Eccolo:
ComboFix 10-03-13.03 - Gianpaolo 14/03/2010 13.05.00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1088 [GMT 1:00]
Eseguito da: h:\downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100313-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\SeekappSrch
c:\documents and settings\All Users\Menu Avvio\Programmi\PC-Optimizer
c:\documents and settings\All Users\Menu Avvio\Programmi\PC-Optimizer\Disinstalla.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\PC-Optimizer\PC-Optimizer.lnk
c:\documents and settings\Gianpaolo\Dati applicazioni\inst.exe
c:\programmi\Extension Changer\extmain.exe
c:\programmi\Internet Explorer\SET43.tmp
c:\programmi\Internet Explorer\SET44.tmp
c:\programmi\Internet Explorer\SET46.tmp
c:\programmi\PCOptimizer
c:\programmi\Search Settings
c:\programmi\Search Settings\kb127\SearchSettings.dll
c:\programmi\Search Settings\kb127\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\SeekappSrch
c:\programmi\SeekappSrch\uninstall.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\dmm2spm
c:\windows\winupdates.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-02-14 al 2010-03-14 )))))))))))))))))))))))))))))))))))
.
2010-03-06 14:50 . 2010-03-06 14:50 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-04 09:46 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\Gianpaolo\Dati applicazioni\Simply Super Software\Trojan Remover\utw2C.exe
2010-03-04 09:43 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-04 09:43 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-04 09:43 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-04 09:43 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-04 09:43 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-04 09:43 . 2010-03-04 09:43 -------- d-----w- c:\programmi\Trojan Remover
2010-03-04 09:43 . 2010-03-04 09:43 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2010-03-04 09:43 . 2010-03-04 09:43 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\Simply Super Software
2010-02-23 12:14 . 2010-01-21 16:12 52224 ----a-w- c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2010-02-23 12:14 . 2010-01-21 16:12 101376 ----a-w- c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\RadioWMPCore.dll
2010-02-16 22:14 . 2010-02-16 22:14 -------- dc----w- C:\Restoration
2010-02-16 22:01 . 2010-02-16 22:01 -------- d-----w- c:\programmi\Smart PC Solutions
2010-02-16 21:53 . 2010-02-16 21:53 -------- d-----w- c:\programmi\PC Inspector File Recovery
2010-02-16 16:15 . 2010-02-16 16:15 -------- d-----w- c:\programmi\SnadBoy's Revelation v2
2010-02-15 13:50 . 2010-02-15 13:50 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2010-02-15 13:50 . 2010-02-15 13:50 -------- d-----w- c:\programmi\DVDVideoSoft
2010-02-15 13:32 . 2010-02-26 13:37 -------- d-----w- c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Temp
2010-02-15 13:32 . 2010-02-15 13:32 -------- d-----w- c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Deployment
2010-02-15 13:14 . 2010-02-15 13:14 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\Malwarebytes
2010-02-15 13:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 13:14 . 2010-03-09 13:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-15 13:14 . 2010-02-15 13:14 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-15 13:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 12:26 . 2010-02-13 12:26 -------- d-sh--w- c:\documents and settings\Gianpaolo\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 12:23 . 2008-03-19 15:50 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\DNA
2010-03-14 12:15 . 2008-10-22 19:18 -------- d-----w- c:\programmi\Extension Changer
2010-03-14 11:53 . 2008-09-28 10:12 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\Orbit
2010-03-14 09:53 . 2008-03-19 15:50 -------- d-----w- c:\programmi\DNA
2010-03-14 09:53 . 2006-12-29 15:33 593 --sha-w- c:\windows\system32\mmf.sys
2010-03-09 21:28 . 2007-09-03 17:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-04 10:49 . 2005-10-31 16:06 109664 ----a-w- c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-04 10:32 . 2009-11-07 16:30 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-04 09:52 . 2009-11-07 16:30 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-04 09:47 . 2007-05-27 11:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-01 20:10 . 2007-07-27 17:13 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\Audacity
2010-02-27 17:09 . 2007-06-21 15:28 -------- d-----w- c:\documents and settings\Gianpaolo\Dati applicazioni\LimeWire
2010-02-26 12:49 . 2009-11-20 16:50 79488 ----a-w- c:\documents and settings\Gianpaolo\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-20 12:25 . 2008-05-17 13:13 921632 -c--a-w- C:\PA7311.DAT
2010-02-16 21:53 . 2005-09-25 12:32 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-15 13:26 . 2009-09-27 11:10 71084 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-01 20:59 . 2010-02-01 20:59 -------- d-----w- c:\programmi\SpeedBit Video Accelerator
2010-01-25 12:14 . 2009-09-19 12:28 -------- d-----w- c:\programmi\eMule
2010-01-25 12:13 . 2008-10-02 11:30 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-01-25 12:13 . 2008-10-02 11:30 -------- d-----w- c:\programmi\AVS4YOU
2010-01-22 17:04 . 2009-06-05 20:32 -------- d-----w- c:\programmi\Any Video Converter
2010-01-20 17:30 . 2010-01-20 17:30 -------- d-----w- c:\programmi\MP3Wave
2010-01-20 10:12 . 2010-01-20 10:12 152576 ----a-w- c:\documents and settings\Gianpaolo\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-13 20:21 . 2010-01-13 20:21 -------- d-----w- c:\programmi\SHOUTcast Radio Toolbar
