ComboFix 09-04-21.A7 - Administrator 21/04/2009 17.55.56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.105 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: avast! antivirus 4.7.892 [VPS 0639-1] *On-access scanning disabled* (Outdated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Dati applicazioni\Starware356
c:\documents and settings\Administrator\Dati applicazioni\Starware356\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_4\Button_4Options.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_4\Button_4Options.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_5\Button_5Options.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_5\Button_5Options.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_6\Button_6Options.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Button_6\Button_6Options.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Cerca_ricette\Cerca_ricetteOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Cerca_ricette\Cerca_ricetteOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Configurator\Configurator.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Configurator\Configurator.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Layouts\ToolbarLayout.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Manager\ManagerOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Manager\ManagerOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Recipe_RSS\Recipe_RSSOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Recipe_RSS\Recipe_RSSOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Toolbar\TBProductsOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware356\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware356\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371
c:\documents and settings\Administrator\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Games\GamesOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Games\GamesOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Games\images\active\Games0.bmp
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Lyrics_IT\Lyrics_ITOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Lyrics_IT\Lyrics_ITOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Music_Search_IT\Music_Search_ITOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Music_Search_IT\Music_Search_ITOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Administrator\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware356
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\592_button_1b_def.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\592_button_1b_over.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\598_button_1b_def.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\Button_40.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\Button_50.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\Button_60.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\FindIt.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\FindItHot.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\findithotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\finditxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\logo.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\buttons\logoxp.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware356\contexts\error.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\contexts\Related.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\contexts\Travel.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware356\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware371
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\findit_music.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\Highlight.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\highlighthotxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\highlightxp.png
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\logo.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\logoxp.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\lyrics.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\music_search.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\buttons\radio.bmp
c:\documents and settings\All Users\Dati applicazioni\Starware371\contexts\error.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\contexts\related.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\contexts\travel.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Dati applicazioni\Starware371\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Dati applicazioni\Starware371\U0040B54E.exe
c:\programmi\Starware371
c:\programmi\Starware371\bin\Starware371.dll
c:\programmi\Starware371\brand.bmp
c:\programmi\Starware371\icons\star_16.ico
c:\programmi\Starware371\Starware371Config.xml
c:\programmi\Starware371\Starware371Uninstall.exe
c:\windows\emMON.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\Cache
.
((((((((((((((((((((((((( Files Creati Da 2009-03-21 al 2009-04-21 )))))))))))))))))))))))))))))))))))
.
2009-04-21 15:53 . 2009-04-21 15:53 -------- d-----w c:\windows\LastGood
2009-04-19 16:17 . 2009-04-19 16:17 -------- d-----w c:\windows\IIS Temporary Compressed Files
2009-04-19 16:16 . 2004-08-19 12:00 9216 ----a-w c:\windows\system32\dllcache\wamps51.dll
2009-04-19 16:16 . 2004-08-19 12:00 9216 ----a-w c:\windows\system32\dllcache\iwrps.dll
2009-04-19 16:16 . 2004-08-19 12:00 74240 ----a-w c:\windows\system32\dllcache\w3ext.dll
2009-04-19 16:16 . 2004-08-19 12:00 20992 ----a-w c:\windows\system32\dllcache\permchk.dll
2009-04-19 16:16 . 2004-08-19 12:00 16896 ----a-w c:\windows\system32\dllcache\status.dll
2009-04-19 16:12 . 2009-04-19 16:16 -------- d-----w C:\Inetpub
2009-04-19 14:36 . 2009-04-19 14:36 0 ----a-w c:\windows\nsreg.dat
2009-04-19 14:36 . 2009-04-19 14:36 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2009-04-19 12:52 . 2009-04-19 12:55 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-16 15:06 . 2009-04-16 15:06 9369 ----a-w c:\windows\FastWeb.rtf
2009-04-16 15:06 . 2009-04-16 15:06 4014 ----a-r c:\windows\FastWeb.ini
2009-04-16 15:06 . 2009-04-16 15:06 1588 ----a-w c:\windows\FWIPConf.out
