ComboFix 09-05-25.05 - Grishnackh 26/05/2009 10.16.07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.736.509 [GMT 2:00]
Eseguito da: c:\documents and settings\Grishnackh\Desktop\loretta.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\aecoy.dat
c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\aecoy.exe
c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\aecoy_nav.dat
c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\aecoy_navps.dat
C:\update.exe
c:\windows\ld08.exe
c:\windows\system32\121973
c:\windows\system32\121973\121973.dll
c:\windows\system32\547372
c:\windows\system32\547372\547372.dll
c:\windows\system32\870159
c:\windows\system32\870159\870159.dll
c:\windows\system32\aef3fee.dll
c:\windows\system32\ccrlmv.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACrqjeyxmpewprrsk.sys
c:\windows\system32\fccccCVn.dll
c:\windows\system32\hcfiistw.dll
c:\windows\system32\hszkwl.dll
c:\windows\system32\hwudca.dll
c:\windows\system32\LegitCheckControl.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmljbwby.dll
c:\windows\system32\msssc.dll
c:\windows\system32\nVCccccf.ini
c:\windows\system32\nVCccccf.ini2
c:\windows\system32\Packet.dll
c:\windows\system32\qdijwpap.dll
c:\windows\system32\svdhost.exe
c:\windows\system32\svghost.exe
c:\windows\system32\SYS32DLL.exe
c:\windows\system32\SYSDLL.exe
c:\windows\system32\UACbblsfooprvoyujb.dll
c:\windows\system32\UACbbwrpfpvdyjoivv.log
c:\windows\system32\UACborecpitadlvtvv.dll
c:\windows\system32\UACcodppuynbmnmoyr.log
c:\windows\system32\UAChjnrkttxupkhmwn.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClcdoequholalpyb.log
c:\windows\system32\UAClgxubqakftkbtmj.dat
c:\windows\system32\UACsqadbaaiwjmeukh.dll
c:\windows\system32\UACylkmrsdpqoyrtky.dll
c:\windows\system32\udebjicp.dll
c:\windows\system32\uujgxymd.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xelhvk.dll
c:\windows\system32\xxyxXRkl.dll
c:\windows\system32\yayxusPF.dll
c:\windows\system32\yjmbakyt.dll
c:\windows\system32\yphjeu.dll
c:\windows\system32\zfupby.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2009-04-26 al 2009-05-26 )))))))))))))))))))))))))))))))))))
.
2009-05-26 08:20 . 2009-05-26 08:20 -------- d-----w c:\windows\system32\xircom
2009-05-26 08:20 . 2009-05-26 08:20 -------- d-----w c:\programmi\microsoft frontpage
2009-05-26 07:51 . 2009-05-26 07:51 -------- d-----w c:\windows\system32\sysloc
2009-05-25 12:18 . 2009-05-25 12:18 -------- d-----w c:\programmi\VS Revo Group
2009-05-24 22:23 . 2009-05-24 22:28 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\IObit
2009-05-24 22:23 . 2009-05-24 22:23 -------- d-----w c:\programmi\IObit
2009-05-24 21:15 . 2009-05-25 08:16 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-24 21:09 . 2008-12-03 23:25 120832 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-24 12:40 . 2009-05-24 13:33 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\BloodTies
2009-05-24 12:39 . 2009-05-24 12:40 -------- d-----w c:\programmi\Blood Ties
2009-05-24 12:37 . 2009-05-24 12:37 -------- d-----w c:\windows\Little Shop - City Lights [h33t] [oi812heet]
2009-05-23 20:07 . 2009-05-23 20:07 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-23 19:33 . 2009-05-23 19:33 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SpinTop Games
2009-05-23 19:33 . 2009-05-23 19:33 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\SpinTop
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\Slapdash Games
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Slapdash Games
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w c:\programmi\Yard Sale Hidden Treasures Sunnyville
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w c:\windows\Yard Sale Hidden Treasures Sunnyville
2009-05-23 16:14 . 2009-05-23 16:14 -------- d-----w c:\programmi\Eidos Interactive
2009-05-23 16:13 . 2009-05-23 16:13 -------- d-----w c:\windows\wb
2009-05-23 16:13 . 2007-02-17 22:28 9728 ----a-w c:\windows\system\rnaph.dll
2009-05-23 16:13 . 2007-02-17 22:28 87552 ----a-w c:\windows\system\url.dll
2009-05-23 12:58 . 2009-05-23 12:58 -------- d-----w c:\programmi\Hide & Secret 2 - Cliffhanger Castle
2009-05-18 13:53 . 2009-05-18 13:53 -------- d-----w c:\programmi\Avira
2009-05-18 13:53 . 2009-05-18 13:53 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-05-18 08:31 . 2009-05-18 08:31 271360 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-05-18 08:31 . 2009-05-18 08:31 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-05-17 20:50 . 2009-05-17 20:50 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SugarGames
2009-05-15 21:30 . 2009-05-15 21:30 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Abra Academy2
2009-05-15 21:29 . 2009-05-16 19:44 -------- d-----w c:\programmi\Abra Academy Returning Cast
