ComboFix 12-04-14.01 - UserXp 14/04/2012 15.48.16.6.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.481 [GMT 2:00] Eseguito da: c:\documents and settings\UserXp\Desktop\ComboFix.exe AV: Norton 360 *Enabled/Updated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !! . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\UserXp\Dati applicazioni\PriceGong c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\1.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\6062.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\a.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\b.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\c.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\d.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\e.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\f.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\g.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\h.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\i.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\j.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\k.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\l.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\m.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\mru.xml c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\n.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\o.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\p.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\q.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\r.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\s.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\t.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\u.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\v.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\w.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\wlu.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\x.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\y.txt c:\documents and settings\UserXp\Dati applicazioni\PriceGong\Data\z.txt . . ((((((((((((((((((((((((( Files Creati Da 2012-03-14 al 2012-04-14 ))))))))))))))))))))))))))))))))))) . . 2012-04-14 12:08 . 2012-04-14 12:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-04-14 12:08 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-12 16:46 . 2012-04-12 16:46 -------- d-----w- c:\documents and settings\UserXp\Dati applicazioni\Search Settings 2012-04-12 16:46 . 2012-04-12 16:46 -------- d-----w- c:\programmi\Application Updater 2012-04-12 16:46 . 2012-04-12 16:46 -------- d-----w- c:\programmi\File comuni\Spigot 2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll 2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\programmi\Internet Explorer\plugins\nppdf32.dll 2012-03-24 20:09 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll 2012-03-24 20:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-03-24 20:08 . 2011-04-30 08:50 766464 -c----w- c:\windows\system32\dllcache\vgx.dll 2012-03-24 20:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-03-24 20:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-03-24 20:05 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-03-24 20:04 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-03-24 20:04 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-03-24 20:04 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-03-24 20:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-03-24 20:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-03-24 11:13 . 2012-03-24 11:13 -------- d-----w- c:\documents and settings\UserXp\Dati applicazioni\Malwarebytes 2012-03-24 11:13 . 2012-03-24 11:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes 2012-03-23 20:07 . 2012-03-23 20:08 -------- d-----w- c:\documents and settings\UserXp\Dati applicazioni\gizza . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 01:15 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 01:15 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-03-01 01:15 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-03-01 01:15 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-03 09:57 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 17:07 . 2012-01-25 17:07 53248 ----a-r- c:\documents and settings\UserXp\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-01-15 14:41 . 2012-01-15 14:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2009-03-31 21:47 . 2009-11-07 23:23 324976 ----a-w- c:\programmi\mozilla firefox\components\coFFPlgn.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys . [-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys . [-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-14 . 28B6EACE513CA7EABA3B809AD4BC274D . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys . [-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys . [-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll . [-] 2008-04-14 . 0FBA335727905DE8E4CB5A2CF438ABF5 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe . [-] 2008-04-14 . 02815B70FC4CA8611A926176F1C39FC2 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll . [-] 2008-04-14 12:00 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll . [-] 2008-04-14 . 48C4763A9C8990FB48B73445BEB15D6A . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll . [-] 2009-02-09 . 91F797DFBC1416FCEA76AD76FE07DA89 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . BC4E0226341AAEC1222336B3AED86BAB . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . DB0C9517C2374D86A18DBFA12B35B129 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll . [-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . 26845F272435302E0F3322E660A24F7D . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . C79FEAE2F68982259907AB52B0F2676F . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . DAC0440C89B1EA4E35684896D5BF856E . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe . [-] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe . [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll . [-] 2008-07-07 20:27 . 