log combofix
ComboFix 09-11-11.02 - Maupilio 05/03/2010 18.05.31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.533 [GMT 1:00]
Eseguito da: c:\documents and settings\Maupilio\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\QUAD Utilities
c:\programmi\webserver
.
((((((((((((((((((((((((( Files Creati Da 2010-02-05 al 2010-03-05 )))))))))))))))))))))))))))))))))))
.
2010-03-05 15:57 . 2010-03-05 15:57 -------- d-----w- c:\programmi\Trend Micro
2010-03-05 05:07 . 2010-03-05 05:07 1187 ----a-w- C:\FindyKill_Upload_Me_PACKARD-963D634.zip
2010-03-05 04:32 . 2010-03-05 05:07 -------- d-----w- C:\FyK
2010-03-05 00:00 . 2010-03-05 00:00 -------- d-----w- c:\programmi\ClearApps
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-03-05 05:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-04 23:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-04 16:58 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 16:58 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 16:58 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 16:58 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 16:58 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 16:58 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 16:58 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 16:58 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 16:58 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\programmi\Alwil Software
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-04 16:48 . 2010-03-05 15:33 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-04 15:56 . 2010-03-04 15:56 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267718132.exe
2010-03-04 13:50 . 2010-03-04 13:50 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267710620.exe
2010-03-04 03:19 . 2010-03-04 03:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267672752.exe
2010-03-04 03:07 . 2009-11-20 21:19 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-03-04 03:07 . 2009-11-20 21:18 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-03-04 03:07 . 2009-11-20 21:18 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-03-04 03:07 . 2010-03-04 16:34 -------- d-----w- c:\windows\rnapxs
2010-03-04 02:38 . 2010-03-04 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-04 02:30 . 2010-03-04 02:30 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267669816.exe
2010-03-04 02:14 . 2010-03-04 02:14 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-03-04 02:10 . 2010-03-04 02:28 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-04 02:10 . 2010-03-04 02:28 215072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 01:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic Anti-Virus PLUS
2010-03-04 01:36 . 2010-03-04 01:36 -------- d-----w- c:\programmi\CCleaner
2010-03-04 01:19 . 2010-03-04 01:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267665564.exe
2010-03-03 22:52 . 2010-03-03 22:52 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656758.exe
2010-03-03 22:42 . 2010-03-03 22:42 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656129.exe
2010-03-03 22:33 . 2010-03-03 22:33 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267655620.exe
2010-03-03 20:44 . 2010-03-03 20:44 67072 ---h--w- c:\windows\bill103.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 17:03 . 2008-11-10 17:54 94550 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 17:03 . 2008-11-10 17:54 517008 ----a-w- c:\windows\system32\perfh010.dat
2010-03-05 00:14 . 2009-03-06 17:05 93808 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-04 16:33 . 2010-03-04 12:30 62668 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-03-04 16:26 . 2008-11-10 10:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-04 02:29 . 2009-06-07 17:31 -------- d-----w- c:\programmi\File comuni\Panda Security
2010-03-04 02:28 . 2010-03-04 02:10 5000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-04 02:28 . 2010-03-04 02:10 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-04 02:26 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Panda Security
2010-03-01 08:13 . 2008-11-10 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-19 17:47 . 2009-04-27 16:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2008-11-10 17:54 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2008-11-10 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-11-10 10:10 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-10 17:53 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-13 18:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 11:49 . 2009-12-08 07:54 52224 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-12-06 11:49 . 2009-12-08 07:54 114688 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-08-18 817672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"53:TCP"= 53:TCP:webserver
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/03/2010 17.58.29 162512]
R1 o6ko;ML Display Class Docfile Intel;c:\windows\system32\drivers\o6ko.sys [22/05/2007 9.53.35 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/03/2010 17.58.30 19024]
R2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [06/03/2009 17.49.06 24576]
R2 srvoko6;Security List Class Service Secondary OpcEnum Fonts Control;c:\windows\system32\svchost.exe -k netsvc6 [10/11/2008 18.54.01 14336]
R3 M3000Srv;WebCam;c:\windows\system32\drivers\M3000KNT.sys [06/03/2009 17.44.25 151936]
S2 gupdate1c9b33ed0c5fbb0;Servizio di Google Update (gupdate1c9b33ed0c5fbb0);c:\programmi\Google\Update\GoogleUpdate.exe [02/04/2009 3.57.50 133104]
S2 piaservice;Network Inventory Advisor Service by ClearApps Software;c:\programmi\ClearApps\Network Inventory Advisor\piaservice.exe [09/02/2010 20.09.38 617472]
S2 SSPORT;SSPORT; [x]
S2 webserver;webserver;c:\programmi\webserver\webserver.exe --> c:\programmi\webserver\webserver.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [10/11/2008 11.40.00 94608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/03/2010 0.28.45 38224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2009 8.15.40 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2009 8.15.41 8320]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [28/05/2009 11.20.49 127656]
S4 SBAMSvc;SBAMSvc;"c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe" --> c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe [?]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvc6 REG_MULTI_SZ srvoko6
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fce33b3-0fed-11de-9bc1-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14582e27-5f6b-11de-9d82-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f08-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f0b-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7efce8-7d3f-11de-9dc2-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b37c306-4aed-11de-9d1d-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a80-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a81-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dfbb18-4aef-11de-9d1e-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d6-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d9-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b4-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b5-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91125da8-620f-11de-9d8f-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fde-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fdf-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a72886-61a3-11de-9d8d-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9121836-4a26-11de-9d14-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c322-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c325-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f2-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f3-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f237f8cf-0da1-11de-9b9a-00234e154f00}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92da94-4a2a-11de-9d15-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]
2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006Core.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006UA.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]
2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{EBA7AF35-4781-4E0E-92E0-6E4104639CA0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1701838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_Italia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1701838&SearchSource=13
FF - component: c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-{4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
Notify-avldr - avldr.dll
SafeBoot-PskSvcRetail
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-05 18:06
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-03-05 18.10.10
ComboFix-quarantined-files.txt 2010-03-05 17:10
Pre-Run: 53.592.195.072 byte disponibili
Post-Run: 54.204.788.736 byte disponibili
- - End Of File - - 11533E9CD8E4BA1A9B0202EA44535DCA