ComboFix 10-11-22.01 - PC-SANTINI 22/11/2010 20.51.52.3.

2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3327.2296 [GMT 1:0
0]
Eseguito da: c:\users\PC-SANTINI\Desktop\ComboFix.exe
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3
BDF911}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))
))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\PC-SANTINI\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\PC-SANTINI\Documents\BackupRegistry(20101118).reg
c:\users\PC-SANTINI\Documents\BackupRegistry(20101119).reg
-- Esecuzione precedente --
La copia infetta di c:\windows\system32\winlogon.exe è stata trovata e disinfettat
a
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856
ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
La copia infetta di c:\windows\system32\winlogon.exe è stata trovata e disinfettat
a
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856
ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
La copia infetta di c:\windows\System32\slui.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_3
1bf3856ad364e35_6.1.7600.16385_none_5b97f4df0025c6e9\slui.exe
--------
La copia infetta di c:\windows\system32\winlogon.exe è stata trovata e disinfettat
a
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856
ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
La copia infetta di c:\windows\System32\slui.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_3
1bf3856ad364e35_6.1.7600.16385_none_5b97f4df0025c6e9\slui.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-10-22 al 2010-11-22 ))))))))))
)))))))))))))))))))))))))
.
2010-11-22 19:56 . 2010-11-22 19:56 -------- d-----w- c:\users
\Public\AppData\Local\temp
2010-11-22 19:56 . 2010-11-22 19:56 -------- d-----w- c:\users
\Matteo Santini\AppData\Local\temp
2010-11-22 19:56 . 2010-11-22 19:56 -------- d-----w- c:\users
\Default\AppData\Local\temp
2010-11-22 19:04 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\M
icrosoft\Microsoft Antimalware\Definition Updates\{3F11035A-ED8A-42E1-A6C5-9711F
D8BBB96}\mpengine.dll
2010-11-22 14:58 . 2010-11-22 18:16 -------- d-----w- c:\progr
am files\Microsoft Security Essentials
2010-11-22 14:45 . 2010-11-22 14:47 -------- d-----w- c:\progr
am files\Common Files\Symantec Shared
2010-11-22 14:45 . 2010-11-22 14:45 126512 ----a-w- c:\windows\syste
m32\drivers\SYMEVENT.SYS
2010-11-22 14:45 . 2010-11-22 14:45 -------- d-----w- c:\progr
am files\Symantec
2010-11-22 14:44 . 2010-11-22 14:44 -------- d-----w- c:\windo
ws\system32\drivers\NAV
2010-11-22 14:44 . 2010-11-22 14:44 -------- d-----w- c:\progr
am files\Norton AntiVirus
2010-11-22 14:44 . 2010-11-22 14:45 -------- d-----w- c:\progr
amdata\Norton
2010-11-22 14:44 . 2010-11-22 14:44 -------- d-----w- c:\progr
am files\NortonInstaller
2010-11-22 14:38 . 2010-11-22 14:38 -------- d-----w- C:\CG
2010-11-19 21:19 . 2010-11-19 21:19 -------- d-----w- c:\progr
am files\SMPlayer
2010-11-19 21:12 . 2010-03-15 09:31 165376 ----a-w- c:\windows\syste
m32\unrar.dll
2010-11-19 21:12 . 2010-11-19 21:12 -------- d-----w- c:\progr
am files\K-Lite Codec Pack
2010-11-19 15:48 . 2010-11-19 15:48 -------- d-----w- c:\progr
amdata\ATI
2010-11-19 08:48 . 2009-09-10 05:52 257024 ----a-w- c:\windows\syste
m32\msv1_0.dll
2010-11-19 08:44 . 2009-10-10 02:57 12800 ----a-w- c:\windows\syste
m32\drivers\sffp_sd.sys
2010-11-19 08:33 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\M
icrosoft\Windows Defender\Definition Updates\{27453E8E-78C3-4BFB-B314-7077213CA4
17}\mpengine.dll
2010-11-18 17:33 . 2010-02-11 07:10 293376 ----a-w- c:\windows\syste
m32\browserchoice.exe
2010-11-18 17:32 . 2010-03-04 03:57 190976 ----a-w- c:\windows\syste
m32\drivers\ks.sys
2010-11-18 17:30 . 2009-10-02 04:06 728648 ----a-w- c:\windows\syste
m32\drivers\dxgkrnl.sys
2010-11-18 17:25 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\syste
m32\ntkrnlpa.exe
2010-11-18 17:18 . 2010-08-21 05:36 738816 ----a-w- c:\windows\syste
m32\wmpmde.dll
2010-11-18 17:17 . 2010-05-27 03:49 293888 ----a-w- c:\windows\syste
m32\atmfd.dll
2010-11-18 17:17 . 2009-10-19 14:10 70656 ----a-w- c:\windows\syste
m32\fontsub.dll
2010-11-18 17:17 . 2010-05-27 07:24 34304 ----a-w- c:\windows\syste
m32\atmlib.dll