2010-01-13 20:21 . 2010-01-13 20:21 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\SHOUTcast Radio Toolbar
2010-01-13 20:17 . 2010-01-13 20:17 -------- d-----w- c:\programmi\Winamp Toolbar
2010-01-13 20:17 . 2007-11-30 17:41 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar
2009-12-25 10:44 . 2009-12-20 12:40 79488 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 19:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 12:34 . 2005-09-23 15:15 106832 -c--a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-07-30 10:23 . 2007-07-30 10:23 215 -c--a-w- c:\programmi\2MK484A7.bat
2007-02-22 15:35 . 2007-02-22 15:35 54 -c--a-w- c:\programmi\inc1.bat
2007-02-22 15:35 . 2007-02-22 15:35 41 -c--a-w- c:\programmi\sleep.bat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\programmi\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programmi\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\programmi\Freecorder\tbFre1.dll" [2010-02-16 2349080]
[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-02-16 16:14 2349080 ----a-w- c:\programmi\Freecorder\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2010-02-15 11:36 2349080 ----a-w- c:\programmi\Softonic_Italia\tbSof0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\programmi\Freecorder\tbFre1.dll" [2010-02-16 2349080]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2010-02-15 2349080]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\programmi\Freecorder\tbFre1.dll" [2010-02-16 2349080]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\programmi\Softonic_Italia\tbSof0.dll" [2010-02-15 2349080]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-11-13 323392]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"SpeedBitVideoAccelerator"="c:\programmi\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-02-01 1590888]
"Google Update"="c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-02-15 135664]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"PWRISOVM.EXE"="h:\programmi\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"LifeChat"="c:\programmi\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="H:\PDVDServ.exe" [2003-11-30 32768]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TrojanScanner"="c:\programmi\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Gianpaolo\Menu Avvio\Programmi\Esecuzione automatica\
Rainlendar.lnk - c:\programmi\Rainlendar\Rainlendar.exe [2004-5-9 40960]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Gianpaolo^Menu Avvio^Programmi^Esecuzione automatica^Morpheus.lnk]
path=c:\documents and settings\Gianpaolo\Menu Avvio\Programmi\Esecuzione automatica\Morpheus.lnk
backup=c:\windows\pss\Morpheus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-06-11 17:23 1217784 ----a-w- h:\programmi\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitTorrent_DNA\\dna.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"h:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"h:\\Programmi\\Programs\\RM.exe"=
"h:\\Programmi\\Programs\\umi.exe"=
"h:\\Programmi\\Programs\\VideoSpin.exe"=
"h:\\Programmi\\LimeWire\\LimeWire.exe"=
"h:\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"h:\\web radio\\SHOUTcast\\sc_serv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"58177:TCP"= 58177:TCP:Pando P2P TCP Listening Port
"58177:UDP"= 58177:UDP:Pando P2P UDP Listening Port
"58061:TCP"= 58061:TCP:Pando P2P TCP Listening Port
"58061:UDP"= 58061:UDP:Pando P2P UDP Listening Port
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [02/02/2006 15.57.34 5248]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [05/09/2003 9.25.14 77056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/02/2010 14.20.40 114768]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21.24.54 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21.24.52 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/02/2010 14.20.40 20560]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21.24.56 7408]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21/04/2007 15.15.42 9344]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/06/2008 19.05.30 721904]
S0 suoar;suoar;c:\windows\system32\drivers\nvimdve.sys --> c:\windows\system32\drivers\nvimdve.sys [?]
S0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [02/02/2006 15.57.34 159616]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [29/12/2006 16.33.34 2560]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S2 systaccpp;Gestione Sistema MultiUtenza; [x]
S2 vcs;vcs;\??\c:\documents and settings\Gianpaolo\Desktop\Programmi Musica\AV VCS 3.0\vcs.sys --> c:\documents and settings\Gianpaolo\Desktop\Programmi Musica\AV VCS 3.0\vcs.sys [?]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe --> c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [19/05/2008 13.02.08 49399]
S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14/03/2007 9.57.56 449024]
S3 PavSRK.sys;PavSRK.sys; [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S4 Mamfs1id;Mamfs1id; [x]
S4 SeekappSrch Service;SeekappSrch Service;"c:\documents and settings\All Users\Dati applicazioni\SeekappSrch\seekapp165.exe" "c:\programmi\SeekappSrch\seekapp.dll" Service --> c:\documents and settings\All Users\Dati applicazioni\SeekappSrch\seekapp165.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1004336348-839522115-1004Core.job
- c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-15 13:32]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-1004336348-839522115-1004UA.job
- c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-15 13:32]
2008-09-11 c:\windows\Tasks\LifeChatTask.job
- c:\programmi\Microsoft LifeChat\LifeChat.exe [2008-08-21 09:16]
.
