ComboFix 10-02-28.03 - Administrator 02/03/2010 9.37.10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1717 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\ESET
c:\programmi\ESET\ESET Online Scanner\esets_apiA.dll
c:\programmi\ESET\ESET Online Scanner\esets_apiW.dll
c:\programmi\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\programmi\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\programmi\ESET\ESET Online Scanner\log.txt
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod10C2.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod1EB8.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod2195.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod3CD5.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod3F6B.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4B25.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4BFF.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod4E41.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod597C.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5AE1.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod5BDD.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6260.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod67F5.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B4E.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod70BA.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\nod7161.nup
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\programmi\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\programmi\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\programmi\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\programmi\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\programmi\ESET\ESET Online Scanner\OnlineScanner.inf
c:\programmi\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\programmi\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\programmi\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\programmi\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\programmi\ESET\ESET Online Scanner\unicows.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-02-02 al 2010-03-02 )))))))))))))))))))))))))))))))))))
.
2010-03-01 11:59 . 2004-08-03 22:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2010-03-01 11:59 . 2004-08-03 22:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-02-28 10:02 . 2010-02-28 10:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Canneverbe Limited
2010-02-28 10:01 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-28 10:01 . 2010-02-28 10:01 -------- d-----w- c:\programmi\CDBurnerXP
2010-02-27 11:24 . 2010-02-27 11:24 -------- d-----w- c:\programmi\Innovative Solutions
2010-02-27 10:48 . 2010-02-27 10:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit Software
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2010-02-27 10:35 . 2010-02-27 10:35 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Innovative Solutions
2010-02-27 09:23 . 2010-03-01 16:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AIMP
2010-02-27 09:23 . 2010-02-27 09:23 -------- d-----w- c:\programmi\AIMP2
2010-02-26 18:19 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-02-26 16:48 . 2010-03-01 17:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\KeePass
2010-02-26 16:34 . 2010-02-26 16:34 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-26 16:34 . 2010-02-28 10:33 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-26 16:33 . 2010-02-26 16:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2010-02-26 16:12 . 2010-02-26 16:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-02-26 11:39 . 2002-08-29 18:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-26 11:39 . 2010-02-26 11:40 -------- d-----w- c:\programmi\PIXresizer
2010-02-26 11:39 . 2000-05-01 22:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2010-02-26 10:30 . 2010-03-01 15:02 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-26 10:30 . 2010-02-26 10:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-26 10:29 . 2010-03-01 16:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\programmi\File comuni\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----r- c:\programmi\Skype
2010-02-26 10:29 . 2010-02-26 10:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-02-26 10:24 . 2010-02-26 10:24 -------- d-----w- c:\windows\Sun
2010-02-26 09:58 . 2010-02-26 09:58 -------- d-----w- c:\programmi\MSECache
2010-02-26 09:41 . 2010-03-01 14:59 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\BitTorrent
2010-02-26 09:41 . 2010-02-26 09:41 -------- d-----w- c:\programmi\BitTorrent
2010-02-23 21:42 . 2010-02-23 21:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-23 21:41 . 2004-08-19 14:39 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-02-23 21:30 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-02-23 21:30 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-23 21:30 . 2006-11-15 10:38 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-02-23 21:30 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-02-23 21:30 . 2006-09-28 15:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-02-23 21:30 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-02-23 21:30 . 2006-07-28 08:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-02-23 21:18 . 2010-02-23 21:18 -------- d-----w- c:\programmi\Alcohol Soft
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-23 19:45 . 2010-02-23 19:45 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-23 19:43 . 2010-02-23 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-23 19:35 . 2010-02-24 21:45 -------- d-----w- c:\windows\ie8updates
2010-02-23 19:31 . 2010-02-23 19:34 -------- dc-h--w- c:\windows\ie8
2010-02-23 19:31 . 2010-02-23 19:33 -------- d-----w- c:\windows\system32\it-IT
