Fatto
Ecco il rapporto ComboFix
ComboFix 10-03-04.05 - utente 05/03/2010 17.11.28.3.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.2047.996 [GMT 1:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton AntiVirus *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kkowswiv.dll
.
---- Esecuzione precedente -------
.
c:\microsoft\msnmsgs.exe
c:\users\utente\AppData\Roaming\Desktopicon\config.ini
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\qks.txt
.
((((((((((((((((((((((((( Files Creati Da 2010-02-05 al 2010-03-05 )))))))))))))))))))))))))))))))))))
.
2010-03-05 16:02 . 2010-03-05 16:17 -------- d-----w- c:\users\utente\AppData\Local\temp
2010-03-01 19:02 . 2010-03-01 19:02 44032 ----a-w- c:\windows\system32\wtzrg6.dll
2010-02-28 09:05 . 2010-02-28 09:05 -------- d-----w- c:\program files\Goomsoft
2010-02-28 08:47 . 2010-02-28 08:53 -------- d-----w- c:\program files\ChrisTV Online FREE Edition
2010-02-28 08:09 . 2010-02-28 08:09 -------- d-----w- c:\users\utente\AppData\Roaming\FDRLab
2010-02-25 08:22 . 2010-02-25 08:23 -------- d-----w- c:\program files\Glary Registry Repair
2010-02-24 09:24 . 2010-02-24 09:24 -------- d-----w- c:\program files\IncrediMail
2010-02-24 07:30 . 2010-02-24 08:24 -------- d-----w- c:\users\utente\AppData\Local\IM
2010-02-24 07:30 . 2010-02-24 07:30 -------- d-----w- c:\programdata\IncrediMail
2010-02-24 07:30 . 2010-02-24 07:32 -------- d-----w- c:\programdata\IM
2010-02-24 05:30 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 05:30 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 05:30 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 05:30 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 05:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 05:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 05:30 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 05:29 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 05:29 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 05:29 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 05:29 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 05:29 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 05:29 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 19:19 . 2007-05-23 16:54 260248 ----a-w- c:\windows\system32\QMO.dll
2010-02-23 19:19 . 2007-05-23 16:54 80024 ----a-w- c:\windows\system32\TXGYUploader.dll
2010-02-23 19:19 . 2007-05-23 16:54 92312 ----a-w- c:\windows\system32\QMOCameraDll.dll
2010-02-23 06:57 . 2010-02-26 07:24 -------- d-----w- c:\users\utente\AppData\Roaming\FreshDiagnose
2010-02-22 19:06 . 2010-02-27 15:35 -------- d-----w- c:\program files\MyInternetTV
2010-02-21 07:52 . 2010-02-25 19:14 -------- d-----w- c:\users\utente\AppData\Roaming\java
2010-02-21 07:52 . 2010-02-25 19:14 45056 ---ha-w- c:\users\utente\AppData\Roaming\java\msnmsgs.exe
2010-02-21 07:52 . 2010-02-21 07:55 0 ----a-w- c:\users\utente\AppData\Roaming\msnmsgs.exe
2010-02-20 06:44 . 2010-02-26 07:52 -------- d-----w- c:\users\utente\Tracing
2010-02-19 06:11 . 2010-02-18 19:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-18 19:27 . 2010-03-04 19:21 94712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-18 19:27 . 2010-02-18 19:27 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-18 19:27 . 2010-03-04 19:21 961984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 19:27 . 2010-02-18 19:27 835312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 19:27 . 2010-02-18 19:27 842992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 19:27 . 2010-03-04 19:21 1593320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 19:27 . 2010-02-18 19:27 815184 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 19:27 . 2010-02-18 19:27 1229232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-18 19:18 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-18 19:16 . 2010-02-18 19:16 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 19:16 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 19:16 . 2010-02-18 19:16 -------- d-----w- c:\program files\Lavasoft
2010-02-18 08:06 . 2010-02-18 08:06 81920 ----a-w- c:\users\utente\AppData\Roaming\ezpinst.exe
2010-02-18 08:06 . 2010-02-18 08:09 -------- d-----w- c:\program files\Video Convert Master
