ComboFix 10-08-28.02 - Giancarlo&Ivano 30/08/2010 13.24.06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1591 [GMT 2:00]
Eseguito da: c:\documents and settings\Giancarlo&Ivano.PC302014470238\Desktop\Nuova cartella\pippo.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Lavasoft Ad-Watch Live! Anti-virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\1doc2pdf.dll
c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Wyet
c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Wyet\duasy.exe
C:\Install.exe
c:\programmi\Best Spyware Scanner
c:\programmi\Best Spyware Scanner\BestSpywareScanner.exe
c:\programmi\Best Spyware Scanner\md5.dll
c:\programmi\Best Spyware Scanner\mtools.dll
c:\programmi\Best Spyware Scanner\networkdll.dll
c:\programmi\Best Spyware Scanner\opfile.dll
c:\programmi\Best Spyware Scanner\QAreaDLL.dll
c:\programmi\Best Spyware Scanner\RkHitApi.dll
c:\programmi\Best Spyware Scanner\sctdll.dll
c:\programmi\Best Spyware Scanner\udefend.dll
c:\programmi\Best Spyware Scanner\ussafe.dll
c:\programmi\Best Spyware Scanner\zlib1.dll
La copia infetta di c:\windows\system32\drivers\termdd.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOLLOWER
-------\Legacy_RKHIT
((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-30 )))))))))))))))))))))))))))))))))))
.
2010-08-30 11:40 . 2010-08-30 11:41 85504 ---ha-w- c:\windows\system32\yaxvtr.dll
2010-08-30 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 09:08 . 2010-08-30 09:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-30 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 09:03 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-30 08:55 . 2010-08-30 09:08 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-29 12:20 . 2010-08-29 21:20 -------- d-----w- c:\programmi\Emsisoft Anti-Malware
2010-08-29 08:36 . 2010-08-29 08:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-28 17:15 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-28 16:54 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-28 16:47 . 2010-08-28 16:47 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-28 12:59 . 2006-12-08 11:36 274688 ----a-w- c:\windows\system32\drivers\pxfsf.sys
2010-08-28 12:58 . 2010-08-28 12:58 -------- d-----w- c:\programmi\Prevx1
2010-08-28 12:58 . 2010-08-28 12:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Prevx
2010-08-28 08:54 . 2010-08-28 08:54 -------- d-----w- C:\VundoFix Backups
2010-08-26 18:04 . 2010-08-26 18:04 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-08-26 17:37 . 2010-08-26 17:37 -------- d-----w- c:\programmi\CCleaner
2010-08-26 12:42 . 2010-08-26 12:42 91232 ----a-w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-26 12:42 . 2010-08-26 12:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-26 12:42 . 2010-08-26 13:11 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\HPAppData
2010-08-26 08:43 . 2010-08-26 08:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-25 18:08 . 2010-08-25 18:34 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Impostazioni locali\Dati applicazioni\Video_Clip_Grab
2010-08-25 18:08 . 2010-08-25 18:34 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Impostazioni locali\Dati applicazioni\Conduit
2010-08-25 18:08 . 2010-08-25 18:08 -------- d-----w- c:\programmi\Conduit
2010-08-25 18:08 . 2010-08-26 05:56 -------- d-----w- c:\programmi\Video_Clip_Grab
2010-08-25 18:08 . 2010-08-25 18:08 -------- d-----w- c:\programmi\ClipGrab
2010-08-25 17:34 . 2010-08-25 17:49 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Youtube Downloader HD
2010-08-25 16:48 . 2010-08-25 17:03 -------- d-----w- c:\programmi\Any Video Converter
2010-08-13 11:17 . 2010-08-27 06:55 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Nitro PDF
2010-08-12 10:59 . 2010-06-24 12:22 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-08-12 10:09 . 2010-08-12 17:10 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Nitro PDF
2010-08-12 10:06 . 2010-07-12 12:03 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-08-12 10:06 . 2010-07-12 12:03 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-08-12 10:06 . 2010-08-12 10:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nitro PDF
2010-08-12 10:06 . 2010-08-12 10:06 -------- d-----w- c:\programmi\File comuni\Nitro PDF
2010-08-12 10:06 . 2010-08-12 10:06 -------- d-----w- c:\programmi\Nitro PDF
2010-08-12 10:04 . 2010-08-12 10:04 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Downloaded Installations
2010-08-10 17:00 . 2010-08-10 17:00 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-08-10 17:00 . 2010-08-10 17:00 -------- d-----w- c:\programmi\Widget vodafone.it
2010-08-10 17:00 . 2010-08-10 17:04 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-08-08 10:33 . 2010-08-08 10:33 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\AnvSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 10:35 . 2009-02-10 07:46 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\HPAppData
2010-08-30 09:26 . 2009-08-13 17:23 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Uhik
2010-08-29 20:22 . 2009-10-28 16:17 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Skype
2010-08-28 18:21 . 2006-10-28 06:56 -------- d-----w- c:\programmi\Google
2010-08-28 18:16 . 2008-12-03 10:35 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Azureus
2010-08-28 16:47 . 2008-04-27 16:29 -------- d-----w- c:\programmi\Lavasoft
2010-08-28 16:47 . 2008-04-27 16:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-08-28 12:14 . 2009-01-26 06:05 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Oqic
2010-08-28 11:32 . 2009-09-22 18:14 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Vuikle
2010-08-26 17:57 . 2008-04-27 16:29 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-08-26 11:46 . 2008-07-12 08:52 -------- d-----w- c:\programmi\SpeedFan
2010-08-26 09:54 . 2006-10-28 06:30 91232 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-26 06:36 . 2006-06-29 09:22 88548 ----a-w- c:\windows\system32\perfc010.dat