.
------- Scansione supplementare -------
.
uStart Page =
www.google.ituDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCzed008YYIT_ZC&fl=0&ptb=bPMUjqhLdD1Q6WS6SWr.UA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:9876
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download by Orbit - h:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - h:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: &SHOUTcast Search - c:\documents and settings\All Users\Dati applicazioni\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Search - c:\documents and settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Do&wnload selected by Orbit - h:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - h:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: Download with &Shareaza - c:\programmi\shareaza\razawebhook32.dll/3000
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Gianpaolo\Dati applicazioni\Mozilla\Firefox\Profiles\x53vrv78.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Gianpaolo\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-VeohPlugin - c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
HKLM-Run-RAM Idle - c:\programmi\Customizer XP\RAM_2K.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-BearShare - c:\programmi\BearShare\BearShare.exe
AddRemove-AdVantage_DAEM - c:\programmi\AdVantage\AdVUninst.exe
AddRemove-caotica2 release 23b - c:\audio\caotica2\UNWISE.EXE
AddRemove-Convert Image_is1 - c:\programmi\Softinterface
AddRemove-CoverCreator_is1 - c:\programmi\René Slijkhuis\CoverCreator\unins000.exe
AddRemove-Disney's Extremely Goofy Skateboarding Preview - c:\progra~2\DISNEY~1\EXTREM~1\DeIsL1.isu
AddRemove-Easy Gif Animator Extension - c:\windows\EasyGifAnimator_Toolbar_Uninstaller_9781.exe
AddRemove-Firebird SQL Server UK - c:\programmi\MAGIX\Common\Database\uninstall.exe
AddRemove-Firebird SQL Server US - c:\programmi\MAGIX\Common\Database\unwise.exe
AddRemove-InterCampione_200607-SerieATIM - c:\windows\ss3unstl.exe
AddRemove-inter_screensaver2006-07a - c:\windows\ss3unstl.exe
AddRemove-MAGIX Music Maker Basic Edition UK - c:\programmi\MAGIX\MusicMakerBasicEdition\instslct.exe
AddRemove-Monopoly v2.00.101 Crack - By Maggot Brain - c:\docume~1\GIANPA~1\IMPOST~1\Temp\Rar$EX01.390\_PCGAM~1\UNWISE.EXE
AddRemove-SeekappSrch - c:\programmi\SeekappSrch\uninstall.exe
AddRemove-Veoh Web Player Beta - c:\programmi\Veoh Networks\VeohWebPlayer\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-14 13:23
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\docume~1\GIANPA~1\IMPOST~1\Temp\catchme.dll 53248 bytes executable
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1229272821-1004336348-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0734910-DB8D-2C81-594D-3C898F13A98F}*]
"ianmlapnelabglmamk"=hex:6b,61,61,61,64,6e,62,61,6d,62,6c,62,63,63,70,66,68,62,
6f,6d,62,64,00,7c
"hadnbipimgemafmb"=hex:6b,61,62,61,6a,6a,66,70,68,68,65,6f,65,6d,67,70,6e,6f,
6a,68,66,69,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5782cff3-e8ae-46f2-85a7-614325df9384}]
@Denied: (Full) (Everyone)
"Model"=dword:000000bf
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):36,b1,fe,34,ae,25,4c,11,e5,6a,42,12,38,5e,82,bb,00,06,74,af,09,
ef,69,60,ca,93,86,c3,78,79,0a,a7,a6,4e,a6,5b,14,65,5e,f7,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,45,46,ce,0e,bb,86,02,74,7d,9b,9f,1a,3e,22,49,
5f,dd,6f,ce,70,6a,f9,1b,76,0f,42,4f,1f,7b,3e,c8,56,60,67,3c,e1,44,59,a2,d3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(872)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\programmi\SpeedBit Video Accelerator\ConfigDB.dll
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\programmi\Bonjour\mdnsNSP.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
.
Ora fine scansione: 2010-03-14 13:29:41
ComboFix-quarantined-files.txt 2010-03-14 12:29
Pre-Run: 4.357.287.936 byte disponibili
Post-Run: 9.978.929.152 byte disponibili
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 53977A8A3B08B71D9F477D50DEBB363C