2010-11-18 16:59 . 2010-11-18 17:00 -------- d-----w- C:\Temp
2010-11-18 16:18 . 2009-12-29 06:55 172032 ----a-w- c:\windows\syste
m32\wintrust.dll
2010-11-18 16:18 . 2010-01-09 06:52 132608 ----a-w- c:\windows\syste
m32\cabview.dll
2010-11-18 16:17 . 2010-11-18 16:17 -------- d-----w- c:\windo
ws\system32\Wat
2010-11-18 16:11 . 2009-07-14 01:14 79872 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\winver.exe
2010-11-18 16:11 . 2009-07-14 01:14 285696 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\winlogon.exe
2010-11-18 16:11 . 2009-07-14 01:16 53760 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\sppuinotify.dll
2010-11-18 16:11 . 2009-07-14 01:16 345088 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\sppcommdlg.dll
2010-11-18 16:11 . 2009-07-14 01:14 325632 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\slui.exe
2010-11-18 16:11 . 2009-07-14 01:16 410624 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\systemcpl.dll
2010-11-18 16:11 . 2009-07-14 01:16 811520 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\user32.dll
2010-11-18 16:11 . 2009-07-14 01:16 13824 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\slwga.dll
2010-11-18 16:11 . 2009-07-14 01:16 118784 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\sppwmi.dll
2010-11-18 16:11 . 2009-06-10 21:38 113629 ----a-w- c:\programdata\M
icrosoft\Windows\SXS\32\slmgr.vbs
2010-11-18 16:10 . 2010-11-18 16:10 2169856 --sha-w- c:\windows\syste
m32\hale.exe
2010-11-18 15:55 . 2010-11-22 19:36 -------- d-----w- c:\windo
ws\system32\wbem\Performance
2010-11-18 15:53 . 2010-11-18 15:53 -------- d-----w- c:\progr
am files\Microsoft.NET
2010-11-18 15:53 . 2009-11-25 11:47 99176 ----a-w- c:\windows\syste
m32\PresentationHostProxy.dll
2010-11-18 15:53 . 2009-11-25 11:47 49472 ----a-w- c:\windows\syste
m32\netfxperf.dll
2010-11-18 15:53 . 2009-11-25 11:47 297808 ----a-w- c:\windows\syste
m32\mscoree.dll
2010-11-18 15:53 . 2009-11-25 11:47 295264 ----a-w- c:\windows\syste
m32\PresentationHost.exe
2010-11-18 15:53 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\syste
m32\dfshim.dll
2010-11-18 15:24 . 2010-11-19 21:21 -------- d-----w- c:\users
\PC-SANTINI
2010-11-18 15:23 . 2010-11-18 15:23 0 ----a-w- c:\windows\ativp
srm.bin
2010-11-18 15:20 . 2010-11-18 15:51 -------- d-----w- c:\windo
ws\Panther
2010-11-18 15:13 . 2010-11-18 15:41 -------- d-----w- C:\$WIND
OWS.~Q
2010-11-18 15:11 . 2010-11-18 15:12 -------- d-----w- C:\$INPL
ACE.~TR
2010-11-17 08:54 . 2010-11-17 08:56 -------- d-----w- C:\Drive
r
2010-11-16 16:04 . 2010-11-16 16:04 -------- d-----r- C:\acrol
dr
2010-11-16 15:18 . 2010-11-16 15:18 159168 ----a-w- c:\windows\syste
m32\drivers\afcdp.sys
2010-11-16 15:17 . 2010-11-16 15:17 911552 ----a-w- c:\windows\syste
m32\drivers\tdrpm255.sys
2010-11-16 14:25 . 2010-11-16 15:17 157248 ----a-w- c:\windows\syste
m32\drivers\snapman.sys
2010-11-16 14:25 . 2010-11-16 14:25 37888 ----a-w- c:\windows\syste
m32\setupnt.dll
2010-11-16 14:24 . 2010-11-18 15:26 -------- d-----w- c:\progr
am files\Common Files\Acronis
2010-11-16 14:24 . 2010-11-18 15:25 -------- d-----w- c:\progr
am files\Acronis
2010-11-11 15:39 . 2010-11-18 15:26 -------- d-----w- c:\progr
am files\Lavalys
2010-10-24 18:39 . 2010-11-18 15:29 -------- d-----w- c:\windo
ws\it
2010-10-24 18:39 . 2010-09-22 22:21 39272 ----a-w- c:\windows\syste
m32\drivers\fssfltr.sys
2010-10-24 18:35 . 2010-10-24 18:35 94040 ----a-w- c:\program files
\Common Files\Windows Live\.cache\3854aa031cb73aa11\DSETUP.dll
2010-10-24 18:35 . 2010-10-24 18:35 525656 ----a-w- c:\program files
\Common Files\Windows Live\.cache\3854aa031cb73aa11\DXSETUP.exe
2010-10-24 18:35 . 2010-10-24 18:35 1691480 ----a-w- c:\program files
\Common Files\Windows Live\.cache\3854aa031cb73aa11\dsetup32.dll
2010-10-24 18:35 . 2010-10-24 18:35 525656 ----a-w- c:\program files
\Common Files\Windows Live\.cache\36d424831cb73aa10\DXSETUP.exe
2010-10-24 18:35 . 2010-10-24 18:35 94040 ----a-w- c:\program files
\Common Files\Windows Live\.cache\36d424831cb73aa10\DSETUP.dll
2010-10-24 18:35 . 2010-10-24 18:35 1691480 ----a-w- c:\program files
\Common Files\Windows Live\.cache\36d424831cb73aa10\dsetup32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
))))))))))))))))))))))))))))))
.
