ComboFix 10-03-14.01 - Riccardo 14/03/2010 20.41.45.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3327.2763 [GMT 1:00]
Eseguito da: c:\documents and settings\Riccardo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Files Creati Da 2010-02-14 al 2010-03-14 )))))))))))))))))))))))))))))))))))
.
2010-03-13 18:48 . 2010-03-13 18:48 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\Malwarebytes
2010-03-13 18:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 18:48 . 2010-03-13 18:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-13 18:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 14:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-13 10:39 . 2010-03-13 10:39 156160 ----a-w- c:\windows\Jhecoa.exe
2010-03-11 07:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 17:51 . 2008-10-20 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-03-14 17:33 . 2009-09-21 19:25 -------- d-----w- c:\documents and settings\Riccardo\Dati applicazioni\vlc
2010-02-24 23:37 . 2009-06-25 16:48 -------- d-----w- c:\programmi\Creative
2010-02-08 18:03 . 2008-10-21 00:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-08 18:01 . 2008-10-20 17:05 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-02-02 13:25 . 2010-02-02 13:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 19:16 . 2010-01-31 19:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BioWare
2010-01-31 16:41 . 2008-11-21 12:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-31 16:41 . 2010-01-31 16:29 -------- d-----w- c:\programmi\File comuni\BioWare
2010-01-29 20:40 . 2009-06-29 09:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2010-01-12 20:05 . 2010-01-12 20:05 65024 ----a-w- c:\windows\IFinst26.exe
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-19 13:39 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-10-20 15:06 346112 ----a-w- c:\windows\system32\mspaint.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-02 5964800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"MULTIMEDIA KEYBOARD"="c:\programmi\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-22 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-27 11:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-09 12:18 13680640 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-09 12:18 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-02-09 12:18 1657376 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-09-04 05:01 2524416 ----a-w- c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-02-27 04:31 69632 ----a-w- c:\programmi\File comuni\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 06:39 16862720 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSLEmptyCache]
2008-05-21 08:07 57344 ----a-w- c:\windows\system32\SSLEmptyCache.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdate1c98ac0fd03ac00"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Riccardo\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Riccardo\\Programmi\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"d:\\Riccardo\\Programmi\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Riccardo\\Programmi\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Riccardo\\Programmi\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Riccardo\\Programmi\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Riccardo\\Programmi\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Riccardo\\Programmi\\Aspyr\\Guitar Hero III\\GH3.exe"=
"d:\\Riccardo\\Programmi\\Sacred\\sacred.exe"=
"d:\\Riccardo\\Programmi\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Riccardo\\Programmi\\Sierra\\Empire Earth\\Empire Earth.exe"=
"d:\\Riccardo\\Programmi\\Activision\\Prototype\\prototypef.exe"=
"d:\\Riccardo\\Programmi\\Sacred\\GameServer.exe"=
"d:\\Riccardo\\Programmi\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Riccardo\\Programmi\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Riccardo\\Programmi\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Riccardo\\Programmi\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2006:TCP"= 2006:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"2005:TCP"= 2005:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"2007:TCP"= 2007:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"2008:TCP"= 2008:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"2009:TCP"= 2009:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"2010:TCP"= 2010:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"7064:TCP"= 7064:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"7066:TCP"= 7066:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
"12300:TCP"= 12300:TCP:d:\\Riccardo\\Programmi\\Sacred\\Sacred.exe
