ComboFix 10-06-19.04 - bric 20/06/2010 18.29.42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1022.259 [GMT 2:00]
Eseguito da: c:\documents and settings\bric\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\bric\IMPOST~1\Temp\~WSA.tmp
c:\docume~1\bric\IMPOST~1\Temp\~WSB.tmp
c:\docume~1\bric\IMPOST~1\Temp\~WSC.tmp
c:\documents and settings\bric\Impostazioni locali\Temp\~WSA.tmp
c:\documents and settings\bric\Impostazioni locali\Temp\~WSB.tmp
c:\documents and settings\bric\Impostazioni locali\Temp\~WSC.tmp
.
((((((((((((((((((((((((( Files Creati Da 2010-05-20 al 2010-06-20 )))))))))))))))))))))))))))))))))))
.
2010-06-20 13:45 . 2010-06-20 13:45 -------- d-----w- c:\programmi\p-nand-q.com
2010-06-20 08:32 . 2010-06-20 08:39 -------- d-----w- c:\programmi\Unlocker
2010-06-19 15:33 . 2010-06-19 16:05 -------- d-----w- c:\programmi\VS Revo Group
2010-06-18 18:36 . 2010-06-18 18:36 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\Sonic
2010-06-18 06:03 . 2010-06-18 06:03 29512 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-06-18 06:03 . 2010-06-18 06:03 242896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-06-17 18:00 . 2010-06-18 06:02 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-17 18:00 . 2010-06-17 18:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-17 18:00 . 2010-06-18 06:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-17 18:00 . 2010-06-17 18:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-17 18:00 . 2010-06-20 16:14 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-17 05:26 . 2010-06-17 05:26 388096 ----a-r- c:\documents and settings\bric\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 05:26 . 2010-06-17 05:26 -------- d-----w- c:\programmi\Trend Micro
2010-06-16 16:55 . 2010-06-16 16:55 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\Malwarebytes
2010-06-16 16:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 16:55 . 2010-06-16 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-16 16:55 . 2010-06-16 16:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-16 16:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-15 16:42 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-06-15 16:42 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-06-15 16:42 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-06-15 16:42 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-06-15 16:42 . 2010-06-15 16:44 -------- d-----w- c:\programmi\PDFCreator
2010-06-15 16:42 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-06-10 08:07 . 2010-06-10 08:07 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Roxio
2010-06-10 07:24 . 2010-06-10 07:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2010-06-10 07:24 . 2010-06-10 07:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sonic
2010-06-10 07:16 . 2010-06-18 18:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Research In Motion
2010-06-10 06:23 . 2010-06-10 06:23 256 ----a-w- c:\documents and settings\bric\pool.bin
2010-06-09 04:53 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 14:46 . 2010-06-06 14:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-06 14:46 . 2010-06-06 14:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 14:46 . 2010-06-06 14:46 -------- d-----w- c:\programmi\OpenAL
2010-06-06 14:45 . 2010-06-06 14:45 -------- d-----w- c:\programmi\Jardinains 2!
2010-05-30 05:10 . 2010-06-10 08:15 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\vlc
2010-05-30 04:45 . 2010-05-30 04:45 503808 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4363c3aa-n\msvcp71.dll
2010-05-30 04:45 . 2010-05-30 04:45 499712 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4363c3aa-n\jmc.dll
2010-05-30 04:45 . 2010-05-30 04:45 348160 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4363c3aa-n\msvcr71.dll
2010-05-30 04:45 . 2010-05-30 04:45 61440 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c955a13-n\decora-sse.dll
2010-05-30 04:45 . 2010-05-30 04:45 12800 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1c955a13-n\decora-d3d.dll
2010-05-26 16:18 . 2010-06-10 10:48 256 ----a-w- c:\windows\system32\pool.bin
2010-05-26 16:18 . 2010-06-19 16:29 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\Research In Motion
2010-05-26 16:15 . 2009-01-09 14:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 16:17 . 2010-03-10 13:30 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\HPAppData
2010-06-20 10:54 . 2010-01-08 19:26 -------- d-----w- c:\programmi\DIFX
2010-06-20 10:51 . 2006-04-14 08:47 -------- d-----w- c:\programmi\Google
2010-06-19 15:53 . 2006-04-14 08:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2010-06-19 15:09 . 2010-01-08 15:32 870 ----a-w- c:\documents and settings\bric\Dati applicazioni\wklnhst.dat
2010-06-19 04:00 . 2010-01-08 09:26 104008 -c--a-w- c:\documents and settings\bric\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-06-18 18:36 . 2010-01-08 09:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-06-15 11:57 . 2006-05-11 12:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2010-06-10 10:59 . 2010-01-08 19:27 -------- d-----w- c:\programmi\File comuni\Nokia
2010-06-10 07:59 . 2010-01-08 07:44 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2010-06-10 07:59 . 2006-04-13 15:22 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-06-10 07:24 . 2010-01-08 09:44 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\InstallShield
2010-06-09 09:58 . 2010-04-15 04:41 -------- d-----w- c:\documents and settings\bric\Dati applicazioni\U3
2010-06-09 05:02 . 2006-04-13 23:15 546218 ----a-w- c:\windows\system32\perfh010.dat
2010-06-09 05:02 . 2006-04-13 23:15 107322 ----a-w- c:\windows\system32\perfc010.dat
2010-05-27 05:03 . 2010-01-08 12:32 -------- d-----w- c:\programmi\CCleaner
2010-05-19 04:49 . 2006-04-14 08:37 -------- d-----w- c:\programmi\File comuni\Sony Shared
2010-05-19 04:47 . 2006-04-13 15:23 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-18 14:36 . 2010-05-18 14:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InterAction studios
2010-05-11 13:18 . 2010-05-11 13:18 503808 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a7c0a4b-n\msvcp71.dll
2010-05-11 13:18 . 2010-05-11 13:18 499712 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a7c0a4b-n\jmc.dll
2010-05-11 13:18 . 2010-05-11 13:18 348160 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a7c0a4b-n\msvcr71.dll