2010-02-17 08:27 . 2010-02-17 08:27 -------- d-----w- c:\users\utente\AppData\Local\WinAVI
2010-02-17 08:27 . 2010-02-17 08:27 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2010-02-17 08:27 . 2010-02-17 08:27 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2010-02-17 08:11 . 2010-02-17 08:18 -------- d-----w- c:\users\utente\AppData\Roaming\WinAVI
2010-02-17 06:23 . 2010-02-17 07:47 -------- d-----w- C:\OutputFolder
2010-02-13 13:58 . 2010-02-13 13:58 -------- d-----w- c:\users\utente\AppData\Roaming\MOVAVI
2010-02-13 13:55 . 2010-02-13 13:55 -------- d-----w- c:\users\utente\AppData\Local\Downloaded Installations
2010-02-13 07:02 . 2010-02-13 07:04 -------- d-----w- c:\program files\XMedia Recode
2010-02-12 19:26 . 2010-02-12 19:26 -------- d-----w- c:\users\utente\AppData\Roaming\FreeVideoConverter
2010-02-12 14:24 . 2010-02-12 14:24 -------- d-----w- c:\users\utente\AppData\Local\Apps
2010-02-11 13:49 . 2010-02-11 13:49 -------- d-----w- c:\program files\JRE
2010-02-11 13:43 . 2010-02-11 13:43 -------- d-----w- c:\program files\Common Files\Java
2010-02-10 05:34 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 05:34 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 05:34 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 05:34 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 08:32 . 2009-12-09 16:31 20992 ----a-w- c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\pe75m728.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-02-07 07:01 . 2010-02-07 07:01 -------- d-----w- c:\program files\Duplicate Cleaner
2010-02-05 15:18 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 15:18 . 2010-02-05 15:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 15:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 07:21 . 2010-03-05 09:31 -------- d-----w- c:\users\utente\AppData\Roaming\EssentialPIM Pro
2010-02-05 07:21 . 2010-02-05 08:24 -------- d-----w- c:\program files\EssentialPIM Pro
2010-02-05 07:20 . 2010-02-05 16:34 -------- d-----w- c:\users\utente\AppData\Local\xplocalClient
2010-02-05 07:20 . 2010-02-05 07:20 -------- d-----w- c:\users\utente\AppData\Roaming\ntstream97
2010-02-04 05:13 . 2010-02-04 05:13 49152 ----a-w- c:\users\utente\AppData\Roaming\ntstream97\ntstream97.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 16:11 . 2006-11-06 01:52 676876 ----a-w- c:\windows\system32\perfh010.dat
2010-03-05 16:11 . 2006-11-06 01:52 124992 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 16:03 . 2008-05-02 06:15 497981 ----a-w- c:\windows\system32\drivers\stwrte.log
2010-03-05 15:39 . 2009-07-27 08:36 -------- d-----w- c:\users\utente\AppData\Roaming\uTorrent
2010-03-05 08:59 . 2008-05-14 05:35 -------- d-----w- c:\programdata\Google Updater
2010-03-02 09:32 . 2010-02-01 17:14 -------- d-----w- c:\users\utente\AppData\Roaming\vlc
2010-02-26 09:00 . 2009-04-12 08:38 -------- d-----w- c:\program files\Windows Live
2010-02-26 06:45 . 2007-10-26 13:35 -------- d-----w- c:\program files\CCleaner
2010-02-25 16:28 . 2007-12-27 08:25 -------- d-----w- c:\users\utente\AppData\Roaming\Vso
2010-02-25 08:22 . 2008-10-02 06:34 -------- d-----w- c:\users\utente\AppData\Roaming\GlarySoft
2010-02-24 07:32 . 2007-10-23 10:19 116288 ----a-w- c:\users\utente\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-19 08:48 . 2009-05-26 06:04 -------- d-----w- c:\users\utente\AppData\Roaming\WIPE
2010-02-19 07:04 . 2008-10-31 05:21 -------- d-----w- c:\program files\Glary Utilities
2010-02-18 19:16 . 2008-07-13 15:58 -------- d-----w- c:\programdata\Lavasoft
2010-02-18 17:09 . 2009-10-28 09:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-18 16:16 . 2010-01-03 07:01 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2010-02-18 08:06 . 2007-12-27 08:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-18 08:06 . 2007-12-27 08:25 47360 ----a-w- c:\users\utente\AppData\Roaming\pcouffin.sys
2010-02-18 08:06 . 2007-12-27 08:25 47360 ----a-w- c:\users\utente\AppData\Roaming\pcouffin.sys
2010-02-14 08:40 . 2008-10-14 05:20 1 ----a-w- c:\users\utente\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-13 06:37 . 2009-04-13 08:29 -------- d-----w- c:\program files\Free Video Converter