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [20/10/2008 19.57.23 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [20/10/2008 19.57.23 5248]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [10/06/2008 11.33.10 150568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/10/2008 17.15.50 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/10/2008 17.15.53 108552]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [21/10/2008 18.10.04 6656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/10/2008 17.15.48 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/10/2008 17.15.48 297752]
R2 nhksrv;Netropa NHK Server;c:\programmi\Netropa\Multimedia Keyboard\nhksrv.exe [21/10/2008 18.10.04 28672]
R2 TomTomHOMEService;TomTomHOMEService;d:\programmi\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
S2 jmyhzjbgu;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S2 pmplqmu;Center Network;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.39.46 14336]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [08/11/2008 13.31.18 24832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\riccardo\Programmi\Dragon Age\bin_ship\daupdatersvc.service.exe [31/01/2010 17.35.57 25832]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S4 gupdate1c98ac0fd03ac00;Google Update Service (gupdate1c98ac0fd03ac00);c:\programmi\Google\Update\GoogleUpdate.exe [09/02/2009 15.16.22 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jmyhzjbgu
pmplqmu
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{D8227DEA-264E-4ED0-ACD9-62F743389F0F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\documents and settings\Riccardo\Dati applicazioni\Mozilla\Firefox\Profiles\w2as9d1d.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
MSConfigStartUp-AdobeCS4ServiceManager - c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-14 20:48
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jmyhzjbgu]
"ServiceDll"="c:\windows\system32\rlflpqr.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmplqmu]
"ServiceDll"="c:\windows\system32\rlflpqr.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1078081533-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,ae,46,68,dc,54,bb,fc,b2,91,cf,1d,df,ce,65,4f,84,fc,c4,dd,1e,0d,1d,
74,60,5d,ce,8b,14,c5,73,7e,3d,fb,a7,00,4d,e4,d4,b9,d9,3c,02,a0,bb,d7,f4,90,\
"??"=hex:6f,c6,cb,90,f7,12,80,e5,d9,07,0f,2f,5a,a9,fd,2c
[HKEY_USERS\S-1-5-21-1659004503-1078081533-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:25,74,8f,c0,ce,dd,ca,17,d0,df,5a,60,44,70,41,71,21,a3,2e,28,77,
ed,96,bd,68,72,4a,30,f0,95,a6,a4,e3,e2,01,dd,15,62,4a,77,a1,99,b4,68,8d,24,\
"rkeysecu"=hex:16,54,4b,84,f0,17,52,bf,8b,9a,0a,13,57,1f,fd,f6
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"01403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C6A24054183F68FB8CCE649E9A94D26BD5A91960FD7CB8E076E25F0CA618C338D6371148EE7B5A5CC9F5E382E3EF4862AF972D1C4FD7A73C6DD8F61A1692A9EF2DF2717466F99F6CF3D920E031EBDEE60A936E42F66370452A167D1FE5A7932309BBD2A1C6808A5A28475032B686BEA4FBF37B2036F7AECA619793D404A7AF5FDCD8FE9A4CF8FE13346F01739F61218DD3F24401450E90DDFB422E7AD60744F94FF88DAF286DF7CD1E6711A409C254D610AE8CB74F45DA54195E9751B4DDA7093BA9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140788C5C608F2ECACF97CDB4EB3CD52E929C3DE2A17321CBF4204696D6AA5311E8E9451794B0D23077014E6D9A473695396D2B6722E14B3C7380BE2F9F0BF45F970650649650A68829958ADF41FCCE506434BDBBA03749884B31325BF94250D027A364E9ACFA62A7513888930152CF3959892BAE1A0595CE684CACB8998AE98A2061A18C324329AE8613D5B8E19740AC7E2644237B25C5112612F7813614CBDFCD175530FA0103119EADF8409E11F5D18D14FE6808AAA8FDC629550907A7E95E5810076BB293728F87B2C6B8B4EB7E8B37AB4A0769D04F4D386A57A2791DD7DE41A467C7E44B1FB2E42B5FB75DBDE6D7DD4CCE94783C09FB52D5AA47177921637852BE07C9CA0EF91D2E1249AAFC8EB0CBD224292F947F5F51E847EFCA2DB45CC93E0275281B789B125EAD5C310BDADAAF414AE6D61969E3D0147BD4B2C0BB34B76F1548C653B144E94DD082DEA99BB579F533661C03F06E5E29A1AD3D3884E0BC2BAF0B160891D5E5F1CB58650CD6745C669646BBDE5DC7F374AD07EFACB471775EB0CB5AB90768BA95DDDF3725DC258D42F497CA6C416CE5275A2AB266592B1EB8A3705A653B6B17B29828DA9E0242E1C5478796D2AEA496D91D32C8076E94E686E877ED5E9B7E3BE5E2B5EF105A7154F5B093C2575D71DA5642E46D6B5C996114617F45DFE9668C42E61676B092D0D881B1690099C1C27FC0B7CB31CEC74E4F11103AF0BD23836BF9F349CDAC356CE433DC038F2283BFC59F411A2E67BEDCBF6A36DE9CBB6C07C460B37E5261A8B44DE42AC6866B77EE403663F356F52801073277BD1B2949A9DD51F001FDB0BF68C22FB80C987F9725A2776E081947839291E19D78A7765F3AC4C5DA919A82588F8B39168F81F35E58ED8905111578768439249AF2C74B9BF75ED1CD196630E7211217E93071AC26EE28BF4F1635F2F243F4C5DB3412933B2F361849B50027CAC0F5990367A0890E3EF9AB7A868F43044B2B04D1A49B70CC75B3293AFF2A1BEF2E032E987CA9F1EE102C1C0DB878562E6E404661E36670E3E8E509C369C81B2C2"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Netropa\Multimedia Keyboard\TrayMon.exe
c:\programmi\Netropa\Onscreen Display\OSD.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-14 20:50:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-14 19:50
Pre-Run: 2.535.575.552 byte disponibili
Post-Run: 2.614.046.720 byte disponibili
- - End Of File - - 68D0B92EF07CD90A00FD1CF5025E13F5