2010-02-23 19:28 . 2010-02-23 19:28 -------- d-----w- c:\programmi\KeePass Password Safe 2
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-22 21:04 . 2010-02-22 21:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-22 21:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-22 20:20 . 2010-02-27 08:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2010-02-22 20:12 . 2010-02-22 20:12 -------- d-----w- c:\windows\SHELLNEW
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft Works
2010-02-22 20:09 . 2010-02-22 20:09 -------- d-----w- c:\programmi\Microsoft.NET
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-22 20:07 . 2010-02-22 20:07 -------- d-----r- C:\MSOCache
2010-02-22 19:49 . 2010-02-22 19:49 6868368 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip7_52.exe
2010-02-22 19:49 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Estsoft
2010-02-22 19:48 . 2010-02-23 20:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-22 19:48 . 2010-02-22 19:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-02-22 19:48 . 2010-02-26 11:40 -------- d-----w- c:\programmi\QT Lite
2010-02-22 19:40 . 2010-02-22 19:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESTsoft
2010-02-22 19:40 . 2010-02-22 19:40 -------- d-----w- c:\programmi\ESTsoft
2010-02-22 19:37 . 2010-02-22 19:37 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcp71.dll
2010-02-22 19:37 . 2010-02-22 19:37 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\jmc.dll
2010-02-22 19:37 . 2010-02-22 19:37 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-717b275f-n\msvcr71.dll
2010-02-22 19:37 . 2010-02-22 19:37 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-sse.dll
2010-02-22 19:37 . 2010-02-22 19:37 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-32dde739-n\decora-d3d.dll
2010-02-22 18:07 . 2010-02-22 18:07 77312 ----a-w- C:\mbr.exe
2010-02-22 15:02 . 2010-02-22 15:02 -------- d-----w- c:\programmi\MSXML 6.0
2010-02-22 14:36 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-22 14:36 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-22 14:36 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-22 14:36 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-22 14:36 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-22 14:36 . 2009-12-21 19:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-22 14:36 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-22 14:32 . 2004-08-30 20:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-22 14:27 . 2010-02-22 14:27 -------- d-----w- c:\windows\ServicePackFiles
2010-02-22 14:04 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-22 14:04 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2010-02-22 14:03 . 2009-12-09 10:25 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-22 14:03 . 2009-12-09 10:24 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-22 14:03 . 2009-12-09 10:25 2184064 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-22 14:03 . 2009-12-09 10:24 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-22 13:49 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-22 13:49 . 2010-02-28 11:56 -------- d--h--w- c:\windows\$hf_mig$
2010-02-22 13:13 . 2010-02-22 13:13 -------- d-----w- c:\programmi\CCleaner
2010-02-21 21:39 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-21 21:28 . 2010-02-22 18:35 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-21 21:28 . 2010-02-21 21:28 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2010-02-21 21:27 . 2010-02-22 20:24 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-02-21 21:27 . 2010-02-21 21:27 -------- d-----w- c:\programmi\File comuni\Java
2010-02-21 21:27 . 2010-02-21 21:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 21:26 . 2010-02-21 21:26 -------- d-----w- c:\programmi\Java
2010-02-21 21:02 . 2003-08-05 13:23 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-02-21 21:02 . 2010-02-21 21:02 -------- d-----w- c:\programmi\C-Media 3D Audio
2010-02-21 21:02 . 2003-07-22 10:15 225280 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-02-21 21:02 . 2002-10-18 14:56 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-02-21 21:01 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-21 20:46 . 2010-02-27 18:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spider Player
2010-02-21 20:44 . 2010-02-28 09:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-02-21 20:43 . 2010-02-21 20:43 -------- d-----w- c:\programmi\VideoLAN
2010-02-21 19:56 . 2010-02-21 19:56 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:51 . 2010-02-21 19:51 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-23 19:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2010-02-21 19:50 . 2010-02-22 20:30 -------- d-----w- c:\programmi\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 11:59 . 2004-08-30 20:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-03-01 11:59 . 2004-08-30 20:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-02-26 18:19 . 2010-02-21 18:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-23 21:42 . 2010-02-23 21:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\programmi\KONAMI
2010-02-23 21:29 . 2010-02-23 21:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-22 20:57 . 2010-02-21 18:09 28568 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-22 16:42 . 2003-08-13 14:27 65280 ----a-w- c:\windows\system32\drivers\Rtlnic51.sys
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\MSBuild
2010-02-22 15:04 . 2010-02-22 15:04 -------- d-----w- c:\programmi\Reference Assemblies
2010-02-21 21:06 . 2010-02-21 18:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-21 21:06 . 2010-02-21 18:06 -------- d-----w- c:\programmi\Telecom Italia
2010-02-21 20:49 . 2010-02-21 17:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\programmi\Avira