2010-02-12 13:31 . 2008-11-25 06:54 -------- d-----w- c:\program files\FormatFactory
2010-02-12 06:41 . 2008-10-17 06:06 -------- d-----w- c:\program files\Siw
2010-02-11 13:51 . 2008-10-14 05:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-11 13:42 . 2009-02-04 07:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-10 19:16 . 2009-07-23 16:08 -------- d-----w- c:\program files\BurnAware Free
2010-02-10 07:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 06:20 . 2007-10-26 06:45 -------- d-----w- c:\program files\Google
2010-02-06 08:14 . 2008-01-20 15:07 -------- d-----w- c:\program files\Auslogics
2010-02-05 07:19 . 2008-04-21 06:34 -------- d-----w- c:\users\utente\AppData\Roaming\EssentialPIM
2010-02-05 06:54 . 2008-10-03 05:42 -------- d-----w- c:\program files\uTorrent
2010-02-04 19:14 . 2008-04-22 05:45 -------- d-----w- c:\program files\Mozilla Sunbird
2010-02-04 08:40 . 2008-04-21 07:51 -------- d-----w- c:\program files\Unforgiven Organizer
2010-02-02 06:44 . 2010-02-02 06:44 -------- d-----w- c:\users\utente\AppData\Roaming\Canneverbe Limited
2010-02-02 06:44 . 2009-07-23 16:10 -------- d-----w- c:\program files\CDBurnerXP
2010-02-01 16:54 . 2010-01-15 16:26 -------- d-----w- c:\users\utente\AppData\Roaming\Nero
2010-01-31 06:11 . 2010-01-31 06:07 -------- d-----w- c:\program files\Rainlendar2
2010-01-28 07:21 . 2010-01-28 07:21 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-01-28 07:21 . 2010-01-28 07:21 -------- d-----w- c:\program files\Nitro PDF
2010-01-25 06:38 . 2009-09-15 14:41 -------- d-----w- c:\users\utente\AppData\Roaming\ZipGenius
2010-01-25 06:38 . 2009-09-15 14:41 -------- d-----w- c:\program files\ZipGenius 6
2010-01-21 09:38 . 2010-01-02 07:43 -------- d-----w- c:\program files\dvdSanta
2010-01-20 18:51 . 2008-03-02 06:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 09:53 . 2009-12-12 09:02 -------- d-----w- c:\users\utente\AppData\Roaming\Spider Player
2010-01-16 13:39 . 2010-01-16 13:39 -------- d-----w- c:\programdata\TomTom
2010-01-16 13:39 . 2010-01-16 13:39 -------- d-----w- c:\program files\TomTom International B.V
2010-01-16 13:38 . 2010-01-16 13:38 -------- d-----w- c:\program files\TomTom HOME 2
2010-01-16 13:35 . 2010-01-16 13:35 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-01-16 08:30 . 2010-01-16 08:30 -------- d-----w- c:\users\utente\AppData\Roaming\NeroDigital(TM)
2010-01-15 16:25 . 2010-01-15 16:11 -------- d-----w- c:\program files\Common Files\Nero
2010-01-15 16:19 . 2010-01-15 16:11 -------- d-----w- c:\program files\Nero
2010-01-15 16:15 . 2009-08-07 15:48 -------- d-----w- c:\programdata\Nero
2010-01-15 16:10 . 2010-01-15 16:10 -------- d-----w- c:\program files\Common Files\LightScribe
2010-01-15 10:42 . 2009-05-23 14:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-15 09:46 . 2008-10-17 08:39 -------- d-----w- c:\programdata\LightScribe
2010-01-14 09:55 . 2008-07-25 07:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 10:48 . 2009-02-03 08:58 -------- d-----w- c:\users\utente\AppData\Roaming\dvdcss
2010-01-12 07:12 . 2010-01-12 07:12 -------- d-----w- c:\program files\Avidemux 2.5
2010-01-06 15:38 . 2010-02-24 05:30 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 05:30 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 05:30 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 05:30 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-05 16:11 . 2010-01-05 16:11 -------- d-----w- c:\program files\Ultra AVI Converter
2010-01-05 07:51 . 2010-01-05 07:51 -------- d-----w- c:\programdata\WindowsSearch
2010-01-02 06:38 . 2010-01-22 05:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 05:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 05:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 05:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 15:31 . 2009-12-23 15:31 4403427 ----a-w- c:\windows\x32dett.exe
2009-12-08 20:01 . 2010-02-10 05:29 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-10 05:29 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-05-19 09:00 . 2008-09-16 07:42 72 --sh--w- c:\windows\S40400E79.tmp
