- c:\programmi\Lexmark 1200 Series
2009-09-30 18:44 . 2009-01-15 22:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI MMC
2009-09-28 14:49 . 2009-02-20 15:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-28 13:17 . 2009-08-28 19:46 -------- d-----w- c:\programmi\Steinberg
2009-09-28 13:16 . 2009-08-28 19:29 -------- d-----w- c:\programmi\Pinnacle
2009-09-24 21:30 . 2009-01-20 13:01 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-09-24 20:56 . 2009-08-28 19:47 2019 ----a-w- c:\windows\NewRecorder.reg
2009-09-14 14:35 . 2009-01-15 00:11 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Apple Computer
2009-09-14 13:46 . 2009-06-12 07:54 411368 ------w- c:\windows\system32\deploytk.dll
2009-09-14 13:32 . 2009-02-03 09:32 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\uTorrent
2009-09-14 13:19 . 2009-03-03 20:24 -------- d-----w- c:\programmi\File comuni\Apple
2009-09-14 11:24 . 2009-01-14 22:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-09-10 12:54 . 2009-01-16 02:21 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-01-16 02:21 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:44 . 2009-09-13 21:09 69464 ------w- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 19:53 . 2009-08-28 19:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-08-28 19:46 . 2009-08-28 19:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-08-28 19:46 . 2009-01-14 19:35 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-08-28 19:46 . 2009-08-28 19:46 -------- d-----w- c:\programmi\Jasc Software Inc
2009-08-28 19:31 . 2009-08-28 19:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio
2009-08-28 17:30 . 2009-08-28 17:30 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\avidemux
2009-08-28 15:57 . 2009-08-28 15:57 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Pegasys Inc
2009-08-27 13:51 . 2009-08-27 13:51 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Nokia Multimedia Player
2009-08-27 13:29 . 2009-08-27 13:29 -------- d-----w- c:\programmi\DsNET Corp
2009-08-27 13:23 . 2009-08-27 13:07 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Orbit
2009-08-27 13:07 . 2009-08-27 13:07 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\GrabPro
2009-08-21 08:37 . 2009-01-14 22:14 -------- d-----w- c:\programmi\MSBuild
2009-08-21 08:37 . 2009-08-21 08:37 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-19 12:47 . 2009-08-19 12:47 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\Design-Lib.Com
2009-08-19 12:47 . 2009-08-19 12:47 -------- d-----w- c:\programmi\Design-Lib Creations
2009-08-18 21:34 . 2009-01-15 10:37 -------- d-----w- c:\programmi\File comuni\Adobe
2009-08-18 21:29 . 2009-08-18 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-08-18 21:28 . 2009-08-18 21:28 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-08-11 16:05 . 2009-08-11 16:05 -------- d-----w- c:\documents and settings\desktop\Dati applicazioni\FontCreator
2009-08-05 08:59 . 2008-04-13 17:13 205312 ------w- c:\windows\system32\mswebdvd.dll
2009-07-18 08:45 . 2009-08-11 16:05 147608 ------w- c:\windows\system32\FontInstaller.dll
2009-07-17 19:01 . 2008-04-13 17:13 58880 ------w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-08-15 08:27 286208 ------w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2008-08-15 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-08-15 . 902E0A75C51196A82BED9CC0E3AC8756 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2008-08-15 1274880]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"Lexmark 1200 Series"="c:\programmi\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"TVTray"="c:\progra~1\TVAV~1\TVAV~1\TVTray.exe" [2004-09-10 245760]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-29 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"PCLEPCI"="c:\progra~1\Pinnacle\PPE\PPE.EXE" [2004-02-03 49152]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"PSDrvCheck"="d:\programmi\Foto\programs\PSDrvCheck.exe" [2003-09-12 406016]