2009-04-16 15:05 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 15:05 . 2009-03-06 14:19 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 15:05 . 2009-02-09 11:22 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 15:05 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 15:05 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 15:05 . 2009-02-09 10:51 683520 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 15:05 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 15:05 . 2009-02-09 10:51 734720 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 15:05 . 2009-02-09 10:51 736256 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 15:05 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 15:03 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 15:03 . 2008-04-21 21:14 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 10:58 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\AVS4YOU
2009-04-10 10:58 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-04-10 10:54 . 2009-01-28 18:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-10 10:54 . 2009-01-28 18:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-06 21:50 . 2009-04-12 06:24 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-04-06 21:48 . 2009-04-06 21:48 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Windows Search
2009-04-06 21:40 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-06 21:38 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-06 21:27 . 2009-04-06 21:27 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Windows Desktop Search
2009-04-06 21:26 . 2009-04-06 21:26 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-06 21:25 . 2008-03-07 17:02 98304 ------w c:\windows\system32\dllcache\nlhtml.dll
2009-04-06 21:25 . 2008-03-07 17:02 29696 ------w c:\windows\system32\dllcache\mimefilt.dll
2009-04-06 21:25 . 2008-03-07 17:02 192000 ------w c:\windows\system32\dllcache\offfilt.dll
2009-04-06 21:09 . 2009-01-09 19:19 1090181 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-06 20:50 . 2009-04-06 20:50 -------- d-----w C:\2f473910b2ebdc89b6fcfe47f5a4f12f
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 15:45 . 2008-03-12 13:03 -------- d-----w c:\documents and settings\Administrator\Dati applicazioni\WTablet
2009-04-19 16:17 . 2004-08-30 10:50 571252 ----a-w c:\windows\system32\perfh010.dat
2009-04-19 16:17 . 2004-08-30 10:50 111998 ----a-w c:\windows\system32\perfc010.dat
2009-04-19 12:52 . 2009-04-19 12:52 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-12 09:03 . 2009-04-12 08:08 -------- d-----w c:\programmi\Live_TV
2009-04-12 08:17 . 2009-04-10 10:54 -------- d-----w c:\programmi\AVS4YOU
2009-04-12 08:17 . 2009-04-10 10:55 -------- d-----w c:\programmi\File comuni\AVSMedia
2009-04-11 09:52 . 2007-06-08 23:06 437587 ----a-w C:\DCRawData.LOG
2009-04-10 09:04 . 2007-01-09 22:19 -------- d-----w c:\programmi\AdunanzA
2009-04-06 21:47 . 2005-07-01 08:47 29760 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-06 21:40 . 2008-04-08 05:21 -------- d-----w c:\programmi\Windows Live
2009-04-06 21:39 . 2009-04-06 21:39 -------- d-----w c:\programmi\Microsoft Sync Framework
2009-04-06 21:38 . 2009-04-06 21:38 -------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2009-04-06 21:34 . 2009-04-06 21:34 -------- d-----w c:\programmi\Microsoft
2009-04-06 21:33 . 2009-04-06 21:33 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-04-06 21:28 . 2009-04-06 21:28 -------- d-----w c:\programmi\File comuni\Windows Live
2009-04-06 21:27 . 2009-04-06 21:27 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-06 21:26 . 2009-04-06 21:26 -------- d-----w c:\programmi\Windows Desktop Search
2009-03-21 14:06 . 2009-03-21 14:06 1033728 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-10 20:18 . 2006-06-19 14:19 970112 ------w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 20:18 . 2006-06-19 14:20 265088 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 14:19 . 2004-08-19 08:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-05-10 05:23 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:03 . 2004-08-19 08:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 11:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-19 16:38 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 02:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 02:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-10 17:02 . 2008-11-13 06:02 2069760 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-10 17:02 . 2004-08-19 08:00 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2008-11-13 06:02 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2004-08-19 08:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2008-11-13 06:02 2192768 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:23 . 2004-08-19 08:00 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-11-13 06:02 2027520 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:22 . 2008-11-13 06:02 2148864 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2004-08-19 08:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 08:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 08:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 08:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 08:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 18:01 . 2009-02-06 18:01 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2004-08-19 08:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2004-08-19 08:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-11-27 23:37 . 2007-11-27 23:37 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2005-04-18 16:57 . 2005-04-18 16:57 142 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-01-16 23:19 . 2009-01-16 23:19 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012009011720090118\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-01-04 81920]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bit4id store register"="c:\windows\system32\bit4cnsp.dll" [2007-03-02 155648]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-12-21 185896]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"GemCSP RegTool"="c:\windows\system32\RegTool.exe" [2002-10-03 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 108160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2004-10-26 569405]