8360CB9756E598A5C6214EACFB3677C3 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:24 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll . [-] 2008-04-14 . 3F970150C170A38FCE423994341205B4 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll . [-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 5576C1D7AF026D18240ED6A624FD01A2 . 1033728 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . A3A365C46057532F6638D57E4C0B66B8 . 1035776 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 06157539EBB8B87D47B9B6C5DA44B62F . 1033728 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll . [-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll . [-] 2008-04-14 . 1E63346FDDB693C8D5D574A49C877A2C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll . [-] 2008-04-14 . A6C5A59628C1E6A5E7238DDB942F4DDD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2008-04-14 . 94B53C04B242E8D5E7F07B37619F6636 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll . [-] 2008-04-14 . E1DACEE13CAF8E118416399ABD2A08D9 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll . [-] 2008-04-14 . 2F331374433E3FE176BEE155D9BE83E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll . [-] 2008-04-14 . 034B4B1E882563562B35E1FAB279DEDF . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll . [-] 2008-04-14 . DA19147BEED619CAB738FE191BA0CD7C . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll . [-] 2008-04-14 . BB8363ABEC09AA2F9B363484E282117C . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe . [-] 2008-04-14 . 6B85F1A9DCE45D45BFFAD3222C21F297 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll . [-] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2008-04-14 . DF69726907357C3ADD243F48902B0331 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe . [-] 2008-04-14 . D34F635FF28F2AABEDC95BFEB891864C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll . [-] 2008-04-14 . D041DBDB9192A8B6EA7C6EA379F11255 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll . [-] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe . [-] 2008-04-14 . 15AE38B9AEED84C02EA0A3A9C76FEA02 . 151552 . . [5.1.2600.5512] . . c:\windows\regedit.exe . [-] 2008-04-13 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll [-] 2008-04-13 . 0AB23B85BF9E4EFFDB203199BC907552 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll . [-] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . [-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll . [-] 2008-04-14 . 9EDF54CE47BBA3E96A8C23253006D183 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe . [-] 2008-04-14 . 5526482DCBA6047641B13BF9C75A74E0 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll . [-] 2008-04-14 . BD5FEE908FDD9CB09AA3E78111AB1119 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll . [-] 2008-06-26 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . [-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys . [-] 2008-04-14 . F667A41BCED959988E53FEECC8BF5DA0 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll . [-] 2008-04-14 . 511886E5BD060046CCE8373E92E62EDF . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll . [-] 2008-04-14 . 5215569DD3A8FBC65A85E85F3C12258B . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll . [-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll . [-] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll . [-] 2008-04-14 . 9062ED05B7519324FD7F0D6AFB9D1147 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll . [-] 2008-04-14 . 49AC5CD87FBDDA62F3E25190019E7627 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-13 08:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys . [-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2008-04-14 . 3B32F662C8607E891F325E41F7EE225C . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll . [-] 2008-04-14 12:00 . C5B8FF892ECDBE965E1E3F47013E7917 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll . [-] 2008-04-14 12:00 . 89DB90B5F35D2795D9FC56D933CC72B8 . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll . [-] 2008-04-14 . 8057B0744D9842A090E51D2845861D5F . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll . [-] 2008-04-14 . D1308031093AE0FBCB903422E8E6C55E . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll . [-] 2008-04-14 . B595EA5D8E446E38AC7F3A0E65E33AA0 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll . [-] 2008-04-14 . 26F279B39B127844B266B201F6DEF9C0 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll . [-] 2008-04-14 12:00 . EEA7DDED2F11300B4B00C81D93A14898 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll . [-] 2008-04-14 . 3B90A7B999B837AB74C1669CE94F11E3 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll . [-] 2008-04-14 . DF664CCE822387D0CB6A35787B6DF6CD . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll . . [-] 2008-04-14 . B3E3DA70A7A76E69B872DE3D06D32C19 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll . [-] 2008-04-14 . 2969DD84B584A6BB541A5273103957A3 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll . [-] 2008-04-14 . 3B9263E137896E4D303494F116E00608 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll . [-] 2008-04-14 . 900D7BBEFCCC50A73B38E342B68D346A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll . [-] 2008-04-14 . 4E31240C4C96ADD76F6C5C63461156EE . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll . ((((((((((((((((((((((((((((( SnapShot_2012-04-11_21.15.19 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-12 16:46 . 2012-04-12 16:46 53248 c:\windows\Installer\{548904BC-BC37-4660-B8F8-6639A4D23520}\ARPPRODUCTICON.exe + 2012-01-03 07:45 . 2012-01-03 07:45 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\ViewerPS.dll + 2012-01-03 20:51 . 2012-01-03 20:51 37296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\reader_sl.exe + 2012-01-03 07:44 . 2012-01-03 07:44 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\PDFPrevHndlr.dll + 2012-01-03 20:15 . 2012-01-03 20:15 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\eula.exe + 2012-01-03 19:52 . 2012-01-03 19:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\acrotextextractor.exe + 2012-01-03 06:19 . 