"Malwarebytes Anti-Malware (reboot)"="d:\programmi\DiskUtility\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2008-08-15 1274880]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Nokia.PCSync"="d:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=c:\windows\TEMP\PQ_BATCH.PQB /win=c:\windows /dbg=c:\WINDOWS\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0autocheck autochk *\0lsdelete
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^desktop^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Programmi\\Internet\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\Internet\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"d:\\Programmi\\Internet\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"d:\\Programmi\\Video\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/02/2009 17.43.15 64160]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [03/10/2009 16.27.35 110304]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\programmi\Lavasoft\Ad-Aware\AAWService.exe" --> c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\programmi\Foto\MAGIX\Common\Database\bin\fbserver.exe --> d:\programmi\Foto\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [14/01/2009 16.35.01 13824]
S3 UPnPService;UPnPService;c:\programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe [03/10/2009 16.21.59 544768]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [15/01/2009 23.10.28 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [15/01/2009 23.10.25 170368]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection WSidebar.inf,Registrazione_SideBar
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-10-05 c:\windows\Tasks\RegCure Program Check.job
- d:\programmi\DiskUtility\RegCure\RegCure.exe [2007-08-02 07:20]
2009-01-20 c:\windows\Tasks\RegCure.job
- d:\programmi\DiskUtility\RegCure\RegCure.exe [2007-08-02 07:20]
2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{BAA84876-83C2-408E-B173-4487A0AA420E}.job
- c:\windows\system32\msfeedssync.exe [2001-08-31 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.nontipago.it/Servizi/Notizie.htm
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\desktop\Dati applicazioni\Mozilla\Firefox\Profiles\vtjs5iq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nontipago.it/Servizi/Notizie.htm
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-fsm - (no file)
AddRemove-HijackThis - c:\docume~1\desktop\IMPOST~1\Temp\_tc\HijackThis.exe
AddRemove-Karaoke 5_is1 - n:\portableapps\Karaoke5\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-05 10:26
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,4f,a4,fb,bb,cd,
ac,25,f2,2e,e8,e1,00,eb,16,2b,de,eb,f6,34,06,17,ab,f7,7c,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,93,a0,b4,32,50,
c3,3f,25,46,47,15,b0,92,4b,c7,ef,ac,7c,c4,26,f8,87,65,a7,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,82,02,96,f3,70,
9e,4d,0f,7a,45,05,fd,91,e8,6f,31,f3,34,9f,0e,ad,ff,89,d7,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,2d,fd,45,1e,e0,
24,5d,72,6b,65,49,6a,7e,99,74,f7,4d,99,5a,ec,bc,22,6f,b9,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bc,e0,15,5d,b7,
7d,6a,a0,e9,02,6c,fa,fb,1d,47,57,af,47,82,cd,8e,77,12,c2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,81,2b,75,b0,5e,
12,51,35,50,93,e5,ab,ec,6a,4e,ab,e0,ac,cb,56,9c,6d,89,c6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e2,10,c3,7e,26,
28,d0,ac,97,20,4e,9a,c7,f1,35,ee,cf,1d,d3,4c,9f,bc,56,6b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,93,e1,cb,67,94,
32,96,d2,aa,52,c6,00,84,3c,26,64,50,32,93,6e,92,d6,d3,b1,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,fa,81,bc,82,cf,
30,33,76,b2,46,9a,e2,1b,fe,1b,94,bd,08,03,bf,03,c3,5b,c4,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,47,58,75,a6,fc,
c5,73,1b,37,a4,aa,c3,a6,15,56,0a,ce,40,14,89,34,b8,b9,69,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,66,8b,96,1e,c2,
b0,25,e5,f8,31,0f,a9,5f,a0,ec,fb,54,17,24,b2,6e,3b,2e,7b,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,57,3a,21,97,e9,
25,b7,35,05,73,21,dd,54,d8,4a,c5,9a,09,dd,e4,97,51,db,44,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-10-05 10.28.53
ComboFix-quarantined-files.txt 2009-10-05 08:28
Pre-Run: 30.843.293.696 byte disponibili
Post-Run: 30.801.977.344 byte disponibili
397 --- E O F --- 2009-09-14 11:28