ComboFix 09-03-13.02 - Riccardo Morsillo 2009-03-14 12.42.56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.216 [GMT 1:00]
Eseguito da: c:\documents and settings\Riccardo Morsillo\Desktop\ajeje.exe
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Riccardo Morsillo\Dati applicazioni\inst.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-02-14 al 2009-03-14 )))))))))))))))))))))))))))))))))))
.
2009-03-14 12:37 . 2009-03-14 12:41 <DIR> d-------- C:\32788R22FWJFW
2009-03-12 21:01 . 2008-04-14 03:13 219,648 --a------ c:\windows\system32\uxtheme.dll.backup
2009-03-12 21:00 . 2009-03-12 21:04 <DIR> d--h----- c:\windows\NiwradSoft Shell Pack
2009-03-12 20:35 . 2009-03-12 20:35 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-03-12 20:35 . 2009-03-12 20:35 <DIR> d-------- c:\documents and settings\Riccardo Morsillo\Dati applicazioni\Malwarebytes
2009-03-12 20:35 . 2009-03-12 20:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-12 20:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-12 20:35 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 18:44 . 2009-01-09 20:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 20:26 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-02-24 20:26 . 2009-02-24 20:26 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 20:26 . 2009-02-24 20:26 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-23 20:18 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-02-23 20:18 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-02-23 20:18 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-02-23 20:18 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-02-23 20:18 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-23 20:18 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-23 20:17 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys
2009-02-23 20:17 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys
2009-02-21 22:21 . 2009-02-21 22:24 1,014 --a------ c:\windows\_ISENV31.INI
2009-02-21 12:16 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-21 12:04 . 2009-02-21 12:15 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-21 12:03 . 2009-02-21 12:03 <DIR> d-------- c:\programmi\Reference Assemblies
2009-02-21 12:02 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-21 12:02 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 12:02 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 12:02 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-21 12:02 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 12:02 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-21 12:02 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-15 15:59 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-15 15:59 . 2009-02-09 15:04 1,846,784 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-15 15:59 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-15 15:59 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-15 15:58 . 2008-08-14 14:22 2,354,048 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-15 15:58 . 2008-08-14 14:22 2,230,912 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-15 15:58 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-15 15:58 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-15 15:58 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-15 15:58 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-15 15:58 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-14 17:28 . 2009-02-14 17:28 <DIR> d-------- c:\windows\system32\it
2009-02-14 17:28 . 2009-02-14 17:28 <DIR> d-------- c:\windows\l2schemas
2009-02-14 16:42 . 2008-04-14 03:13 69,120 --------- c:\windows\system32\wlanapi.dll
2009-02-14 16:41 . 2008-04-14 03:13 293,888 --------- c:\windows\system32\qagentrt.dll
2009-02-14 16:41 . 2008-04-14 03:13 150,528 --------- c:\windows\system32\qagent.dll
2009-02-14 16:41 . 2008-04-14 03:13 144,896 --------- c:\windows\system32\onex.dll
2009-02-14 16:41 . 2008-04-14 03:13 76,800 --------- c:\windows\system32\qutil.dll
2009-02-14 16:41 . 2008-04-14 03:13 62,464 --------- c:\windows\system32\qcliprov.dll
2009-02-14 16:41 . 2008-04-14 03:13 61,952 --------- c:\windows\system32\rasqec.dll
2009-02-14 16:41 . 2008-04-14 03:13 50,688 --------- c:\windows\system32\tspkg.dll
2009-02-14 16:41 . 2008-04-14 03:14 32,768 --------- c:\windows\system32\setupn.exe
2009-02-14 16:41 . 2008-04-13 19:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-02-14 16:39 . 2008-04-14 03:13 651,264 --------- c:\windows\system32\dot3ui.dll
2009-02-14 16:39 . 2008-04-14 03:13 233,472 --------- c:\windows\system32\azroles.dll
2009-02-14 16:39 . 2008-04-14 03:13 133,120 --------- c:\windows\system32\dot3svc.dll
2009-02-14 16:39 . 2008-04-14 03:13 59,904 --------- c:\windows\system32\dot3cfg.dll
2009-02-14 16:39 . 2008-04-14 03:13 56,832 --------- c:\windows\system32\dot3msm.dll
2009-02-14 16:39 . 2008-04-14 03:13 48,640 --------- c:\windows\system32\dhcpqec.dll
2009-02-14 16:39 . 2008-04-14 03:13 39,936 --------- c:\windows\system32\dot3gpclnt.dll
2009-02-14 16:39 . 2008-04-14 03:13 39,936 --------- c:\windows\system32\dimsroam.dll