2012-01-03 06:19 16824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroRd32Info.exe + 2012-01-03 06:16 . 2012-01-03 06:16 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\acroiehelpershim.dll + 2012-01-03 06:16 . 2012-01-03 06:16 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroIEHelper.dll + 2009-01-06 08:41 . 2012-04-14 08:36 5536 c:\windows\system32\d3d9caps.dat + 2012-01-03 06:23 . 2012-01-03 06:23 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\pdfshell.dll + 2012-01-03 07:44 . 2012-01-03 07:44 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\PDFPrevHndlrShim.exe + 2012-01-03 06:22 . 2012-01-03 06:22 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\nppdf32.dll + 2012-01-03 07:43 . 2012-01-03 07:43 550360 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AdobeCollabSync.exe + 2012-01-03 06:40 . 2012-01-03 06:40 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroRdIF.dll + 2012-01-03 20:50 . 2012-01-03 20:50 357808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroRd32.exe + 2012-01-03 06:16 . 2012-01-03 06:16 665008 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroPDF.dll + 2012-01-03 07:38 . 2012-01-03 07:38 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\acrobroker.exe + 2012-01-03 07:08 . 2012-01-03 07:08 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\a3dutility.exe + 2012-04-12 16:46 . 2012-04-12 16:46 1357824 c:\windows\Installer\6081d.msi + 2012-03-27 15:47 . 2012-03-27 15:47 4959232 c:\windows\Installer\11223fb.msp + 2012-04-13 14:55 . 2012-04-13 14:55 3973632 c:\windows\Installer\1122376.msi + 2012-01-03 06:18 . 2012-01-03 06:18 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\rt3d.dll + 2011-11-17 14:50 . 2011-11-17 14:50 6543872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\authplay.dll + 2012-01-03 20:15 . 2012-01-03 20:15 20559288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B7449A0500000010\9.5.0\AcroRd32.dll . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\prxtbmyB2.dll" [2011-05-09 176936] "{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\prxtbPHP2.dll" [2011-05-09 176936] "{609368c3-88c6-4b9d-9f8e-28e29bbb6131}"= "c:\programmi\Max_IT\prxtbMax0.dll" [2011-05-09 176936] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\programmi\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programmi\DVDVideoSoft\prxtbDVD0.dll" [2011-05-09 176936] "{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\programmi\ooVoo_Video_Chat\prxtbooV0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}] . [HKEY_CLASSES_ROOT\clsid\{609368c3-88c6-4b9d-9f8e-28e29bbb6131}] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\PHPNukeIT\prxtbPHP2.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\Softonic-Eng7\prxtbSof0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{609368c3-88c6-4b9d-9f8e-28e29bbb6131}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\Max_IT\prxtbMax0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w- c:\programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\myBabylon_English\prxtbmyB2.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\ooVoo_Video_Chat\prxtbooV0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] 2011-05-09 09:49 176936 ----a-w- c:\programmi\DVDVideoSoft\prxtbDVD0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\prxtbmyB2.dll" [2011-05-09 176936] "{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}"= "c:\programmi\PHPNukeIT\prxtbPHP2.dll" [2011-05-09 176936] "{609368c3-88c6-4b9d-9f8e-28e29bbb6131}"= "c:\programmi\Max_IT\prxtbMax0.dll" [2011-05-09 176936] "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\programmi\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\programmi\DVDVideoSoft\prxtbDVD0.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] "{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\programmi\ooVoo_Video_Chat\prxtbooV0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}] . [HKEY_CLASSES_ROOT\clsid\{609368c3-88c6-4b9d-9f8e-28e29bbb6131}] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\prxtbmyB2.dll" [2011-05-09 176936] "{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF}"= "c:\programmi\PHPNukeIT\prxtbPHP2.dll" [2011-05-09 176936] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\programmi\Softonic-Eng7\prxtbSof0.dll" [2011-05-09 176936] "{609368C3-88C6-4B9D-9F8E-28E29BBB6131}"= "c:\programmi\Max_IT\prxtbMax0.dll" [2011-05-09 176936] "{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\programmi\ooVoo_Video_Chat\prxtbooV0.dll" [2011-05-09 176936] "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\programmi\DVDVideoSoft\prxtbDVD0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] . [HKEY_CLASSES_ROOT\clsid\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] . [HKEY_CLASSES_ROOT\clsid\{609368c3-88c6-4b9d-9f8e-28e29bbb6131}] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264] "Skype"="c:\programmi\Skype\Phone\Skype.exe" [2010-09-02 13351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "Cool Memo First Boob"="c:\documents and settings\All Users\Dati applicazioni\Bleh kind cool memo\Frag Size.exe" [2012-04-14 675840] "ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\programmi\Norton 360\osCheck.exe" [2008-02-26 988512] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696] "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112] "CDAServer"="c:\programmi\File comuni\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792] "NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "LWS"="c:\programmi\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "SearchSettings"="c:\programmi\File comuni\Spigot\Search Settings\SearchSettings.exe" [2012-04-12 980832] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Wireless Configuration Utility HW.14.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Wireless Configuration Utility HW.14.lnk backup=c:\windows\pss\Wireless Configuration Utility HW.14.