2010-11-19 15:38 . 2009-10-19 13:29 691696 ----a-w- c:\windows\syste
m32\drivers\sptd.sys
2010-11-13 12:31 . 2009-03-01 20:40 107888 ----a-w- c:\windows\syste
m32\CmdLineExt.dll
2010-10-19 20:51 . 2009-10-03 20:42 222080 ------w- c:\windows\syste
m32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36 15451288 ----a-w- c:\windo
ws\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36 13642904 ----a-w- c:\windo
ws\system32\xlivefnt.dll
2010-09-24 12:46 . 2010-09-24 12:46 102416 ----a-w- c:\windows\syste
m32\drivers\AtihdW73.sys
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\syste
m32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPG
SS.SCR
2010-09-15 03:50 . 2010-05-01 14:53 472808 ----a-w- c:\windows\syste
m32\deployJava1.dll
.
------- Sigcheck -------
[-] 2009-10-28 . 1562571D6B1541098E677C3BB78709A0 . 285696 . . [6.1.7600.16385]
. . c:\windows\System32\winlogon.exe
[7] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.1
6447_none_6fc699643622d177\winlogon.exe
[7] 2009-10-28 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.2
0560_none_703394514f56f7c2\winlogon.exe
[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.1
6385_none_6f99573a36451166\winlogon.exe
[-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6002.18005]
. . c:\windows\ERDNT\cache\winlogon.exe
[-] 2009-07-14 . 85AEB26057AAC125EEC1425305F86960 . 811520 . . [6.1.7600.16385]
. . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.163
85_none_cd0ec264ceb014a3\user32.dll
[-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6002.18005]
. . c:\windows\ERDNT\cache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\PC-SANTINI\AppData\Local\Google\Update\GoogleUpdate.ex
e" [2010-05-27 136176]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-
22 77824]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Servizio Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\s
chedhlp.exe" [2009-10-06 357688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
" [2010-05-14 248552]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.
exe" [2009-10-06 5076088]
"Chew7Hale"="c:\windows\System32\hale.exe" [2010-11-18 2169856]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[2010-10-26 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgu
i.exe" [2010-04-29 437584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15
1094224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c715724"="START" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^SIDA.Connect.lnk]
backup=c:\windows\pss\SIDA.Connect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^PC-SANTINI^AppData^Roaming^Microsoft^Windows^Star
t Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^PC-SANTINI^AppData^Roaming^Microsoft^Windows^Star
t Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^PC-SANTINI^AppData^Roaming^Microsoft^Windows^Star
t Menu^Programs^Startup^setup_9.0.0.722_02.03.2010_16-11[1].lnk]
backup=c:\windows\pss\setup_9.0.0.722_02.03.2010_16-11[1].lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAu
tomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display D
river
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitV
ideoAccelerator
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows
Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Ad
obe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
ader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.