2009-08-27 07:23 . 2009-08-27 07:23 23 --sha-w- c:\windows\System32\edacded0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0EEBD03-8F6D-40B6-B42D-8E0858CC57AA}]
2010-03-01 19:02 44032 ----a-w- c:\windows\System32\wtzrg6.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 68856]
"EssentialPIM Pro"="c:\program files\EssentialPIM Pro\EssentialPIM.exe" [2010-02-03 5500416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2008-10-02 32768]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-08-22 1348224]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-08-22 136472]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-02-26 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-02-26 13:24 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-01-07 15:07 429392 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-02-25 07:36 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-02-25 21:26 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a7,14,80,e7,1f,fa,c9,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-19 722416]
R2 gupdate1c985e0b89f4580;Google Update Service (gupdate1c985e0b89f4580);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-20 333192]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-10 360584]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/20 16:17];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 87536]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-10-20 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-10-20 285392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-18 1229232]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-06-12 184320]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-08-22 431384]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B7D846A0-FE32-4A86-A032-1431F9258471}]
2010-03-01 19:02 44032 ----a-w- c:\windows\System32\wtzrg6.dll
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-31 18:44]
2010-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-26 13:24]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 09:20]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 09:20]
2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{DF6869C6-186E-4AF5-88F0-231404B239B9}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/nwshp?hl=it&tab=wn
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutti i video usando BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Scarica tutto usando BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Scarica usando &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\pe75m728.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://news.google.it/nwshp?hl=it&tab=wn
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{09fa6977-1531-d674-351c-dd0db665bf90}\components\G__--4q.dll
FF - component: c:\users\utente\AppData\Roaming\Lamantine\Sticky Password\spautofill\components\SPAutofill.dll
FF - component: c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\pe75m728.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
FF - plugin: c:\program files\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCS6.dll
FF - plugin: c:\program files\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSPB6.dll
FF - plugin: c:\program files\Earth Resource Mapping\Image Web Server\Firefox Plug-in\NP_NCSTB6.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
Notify-zzrp97 - zzrp97.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
ActiveSetup-{E487E1F1-EED4-4F2A-8B9E-B83A9C30C898} - kkowswiv.dll
AddRemove-HaCKeR - c:\program files\HaCKeR\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-05 17:17
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3786069412-3332230058-886972824-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C3F8D823-789B-8843-2F44-28EBA37F6BE1}*]
@Allowed: (Read) (RestrictedCode)
"kalmfdladeobaahjleehnd"=hex:67,61,6c,6d,63,64,63,63,6c,6d,70,68,69,6f,00,00
"kalmfdladeobaahjleehae"=hex:66,61,6f,67,70,6f,64,69,6e,67,61,68,00,6f
"malnjcbgknmollmmbhmflopgpd"=hex:62,61,69,6e,00,94
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2010-03-05 17:20:53
ComboFix-quarantined-files.txt 2010-03-05 16:20
Pre-Run: 172.379.308.032 byte disponibili
Post-Run: 172.699.918.336 byte disponibili
- - End Of File - - 1B596ECFEDC9EAC09AA6186213957203
Ciao