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^UserXp^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk] path=c:\documents and settings\UserXp\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk backup=c:\windows\pss\Logitech . Registrazione prodotti.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 13:09 63712 ----a-w- c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2012-01-03 15:31 1391272 ----a-w- c:\programmi\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] 2008-03-20 10:04 2127296 ----a-w- c:\programmi\Gadu-Gadu\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10] 2011-07-04 17:45 13374048 ----a-w- c:\programmi\Gadu-Gadu 10\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-08 19:09 305440 ----a-w- c:\programmi\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid] 2010-10-29 20:06 5915480 ----a-w- c:\programmi\Logitech\Vid HD\Vid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 18:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2010-07-11 12:17 18707640 ----a-w- c:\programmi\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2009-12-30 11:57 289584 ----a-w- c:\programmi\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\uTorrent\\uTorrent.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\WINDOWS\\system32\\SUPDSvc2.exe"= "c:\\Programmi\\File comuni\\Common Desktop Agent\\CDASrv.exe"= "c:\\Programmi\\Samsung\\Easy Printer Manager\\IDS.Application.exe"= "c:\\Programmi\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"= "c:\\Programmi\\Samsung\\Easy Printer Manager\\IDSAlert.exe"= "c:\\Programmi\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"= "c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programmi\\Logitech\\Vid HD\\Vid.exe"= "c:\\Programmi\\UGS\\UGII\\ugraf.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2322:TCP"= 2322:TCP:fjqlwu "443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443 "443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443 "37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674 "37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674 "37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2009 10.51.02 717296] S2 acahn;Task Manager;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [12/04/2012 10.31.34 784792] S2 cdmmsfmyl;Center Network;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14.16.28 130384] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [14/01/2012 20.26.08 21992] S2 czfqw;Support Boot;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 gchqfzrho;Windows Shell;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 LiveUpdate Notice;LiveUpdate Notice;c:\programmi\File comuni\Symantec Shared\CCSVCHST.EXE [18/02/2008 14.37.20 149352] S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [11/08/2009 18.11.13 8192] S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [14/03/2011 8.36.08 5120] S2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\programmi\UGS\UGSLicensing\lmgrd.exe [07/07/2009 7.16.28 1510152] S2 wofkfam;Security Windows;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 xlbrd;Security Center;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S2 xvnum;Server Installer;c:\windows\system32\svchost.exe -k netsvcs [14/04/2008 14.00.00 14336] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/01/2008 21.32.00 23888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/02/2012 23.07.33 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/04/2012 14.08.46 22344] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/01/2009 10.41.14 47360] S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [25/07/2010 20.17.54 215040] S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [25/01/2012 14.05.34 136784] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/10/2002 9.57.12 13532] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14.16.28 753504] . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wofkfam acahn gchqfzrho xlbrd czfqw exirvgfu xvnum cdmmsfmyl . Contenuto della cartella 'Scheduled Tasks' . 2012-04-14 c:\windows\Tasks\AE99BA3B918A2ABB.job - c:\docume~1\userxp\datiap~1\phoneb~1\bikeloudcdrom.exe [2009-07-29 13:02] . 2012-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-884357618-1606980848-1003Core.job - c:\documents and settings\UserXp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-07-31 09:40] . 2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-884357618-1606980848-1003UA.job - c:\documents and settings\UserXp\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-07-31 09:40] . 2012-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programmi\Ask.com\UpdateTask.exe [2012-01-03 15:31] . . ------- Scansione supplementare ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363 mStart Page = hxxp://downloads.phpnuke.org/it/index.php?rvs=hompag uInternet Settings,ProxyOverride = 127.0.0.1;*.local IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\UserXp\Dati applicazioni\Mozilla\Firefox\Profiles\zgn1bjun.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://google.pl/ FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=it_IT&q= FF - Ext: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - c:\programmi\Mozilla Firefox\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} FF - Ext: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - c:\programmi\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} FF - Ext: PHPNukeIT Toolbar: {2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - %profile%\extensions\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - Ext: Max IT Toolbar: {609368c3-88c6-4b9d-9f8e-28e29bbb6131} - %profile%\extensions\{609368c3-88c6-4b9d-9f8e-28e29bbb6131} FF - Ext: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - %profile%\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-14 15:59 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . Ora fine scansione: 2012-04-14 16:02:46 ComboFix-quarantined-files.txt 2012-04-14 14:02 ComboFix2.txt 2012-04-11 21:19 ComboFix3.txt 2012-03-25 11:35 ComboFix4.txt 2012-03-24 21:59 ComboFix5.txt 2012-04-14 13:47 . Pre-Run: 878.493.696 byte disponibili Post-Run: 864.387.072 byte disponibili . - - End Of File - - B8C207AF77FB8EAC771988AACD6DF982