2010-02-21 18:58 . 2010-02-21 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-21 18:55 . 2010-02-21 18:55 0 ----a-w- c:\windows\nsreg.dat
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\programmi\Foxit Software
2010-02-21 18:54 . 2010-02-21 18:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2010-02-21 18:50 . 2010-02-21 18:50 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ATI
2010-02-21 18:41 . 2010-02-21 18:41 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:40 10134 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}\ARPPRODUCTICON.exe
2010-02-21 18:40 . 2010-02-21 18:06 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-02-21 18:39 . 2010-02-21 18:39 9158 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{5399ACAF-7B15-43D5-9233-4E797B184FD2}\ARPPRODUCTICON.exe
2010-02-21 18:39 . 2010-02-21 18:39 -------- d-----w- c:\programmi\File comuni\ATI Technologies
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\File comuni\Motive
2010-02-21 18:07 . 2010-02-21 18:07 -------- d-----w- c:\programmi\Common Files
2010-02-21 18:07 . 2010-02-21 18:07 2232 ----a-w- c:\windows\java\Packages\Data\FVRFTVJ3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 155995 ----a-w- c:\windows\java\Packages\FN73XRZ3.ZIP
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\DBVZRP7F.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\2RJJ1BRL.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\JNF93BH3.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\FPZBHZNR.DAT
2010-02-21 18:07 . 2010-02-21 18:07 2678 ----a-w- c:\windows\java\Packages\Data\8DRHVDJ5.DAT
2010-02-21 17:51 . 2010-02-21 17:51 -------- d-----w- c:\programmi\microsoft frontpage
2010-02-21 17:50 . 2010-02-21 17:50 -------- d-----w- c:\programmi\Servizi in linea
2010-02-21 17:48 . 2010-02-21 17:48 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:14 . 2004-08-30 20:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-30 20:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:58 . 2010-02-21 17:47 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-30 20:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:24 . 2004-08-30 20:00 2139648 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:24 . 2004-08-19 15:34 2019328 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-30 20:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((
SnapShot@2010-03-01_11.07.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 08:43 . 2010-03-02 08:43 16384 c:\windows\temp\Perflib_Perfdata_618.dat
+ 2004-08-30 20:00 . 2010-03-01 11:59 67312 c:\windows\system32\perfc009.dat
- 2004-08-30 20:00 . 2010-02-24 17:48 67312 c:\windows\system32\perfc009.dat
+ 2010-02-21 20:42 . 2010-03-01 17:25 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2010-02-21 20:42 . 2010-02-21 20:42 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-01 11:58 . 2004-08-19 14:39 28672 c:\windows\system32\irmon.dll
+ 2010-03-01 11:58 . 2004-08-03 22:10 59648 c:\windows\system32\drivers\rfcomm.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 18944 c:\windows\system32\drivers\BTHUSB.SYS
+ 2010-03-01 11:58 . 2004-08-03 22:10 17024 c:\windows\system32\drivers\BthEnum.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 59648 c:\windows\system32\dllcache\rfcomm.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 28672 c:\windows\system32\dllcache\irmon.dll
+ 2010-03-01 11:58 . 2004-08-03 22:10 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2010-03-01 11:58 . 2004-08-03 22:10 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 8192 c:\windows\system32\wshirda.dll
+ 2010-03-01 11:58 . 2004-08-19 14:39 8192 c:\windows\system32\dllcache\wshirda.dll
+ 2004-08-30 20:00 . 2010-03-01 11:59 432356 c:\windows\system32\perfh009.dat
- 2004-08-30 20:00 . 2010-02-24 17:48 432356 c:\windows\system32\perfh009.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-01 11:58 . 2004-08-19 14:39 153600 c:\windows\system32\irftp.exe
+ 2010-03-01 11:58 . 2004-08-03 21:58 100992 c:\windows\system32\drivers\bthpan.sys
+ 2010-03-01 11:58 . 2004-08-19 14:39 153600 c:\windows\system32\dllcache\irftp.exe
+ 2010-03-01 11:58 . 2004-08-03 21:58 100992 c:\windows\system32\dllcache\bthpan.sys
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-30 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\programmi\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\programmi\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-01-11 12:59 9068960 ----a-w- c:\programmi\Innovative Solutions\DriverMax\devices.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-21 19:50 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/02/2010 20.48.46 691696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10.15.58 66632]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [21/02/2010 22.06.35 8192]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt --> c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10.15.58 12872]
S4 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [21/02/2010 20.50.59 135664]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]
2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-21 19:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\rs3k6l1a.default\
FF - prefs.js: browser.startup.homepage -
www.google.itFF - plugin: c:\programmi\Common Files\Motive\npMotive.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-ESET Online Scanner - c:\programmi\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Administrator\Desktop\Programmi\everestultimate_build_2034\kerneld.wnt"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\rundll32.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-02 09:46:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-02 08:46
ComboFix2.txt 2010-03-01 11:08
Pre-Run: 170.560.331.776 byte disponibili
Post-Run: 170.585.202.688 byte disponibili
- - End Of File - - 3C97988FB1C996614CDA7DFD9CFD0595