Gestione servizi.lnk - c:\programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Motorola Desktop Suite mRouter Config.lnk - c:\programmi\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe [2007-4-13 159744]
Motorola Desktop Suite.lnk - c:\programmi\Motorola\Motorola Desktop Suite\DesktopSuite.exe [2007-4-13 532480]
siscmon.lnk - c:\windows\system32\siscmon.exe [2008-11-17 147456]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 1.1.3.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 1.1.3.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^DVD Check.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=2 (0x2)
"SharedAccess"=2 (0x2)
"srservice"=2 (0x2)
"WmcCdsLs"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\DRIVERS\TwkUsb2K.sys [2004-09-10 35336]
R3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 QCAbsee;Logitech QuickCam Web(PID_0801);c:\windows\system32\DRIVERS\LVCA.sys [2001-09-24 31232]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2004-04-06 64088]
R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2005-12-15 46848]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\DRIVERS\TWKSER2K.sys [2004-08-25 185611]
S0 TwkMs;CHIPDRIVE Mouse Adapter; [x]
S0 vburner;vburner;c:\windows\system32\DRIVERS\vburner.sys [2007-08-10 15872]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2004-05-03 80384]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42563cb-0fed-11dd-951f-001560b5f419}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42563cc-0fed-11dd-951f-001560b5f419}]
\Shell\AutoRun\command - E:\StartVMCLite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42563e4-0fed-11dd-951f-001560b5f419}]
\Shell\1\Command - E:\autorun.pif
\Shell\2\Command - E:\autorun.pif
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2626529-b1c9-11dd-9547-001560b5f419}]
\Shell\AutoRun\command - 6.bat
\Shell\explore\Command - 6.bat
\Shell\open\Command - 6.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e262652a-b1c9-11dd-9547-001560b5f419}]
\Shell\AutoRun\command - 6.bat
\Shell\explore\Command - 6.bat
\Shell\open\Command - 6.bat
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-13 c:\windows\Tasks\AeX Local Job 1288.job
- c:\programmi\Altiris\eXpress\Client Recovery Agent\AeXCmd.exe [2004-11-23 13:04]
2009-04-11 c:\windows\Tasks\AeX Local Job 1290.job
- c:\programmi\Altiris\eXpress\Client Recovery Agent\AeXCmd.exe [2004-11-23 13:04]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-WebCamRT.exe - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://it.altavista.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 10.1.1.2:3128
uInternet Settings,ProxyOverride = <local>
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} -
hxxp://www.crs.lombardia.it/components/ ... tadino.cabDPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} -
hxxp://www.crs.lombardia.it/components/ ... Update.cabDPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} -
hxxp://www.crs.lombardia.it/components/OcxCrsInfo.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-21 17:59
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\windows\TEMP\Cookies
c:\windows\TEMP\Cookies\index.dat 16384 bytes
c:\windows\TEMP\Cronologia
c:\windows\TEMP\Cronologia\History.IE5
c:\windows\TEMP\Cronologia\History.IE5\desktop.ini 113 bytes
c:\windows\TEMP\Cronologia\History.IE5\index.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_20c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_580.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_714.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7e0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7e8.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7f0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7f4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7f8.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_7fc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_828.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_84.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_8c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_9bc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_b4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_c0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_c4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_760.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_c8.dat 16384 bytes
Scansione completata con successo
Files nascosti: 24
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9f,29,b8,f1,5c,
71,d6,43,c8,28,51,af,b0,29,a3,98,24,ab,5a,c7,b4,f9,1d,24,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,db,47,84,2b,3d,
26,0d,47,71,3b,04,66,8b,46,0d,96,ab,c8,4a,8a,a1,56,6c,66,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3f,f7,21,24,8c,
4a,d4,cb,25,da,ec,7e,55,20,c9,26,31,e7,69,c9,89,0f,c9,e5,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,12,fe,a0,40,a1,
77,56,78,3e,1e,9e,e0,57,5a,93,61,44,53,90,70,23,13,50,2d,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,46,33,95,5a,5e,
85,05,db,cd,44,cd,b9,a6,33,6c,cd,db,60,5e,b6,22,af,93,4a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,d1,4d,7c,a0,e7,
a9,e5,c5,b0,18,ed,a7,3f,8d,37,a4,68,49,53,8e,69,b0,c3,74,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,40,ea,26,6c,89,
01,f9,23,31,77,e1,ba,b1,f8,68,02,be,67,eb,40,e2,2b,1a,65,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,72,13,00,74,03,
6a,cc,ac,83,6c,56,8b,a0,85,96,ab,9c,11,eb,f1,f9,85,0e,05,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,61,29,ad,d8,cb,
af,cb,02,51,fa,6e,91,28,9e,14,cc,8b,10,8e,62,fa,cf,82,00,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,65,09,cf,6e,d9,
9e,8a,aa,b1,cd,45,5a,a8,c4,f8,b9,a0,ea,f8,7d,d9,d4,07,24,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1b,88,cc,74,91,
24,d7,08,e3,0e,66,d5,eb,bc,2f,6b,bd,28,e8,63,4a,c4,a2,7a,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c9,be,8f,9a,a6,
f2,f5,84,fa,ea,66,7f,d4,3b,6b,70,7a,23,d4,d1,63,8b,e7,ec,6c,43,2d,1e,aa,22,\
.
Ora fine scansione: 2009-04-21 18.02.12
ComboFix-quarantined-files.txt 2009-04-21 16:01
Pre-Run: 4.984.922.112 byte disponibili
Post-Run: 6.251.503.616 byte disponibili
426 --- E O F --- 2009-04-16 15:20