2009-02-14 16:39 . 2008-04-14 03:13 26,112 --------- c:\windows\system32\dot3api.dll
2009-02-14 16:39 . 2008-04-14 03:13 19,456 --------- c:\windows\system32\dimsntfy.dll
2009-02-14 16:39 . 2008-04-14 03:13 12,800 --------- c:\windows\system32\credssp.dll
2009-02-14 16:39 . 2008-04-14 03:13 9,216 --------- c:\windows\system32\dot3dlg.dll
2009-02-14 16:39 . 2008-04-14 03:13 7,168 --------- c:\windows\system32\bitsprx4.dll
2009-02-14 13:16 . 2003-08-12 21:32 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-02-14 13:16 . 2003-08-12 13:16 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-02-14 13:16 . 2003-08-12 11:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-02-14 13:16 . 2003-08-12 11:34 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-02-14 13:16 . 2003-08-12 15:59 <DIR> dr------- c:\documents and settings\Administrator\Preferiti
2009-02-14 13:16 . 2003-08-12 19:38 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-02-14 13:16 . 2003-08-12 11:34 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-02-14 13:16 . 2009-03-14 12:45 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-02-14 13:16 . 2009-02-14 15:12 <DIR> dr------- c:\documents and settings\Administrator\Documenti
2009-02-14 13:16 . 2003-08-12 21:41 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\InterTrust
2009-02-14 13:16 . 2003-11-12 13:00 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\CyberLink
2009-02-14 13:16 . 2003-11-10 13:07 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Ahead
2009-02-14 13:16 . 2003-11-10 13:05 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-02-14 13:16 . 2009-02-14 15:11 <DIR> d-------- c:\documents and settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 11:46 712,736 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-14 11:46 4,564 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-14 11:46 25,508 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-14 11:46 2,992,672 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-14 11:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-03-11 15:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-23 19:18 --------- d-----w c:\programmi\Nokia
2009-02-23 19:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-02-23 19:14 --------- d-----w c:\programmi\File comuni\Nokia
2009-02-21 11:04 --------- d-----w c:\programmi\MSBuild
2009-02-14 14:40 --------- d-----w c:\programmi\AviSynth 2.5
2009-02-14 14:37 --------- d-----w c:\programmi\EA Sports
2009-02-14 14:37 --------- d-----w c:\programmi\d2mp
2009-02-14 14:31 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-10 12:55 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 17:26 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:26 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-26 21:25 --------- d-----w c:\programmi\File comuni\xing shared
2009-01-26 21:25 --------- d-----w c:\programmi\File comuni\Real
2009-01-24 15:59 --------- d-----w c:\programmi\CCleaner
2009-01-23 15:56 --------- d-----w c:\documents and settings\Riccardo Morsillo\Dati applicazioni\uTorrent
2008-06-01 10:47 47,360 ----a-w c:\documents and settings\Riccardo Morsillo\Dati applicazioni\pcouffin.sys
.
------- Sigcheck -------
2007-10-11 07:11 668672 fded5964ccfcfa72f70ccfcc8c29bbbb c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 00:21 825344 714d8a2b05b2aaf0c6a39241a1ed914f c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:40 825344 39ccda0e9b778792b06c1b9d794a9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 13:34 827392 93db90be4a10ec784ddc9c8601a28aa6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 05:19 827392 fe184a2b736f216ccc22abeebb40787d c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 16:39 827904 bf9d17259082632f03f3ff5759c6ae32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 10:08 827904 8e694ec9da095e518d9447b3293208ea c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:32 827904 f303cfed3d8b8348a54f7a53ddc7cca0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-12-21 00:47 827904 3f7320e0f75f2b5a7a9ad32aea08bf21 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
2004-08-19 23:39 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtServicePackUninstall$\wininet.dll
2007-10-11 07:11 668672 fded5964ccfcfa72f70ccfcc8c29bbbb c:\windows\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:49 824832 419a6f3d56e469bcbe71128a78463da4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:04 824832 ed2a73ab0eba3c4cb6794077cd09ec95 c:\windows\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 13:58 826368 61d4f43d26ec9d21beb6f38f22b396ab c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 05:16 826368 c1089010bcc3fd01056d26e9a36bbb79 c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 17:15 826368 4b54220877703198e55f61cb7b87979e c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 08:57 826368 d590241cadec69a1bc157dc0452c92d1 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-10-16 21:04 826368 a4c79606c0d9835e8a5a8e5e5804ae60 c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-12-20 23:31 826368 ef1520f95dd25f48c18502005f5ee995 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