2010-08-26 06:36 . 2006-06-29 09:22 503720 ----a-w- c:\windows\system32\perfh010.dat
2010-08-26 06:33 . 2008-12-03 22:29 -------- d-----w- c:\programmi\MSBuild
2010-08-26 06:33 . 2010-08-26 06:33 -------- d-----w- c:\programmi\Reference Assemblies
2010-08-25 17:03 . 2009-05-30 13:43 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Any Video Converter
2010-08-24 10:34 . 2009-10-28 16:27 -------- d-----w- c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\skypePM
2010-08-13 21:27 . 2008-12-03 07:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-08-08 11:22 . 2007-03-13 14:09 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-06-30 12:31 . 2006-04-11 04:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2008-12-03 17:04 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-12-03 17:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-12-03 17:04 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-12-03 17:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-12-03 17:04 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-12-03 17:04 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-12-03 17:04 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-12-03 17:04 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2006-04-11 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2006-04-11 04:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-05-10 08:17 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-04-11 04:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-04-11 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-04-11 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-12-09 06:05 . 2006-12-08 22:05 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:3a3693245
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido HP Photosmart Premier.lnk
backup=c:\windows\pss\Avvio rapido HP Photosmart Premier.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Giancarlo&Ivano.PC302014470238^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Giancarlo&Ivano.PC302014470238\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Giancarlo&Ivano.PC302014470238^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
path=c:\documents and settings\Giancarlo&Ivano.PC302014470238\Menu Avvio\Programmi\Esecuzione automatica\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-23 00:36 203720 ----a-w- c:\programmi\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2006-06-19 08:50 40960 ----a-w- c:\programmi\Hewlett-Packard\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 08:34 81920 ----a-w- c:\programmi\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-05-03 20:58 458752 ----a-w- c:\programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-06-19 09:33 163840 ----a-w- c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-07-19 13:14 102400 ----a-w- c:\programmi\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-09 07:48 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-06-17 05:22 794713 ----a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-07 12:50 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2966:TCP"= 2966:TCP:Services
"4432:TCP"= 4432:TCP:Services
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/08/2010 18.54.48 64288]
R1 a2injectiondriver;a2injectiondriver;c:\programmi\Emsisoft Anti-Malware\a2dix86.sys [29/08/2010 14.20.36 39576]
R1 a2util;a-squared Malware-IDS utility driver;c:\programmi\Emsisoft Anti-Malware\a2util32.sys [29/08/2010 14.20.36 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/12/2008 19.04.47 165456]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\programmi\Emsisoft Anti-Malware\a2service.exe [29/08/2010 14.20.34 1935656]
R2 a2free;a-squared Free Service;c:\programmi\a-squared Free\a2service.exe [22/03/2010 11.34.08 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/12/2008 19.04.47 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 14.15.19 1355416]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\programmi\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [12/07/2010 14.03.50 196912]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16.41.38 92008]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [06/06/2006 22.39.56 61952]
R3 a2acc;a2acc;c:\programmi\Emsisoft Anti-Malware\a2accx86.sys [29/08/2010 14.20.36 71008]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [02/02/2010 8.16.53 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14.15.19 15008]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/12/2008 17.30.16 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]
2010-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-02 06:16]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-02 06:16]
2010-08-28 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-08-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Salva oggetto con Net Transport - c:\programmi\NetTransport 2\NTAddLink.html
IE: Salva tutti gli oggetti con Net Transport - c:\programmi\NetTransport 2\NTAddList.html
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-{84EB4094-703D-142B-D6BC-DDBE7D484A01} - c:\documents and settings\Giancarlo&Ivano.PC302014470238\Application Data\Wyet\duasy.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-30 13:45
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1604093340-3845160452-382354152-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B1386A6-AA66-AD57-27D1-39519437ACA6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafklhdaddemlaapndjgcpkdgolabd"=hex:64,61,69,61,66,63,67,63,00,85
"oajjlocgljjhepondebiggkbfeileg"=hex:69,61,61,61,64,68,63,6a,6a,68,70,65,68,70,
6b,6a,6a,65,00,ff
"nadifnkiiaenndhdkfdbnigmekgj"=hex:6a,61,69,61,6b,63,67,6b,65,6b,6b,6c,67,63,
61,68,70,68,68,66,00,02
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-08-30 13:54:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-30 11:54
Pre-Run: 35.005.300.736 byte disponibili
Post-Run: 35.083.124.736 byte disponibili
- - End Of File - - ED21F46DC7158A155A40E17A62726DCD
attendo notizie
