((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\wmp_translation_file.xml
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\uninst.exe
c:\program files\webmediaplayer\WebMediaPlayer.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Condizioni generali.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Disinstalla.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Riservatezza.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\users\Public\Desktop\webmediaplayer.lnk
c:\users\Tino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Creati Da 2008-11-06 al 2008-12-06 )))))))))))))))))))))))))))))))))))
.
2008-12-06 02:05 . 2008-12-06 02:05 <DIR> d-------- c:\program files\KENWOOD
2008-12-06 02:05 . 2005-03-11 10:36 430,080 --a------ c:\windows\System32\Util.dll
2008-12-06 02:05 . 2005-06-29 02:16 405,504 --a------ c:\windows\System32\kwdga7sp.dll
2008-12-06 02:05 . 2005-04-01 01:22 266,240 --a------ c:\windows\System32\kittyS01.dll
2008-12-06 02:05 . 2004-05-08 13:56 164,256 -ra------ c:\windows\System32\SPSSYS.SYS
2008-12-06 02:05 . 2004-05-08 13:56 164,256 --a------ c:\windows\System32\drivers\spssys.sys
2008-12-06 02:05 . 2005-08-16 08:31 98,304 --a------ c:\windows\System32\libfdbio.dll
2008-12-06 02:05 . 2002-01-18 03:04 36,864 --a------ c:\windows\System32\DrvInstall.exe
2008-12-06 02:05 . 2002-01-18 03:04 32,768 --a------ c:\windows\System32\DrvUninstall.exe
2008-12-06 02:05 . 2002-01-31 06:52 1,721 -ra------ c:\windows\System32\SPSSYS.INF
2008-12-06 00:00 . 2008-12-06 00:01 <DIR> d-------- c:\users\All Users\NOS
2008-12-06 00:00 . 2008-12-06 00:01 <DIR> d-------- c:\programdata\NOS
2008-12-06 00:00 . 2008-12-06 00:00 <DIR> d-------- c:\program files\NOS
2008-12-05 23:38 . 2008-12-05 23:38 <DIR> d-------- c:\program files\Safer Networking
2008-12-05 23:10 . 2008-12-06 10:54 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-05 23:10 . 2008-12-06 10:54 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-05 23:10 . 2008-12-06 10:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 23:09 . 2008-12-07 00:52 <DIR> dr-hs---- C:\Recycled
2008-12-05 00:45 . 2008-12-05 00:45 <DIR> d-------- c:\program files\Telecom Italia
2008-12-04 17:37 . 2008-12-04 17:40 32,768 --a------ c:\windows\System32\Ikeext.etl
2008-11-30 04:02 . 2008-11-30 04:02 <DIR> d-------- c:\users\All Users\wmp
2008-11-30 04:02 . 2008-11-30 04:02 <DIR> d-------- c:\programdata\wmp
2008-11-20 00:16 . 2008-11-20 00:16 <DIR> d-------- c:\users\Tino\AppData\Roaming\Template
2008-11-20 00:16 . 2008-11-20 00:16 38 --a------ c:\users\Tino\AppData\Roaming\wklnhst.dat
2008-11-15 23:29 . 2008-11-15 23:29 <DIR> d-------- c:\program files\ToniArts
2008-11-15 23:21 . 2008-11-15 23:21 <DIR> d-------- c:\program files\Aventail
2008-11-06 04:42 . 2008-11-06 04:42 <DIR> d-------- C:\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 23:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-04 22:57 --------- d-----w c:\program files\Google
2008-11-11 09:59 --------- d-----w c:\users\Tino\AppData\Roaming\EPSON
2008-10-16 20:13 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-16 20:12 --------- d-----w c:\programdata\UDL
2008-10-16 20:10 --------- d-----w c:\program files\epson
2008-10-16 20:04 --------- d-----w c:\programdata\EPSON
2008-10-10 22:01 --------- d-----w c:\program files\QuickTime
2008-10-10 22:00 --------- d-----w c:\programdata\Apple Computer
2008-10-10 22:00 --------- d-----w c:\program files\Common Files\Apple
2008-09-25 03:18 53,448 ----a-w c:\windows\System32\wuauclt.exe
2008-09-25 03:18 45,768 ----a-w c:\windows\System32\wups2.dll
2008-09-25 03:18 1,811,656 ----a-w c:\windows\System32\wuaueng.dll
2008-09-25 03:18 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-09-25 03:17 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-09-25 03:17 563,912 ----a-w c:\windows\System32\wuapi.dll
2008-09-25 03:17 36,552 ----a-w c:\windows\System32\wups.dll
2008-09-25 03:16 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-09-25 03:16 163,904 ----a-w c:\windows\System32\wuwebv.dll
2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{48720D9E-8950-4866-BFA9-8F96F9AFAF02}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{9A3DFC7B-A906-496E-8AB0-BB80065F6661}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"TCP Query User{53E27F0E-5518-40D1-BC95-FBAEF3EA0718}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{33AE4836-07AE-42D3-B274-7AD45B87C470}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{8A2B8590-FCF8-4ED7-B8A8-6E778DC8B6CC}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D13A4E40-9854-4C07-8FD1-E48A5C2FD223}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 Spssys;Toshiba SPS Service;c:\windows\system32\drivers\spssys.sys [2008-12-06 164256]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-06 33752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9befc622-c316-11dd-a04d-0016d4e7c7b3}]
\shell\AutoRun\command - f:\install\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d19cb981-8a73-11dd-8a33-0016d4e7c7b3}]
\shell\auto\command - F:\Knight.exe open
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Knight.exe open
\shell\explore\command - F:\Knight.exe open
\shell\find\command - F:\Knight.exe open
\shell\install\command - F:\Knight.exe open
\shell\open\command - F:\Knight.exe open
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-AliceRV_McciTrayApp - c:\program files\Alice ti aiuta\McciTrayApp.exe
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://it.yahoo.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: Ricerca - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E} = 85.37.17.14 85.38.28.78
c:\windows\Downloaded Program Files\EPUWALcontrol.dll - O16 -: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}
hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cabc:\windows\Downloaded Program Files\EPUWALcontrol.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-07 00:54:47
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-12-07 0.56.06
ComboFix-quarantined-files.txt 2008-12-06 23:56:04