2010-05-11 13:18 . 2010-05-11 13:18 61440 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dfe5982-n\decora-sse.dll
2010-05-11 13:18 . 2010-05-11 13:18 12800 ----a-w- c:\documents and settings\bric\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2dfe5982-n\decora-d3d.dll
2010-05-11 13:17 . 2006-04-14 08:39 -------- d-----w- c:\programmi\File comuni\Java
2010-05-11 13:17 . 2010-05-11 13:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-11 13:17 . 2006-04-14 08:39 -------- d-----w- c:\programmi\Java
2010-05-06 14:13 . 2010-05-06 14:13 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-05-06 14:12 . 2010-05-06 14:12 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-05-06 14:12 . 2010-05-06 14:12 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-05-06 14:12 . 2010-01-08 19:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-05-06 14:10 . 2010-05-06 14:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2010-05-06 10:32 . 2006-04-13 23:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2006-04-13 23:14 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 13:56 . 2010-04-27 13:56 -------- d-----w- c:\programmi\Paint.NET
2010-04-25 14:53 . 2010-04-25 14:53 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-04-20 05:30 . 2006-04-13 23:14 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-05 05:49 . 2010-04-05 05:49 40960 -c--a-r- c:\documents and settings\bric\Dati applicazioni\Microsoft\Installer\{8ADAA7A5-7DC2-11D4-8488-106364C10000}\NewShortcut4_13AF153D4E744F68819DC8E5DC7B5875.exe
2010-04-05 05:49 . 2010-04-05 05:49 40960 -c--a-r- c:\documents and settings\bric\Dati applicazioni\Microsoft\Installer\{8ADAA7A5-7DC2-11D4-8488-106364C10000}\NewShortcut2_4A600D905EA94FF8A8FFA23F6F02D9EE.exe
2010-04-05 05:49 . 2010-04-05 05:49 40960 -c--a-r- c:\documents and settings\bric\Dati applicazioni\Microsoft\Installer\{8ADAA7A5-7DC2-11D4-8488-106364C10000}\NewShortcut1_6C536305474B4DF8882311922D4B0B80.exe
2010-04-05 05:49 . 2010-04-05 05:49 40960 -c--a-r- c:\documents and settings\bric\Dati applicazioni\Microsoft\Installer\{8ADAA7A5-7DC2-11D4-8488-106364C10000}\ARPPRODUCTICON.exe
2010-04-01 06:29 . 2010-04-01 06:29 95232 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-04-01 06:29 . 2010-04-01 06:29 8192 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-01 06:29 . 2010-04-01 06:29 61440 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-01 06:29 . 2010-04-01 06:29 10240 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-29 08:29 . 2010-04-01 06:29 34513376 ----a-r- c:\documents and settings\All Users\Dati applicazioni\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ita_web.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ISUSPM"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"VAIOCameraUtility"="c:\programmi\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"AppMon Utility"="c:\programmi\Sony\AppMonUtil\AppMonUtility.exe" [2006-03-15 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-17 7561216]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-04-07 122940]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"VAIO Update 5"="c:\programmi\Sony\VAIO Update 5\VAIOUpdt.exe" [2009-12-08 1324400]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"ClocX"="c:\programmi\ClocX\ClocX.exe" [2007-07-26 270336]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NokiaMusic FastStart"="c:\programmi\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-02-22 202256]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-18 2065248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\bric\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Audio Filter.lnk - c:\programmi\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2010-1-8 5649408]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-17 18:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-09-23 13:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/06/2010 20.00.42 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/06/2010 20.00.48 242896]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 14.07.06 45627]
R1 regi;regi;c:\windows\system32\drivers\regi.sys [14/04/2006 10.46.59 4864]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/06/2010 20.00.24 308064]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [13/04/2006 17.37.27 745600]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [14/04/2006 1.15.33 29184]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [14/04/2006 1.15.32 812544]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 VUAgent;VUAgent;c:\programmi\Sony\VAIO Update 5\VUAgent.exe [08/01/2010 11.19.13 673136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-20 c:\windows\Tasks\User_Feed_Synchronization-{534F8476-418A-42FC-8B4A-94E5B57C7107}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\programmi\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-20 18:37
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,21,a5,c5,a7,42,4b,4d,b0,21,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,21,a5,c5,a7,42,4b,4d,b0,21,09,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\WININET.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchTrayHook.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\programmi\Sony\VAIO Event Service\VESMgr.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ICO.EXE
c:\windows\eHome\ehmsas.exe
c:\programmi\Apoint\Apntex.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\msiexec.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\MsiExec.exe
c:\programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\progra~1\FILECO~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-20 18:41:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-20 16:41
Pre-Run: 71.053.570.048 byte disponibili
Post-Run: 71.045.349.376 byte disponibili
- - End Of File - - 0D9F0744D2DD1DDA4EFBDD0A166CD23F
dopo il riavvio del pc per opera di COMBOFIX la prima cosa che è apparsa sul desktop è stata la finestra di installazione di ROXIO Media Manager e quella successiva decretante il fallimento della stessa !!! sic sic :((
R16 quasi mi vergogno...
comunque, se posso, anni fa quando mi aiutasti in un'altra occasione avevi una foto del tuo bambino piccolo piccolo che era bellissimo... ora è ancora più bello. Complimenti!
Raffaella