0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear
Help]
2007-05-03 15:48 415744 ----a-w- c:\program files\ASUS\AI Gear2\G
earHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
2007-01-12 00:07 1423360 ----a-w- c:\program files\ASUS\Ai Nap\AiN
ap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICusto
merCare]
2010-05-04 15:05 311296 ----a-r- c:\program files\ATI\ATICustomer
Care\ATICustomerCare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
]
2009-08-28 17:36 75048 ----a-w- c:\program files\CyberLink\Share
d files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonito
r_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 13:35 202024 ----a-w- c:\program files\Common Files\Ne
ro\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON T
ools Lite]
c:\program files\DAEMON Tools Lite\DTLite.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.e
xe]
2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX
100 Series]
2008-02-05 14:00 188928 ----a-w- c:\windows\System32\spool\driver
s\w32x86\3\E_FATIEDE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2010-09-22 22:21 884584 ----a-w- c:\program files\Windows Live\Fa
mily Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google U
pdate]
2010-05-27 18:49 136176 ----atw- c:\users\PC-SANTINI\AppData\Loca
l\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Se
curity 360]
2010-06-11 17:14 1280344 ----a-w- c:\program files\IObit\IObit Sec
urity 360\is360tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Me
ssenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeySca
n]
2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
erCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ne
ro\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8Lan
guageShortcut]
2009-04-15 22:54 50472 ----a-w- c:\program files\CyberLink\Power
DVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCo
ntrol8]
2009-07-16 19:08 91432 ----a-w- c:\program files\CyberLink\Power
DVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar
\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedCon
nectStartUp]
2010-01-27 10:58 603136 ----a-w- c:\program files\CBS Software\Sp
eedConnect Internet Accelerator\SpeedConnectStartUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-11 13:43 1217872 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-04 15:31 39408 ----a-w- c:\program files\Google\GoogleTo
olbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualC
loneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes
\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG
]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media P
layer\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunk
eys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSRun
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-19 691696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\Go
ogleUpdate.exe [2010-08-04 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVE
RS\MpNWMon.sys [2010-03-25 42368]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\
WatAdminSvc.exe [2010-11-18 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\wind
ows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S0 a347scsi;a347scsi;c:\windows\System32\Drivers\a347scsi.sys [2004-04-30 5248]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SYMDS.S
YS [2010-06-13 339504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201
000.025\SYMEFA.SYS [2010-07-29 666672]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\window
s\system32\DRIVERS\tdrpm255.sys [2010-11-16 911552]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7
}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 69124
8]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7
}\NAV_18.1.0.37\Definitions\IPSDefs\20101119.001\IDSvix86.sys [2010-10-19 353840
]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Iron
x86.SYS [2010-06-27 134704]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\
1201000.025\SYMNETS.SYS [2010-07-13 294448]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/02 20:54];c:\pr
ogram files\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 87536]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis
\CDP\afcdpsrv.exe [2010-11-16 2326920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
tiesrxx.exe [2009-08-18 176128]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.
exe [2010-06-11 312152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservi
ce.exe [2010-04-29 304464]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvc
Hst.exe [2010-07-23 126904]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-16 159168]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\wi
ndows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system3
2\drivers\AtihdW73.sys [2010-09-24 102416]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symante
c Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-13 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29
20952]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - kl1
.
Contenuto della cartella 'Scheduled Tasks'
2010-11-22 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-20 19:33]
2010-11-19 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-02-20 13:24
]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 22:10]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 22:10]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-612587600-19105058-2556
7531-1000Core.job
- c:\users\PC-SANTINI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 1
8:49]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-612587600-19105058-2556
7531-1000UA.job
- c:\users\PC-SANTINI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 1
8:49]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = fam.santini@davide.it:80
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
ToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {C186F386-6FC6-414C-AB53-975FB0EB15C1} - hxxp://v.netlogstatic.com/v5.00/29
00//s/e/Aurigma/ImageUploaderPHP/PhotoUploader.cab
FF - ProfilePath - c:\users\PC-SANTINI\AppData\Roaming\Mozilla\Firefox\Profiles\
rmeb5qe6.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\PC-SANTINI\AppData\Local\Google\Update\1.2.183.39\npGoogle
OneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugin
s.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-BS02NAV11 - c:\users\PC-SANTINI\AppData\Roaming\BS02NAV11.exe
MSConfigStartUp-HKLM - c:\users\PC-SANTINI\AppData\Roaming\Do_Not_Delete\CG02_No
rton_AV_2011.exe
MSConfigStartUp-UfSeAgnt - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\"
/s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll
\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B
7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-612587600-19105058-25567531-1000\Software\SecuROM\License i
nformation*]
"datasecu"=hex:60,2b,37,90,5b,07,c4,bc,4e,90,10,8e,d3,29,92,59,22,ff,94,ef,21,
94,eb,e2,55,a0,50,03,8c,e8,e8,24,9d,94,77,4d,86,30,62,7f,2a,35,cd,29,ac,b7,\
"rkeysecu"=hex:67,45,9f,a4,8a,6c,b8,ea,3e,fa,52,91,2e,bc,95,6c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione -----------------
----
- - - - - - - > 'Explorer.exe'(9056)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\conhost.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\icacls.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Ora fine scansione: 2010-11-22 21:01:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-11-22 20:01
ComboFix2.txt 2010-02-20 19:04
Pre-Run: 16.441.081.856 byte disponibili
Post-Run: 16.243.896.320 byte disponibili
- - End Of File - - D2D38217FDA1EECB8714690673F3D0CD