2008-12-20 23:31 892928 5cc20adeba30f3bee1a5ce3f7b436347 c:\windows\ServicePackFiles\i386\wininet.dll
2007-10-11 00:49 824832 419a6f3d56e469bcbe71128a78463da4 c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2GDR\wininet.dll
2007-10-11 00:21 825344 714d8a2b05b2aaf0c6a39241a1ed914f c:\windows\SoftwareDistribution\Download\1c14e97b01d30a709525f52a6a4b1ed1\SP2QFE\wininet.dll
2008-12-20 23:31 892928 5cc20adeba30f3bee1a5ce3f7b436347 c:\windows\system32\wininet.dll
2008-12-20 23:31 892928 5cc20adeba30f3bee1a5ce3f7b436347 c:\windows\system32\dllcache\wininet.dll
2005-03-02 19:06 2060544 8f485cf9683f1220ba27d10281052fce c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 19:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 17:06 2063104 f89d8e24fbe047506d60b850d00bdee3 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 14:37 2066688 b3d66020c1667d33c3429869b191bb13 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 18:25 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-08-14 14:42 2061440 4220d4263c7d56a5c2ef425c36eeb8a7 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2002-09-10 13:00 1951488 bef043d997d522c12ad79e7bf7b60d6b c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:22 2069760 93fb9d817b37df1191b73db7bc2f4006 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
2008-08-14 14:22 2230912 d106785caa17c9e41453218392dda2fc c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-08-14 14:22 2230912 d106785caa17c9e41453218392dda2fc c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:22 2230912 d106785caa17c9e41453218392dda2fc c:\windows\system32\dllcache\ntkrnlpa.exe
2005-03-02 19:07 2183040 84e6643db22c06128576afbf89dfee70 c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 19:12 2183296 c120a33c71e706545cf26d6276bc0344 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 17:06 2185856 763ea08993b467a3af048ef185b1f805 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 14:37 2189696 943548e50ab0443f1b1ec5f2c2867fcd c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 18:25 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-08-14 14:42 2184064 da01088ad01bf30a0aebb62f99e04bc7 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2002-09-10 13:00 2045824 5c9903714483776b7764f2622961fa27 c:\windows\$NtUninstallQ811493$\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:22 2192896 0f93d9366b222d63f9402f7ed45cf2a4 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
2008-08-14 14:22 2354048 f7d07c22c5e6a95a57ed867a8d256674 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 14:22 2354048 f7d07c22c5e6a95a57ed867a8d256674 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:22 2354048 f7d07c22c5e6a95a57ed867a8d256674 c:\windows\system32\dllcache\ntoskrnl.exe
2008-04-14 03:14 1543168 1b4f6f268dfc036b83495269b927e053 c:\windows\explorer.exe
2007-06-13 14:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1035776 7e2817a623e16f830b660f81c0fd63da c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
2008-04-14 03:14 1543168 1b4f6f268dfc036b83495269b927e053 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 201992]
"CHotkey"="mHotkey.exe" [2002-07-23 c:\windows\mHotkey.exe]
"Dit"="Dit.exe" [2002-08-28 c:\windows\Dit.exe]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 c:\windows\CMICNFG.CPL]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 1000 series.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= AvidAVICodec.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Riccardo Morsillo^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Riccardo Morsillo\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a--c--- 2008-02-14 00:09 486856 c:\programmi\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 11:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 15:21 1449984 c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30871:TCP"= 30871:TCP:torrent
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R2 LogWatch;Event Log Watch;c:\programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S3 CA_LIC_CLNT;CA License Client;c:\programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-02-23 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-02-23 8320]
.
Contenuto della cartella 'Scheduled Tasks'
2008-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-05-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1202829548.job
- c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: AMV convert tool grab multimedia file - c:\programmi\MP3 Player Utilities 5.02\AMVConverter\grab.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Riccardo Morsillo\Dati applicazioni\Mozilla\Firefox\Profiles\zgy6wq0r.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-14 12:48:41
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\DitExp.exe
c:\windows\system32\rundll32.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-14 12:58:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-14 11:57:51
Pre-Run: 40.865.693.696 byte disponibili
Post-Run: 40,745,558,016 byte disponibili
319 --- E O F --- 2009-03-14 11:38:26