2009-05-15 15:49 . 2009-05-15 15:49 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\cerasus.media
2009-05-14 21:25 . 2009-05-14 21:25 2081496 ----a-w c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-05-14 21:25 . 2009-05-14 21:25 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\BigFishGamesCache
2009-05-14 21:24 . 2009-05-14 21:24 208480 ----a-w c:\programmi\sherlock-holmes-the-awakened_s1_l1_gF2907T1L1_d523757203.exe
2009-05-12 20:06 . 2009-05-24 21:08 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\uTorrent
2009-05-12 18:29 . 2009-05-24 13:34 -------- d-----w c:\programmi\eMule
2009-05-12 13:16 . 2009-05-26 07:48 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\skypePM
2009-05-12 13:16 . 2009-05-12 13:16 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-12 13:13 . 2009-05-26 08:00 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Skype
2009-05-12 13:12 . 2009-05-12 13:12 -------- d-----w c:\programmi\File comuni\Skype
2009-05-12 13:12 . 2009-05-12 13:12 -------- d-----r c:\programmi\Skype
2009-05-12 13:12 . 2009-05-12 13:12 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-05-12 13:10 . 2009-05-12 13:10 1976104 ----a-w c:\programmi\SkypeSetup.exe
2009-05-11 22:10 . 2009-05-11 22:10 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Flood Light Games
2009-05-11 22:10 . 2009-05-11 22:10 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Flood Light Games
2009-05-11 13:26 . 2009-05-11 13:30 -------- d-----w c:\programmi\Abundante
2009-05-11 12:59 . 2009-05-11 12:59 -------- d-----w c:\programmi\Hide And Secret
2009-05-11 12:41 . 2009-05-11 12:41 -------- d-----w c:\programmi\The Mystery of the Crystal Portal
2009-05-11 12:41 . 2009-05-11 12:41 -------- d-----w c:\windows\The Mystery of the Crystal Portal
2009-05-11 12:19 . 2009-05-11 12:24 -------- d-----w c:\documents and settings\All Users\SS Adventures
2009-05-11 11:48 . 2009-05-15 16:13 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\JollyBear
2009-05-11 11:48 . 2009-05-15 16:13 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\JollyBear
2009-05-11 11:45 . 2009-05-11 11:45 -------- d-----w c:\windows\Hidden Expedition - Everest
2009-05-11 11:16 . 2009-05-11 11:16 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Big Fish Games
2009-05-10 16:55 . 2009-05-10 16:55 -------- d-----w c:\documents and settings\Grishnackh\Saved Games
2009-05-10 16:55 . 2009-05-10 16:55 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\FloodLightGames
2009-05-10 16:55 . 2009-05-10 16:55 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\FloodLightGames
2009-05-10 16:52 . 2009-05-10 16:52 472576 ----a-w c:\temp\irsetup.exe
2009-05-10 16:52 . 2009-05-10 16:52 -------- d-----w C:\temp
2009-05-10 16:52 . 2009-05-10 16:52 0 ----a-w c:\temp\irsetup.dat
2009-05-10 16:50 . 2009-05-10 16:50 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\FastStone
2009-05-10 16:40 . 2009-05-10 16:49 1024 ----a-w c:\windows\chamber_game_ra.dat
2009-05-10 12:22 . 2009-05-10 16:35 -------- d-----w c:\programmi\ReflexiveArcade
2009-05-09 22:54 . 2009-05-09 22:54 -------- d-----w c:\programmi\ABC Amber LIT Converter
2009-05-09 21:30 . 2009-05-09 21:30 -------- d-sh--w c:\windows\ftpcache
2009-05-09 21:27 . 2009-05-09 21:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\MysteryChronicles
2009-05-09 21:26 . 2009-05-09 21:26 -------- d-----w c:\windows\Mystery Chronicles Murder Among Friends
2009-05-09 20:35 . 2009-05-09 20:35 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\MysteryStudio
2009-05-09 20:26 . 2009-05-26 07:47 -------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-05-09 20:26 . 2009-05-11 12:28 -------- d-----w c:\programmi\Games
2009-05-09 20:20 . 2009-05-09 20:20 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Games
2009-05-09 20:18 . 2009-05-09 20:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Gogii
2009-05-09 20:18 . 2009-05-09 20:18 -------- d-----w c:\windows\Sherlock Holmes - The Mystery of the Persian Carpet
2009-05-09 16:21 . 2009-05-22 21:40 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Magic Academy
2009-05-09 16:21 . 2009-05-09 16:21 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-05-09 16:21 . 2009-05-12 20:05 -------- d-----w c:\programmi\BFG
2009-05-09 16:19 . 2009-05-09 16:19 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\Oberon Media
2009-05-09 15:42 . 2009-05-09 15:42 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\Identities
2009-05-09 15:40 . 2009-05-09 20:10 -------- d-----w c:\windows\SxsCaPendDel
2009-05-09 15:02 . 2004-01-28 13:42 1531904 ----a-w c:\windows\adiras.exe
2009-05-09 15:02 . 2003-06-24 09:55 127497 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2009-05-09 15:02 . 2002-05-09 13:12 155648 ----a-w c:\windows\system32\adadix32.dll
2009-05-09 15:02 . 2001-07-27 11:25 127456 ----a-w c:\windows\system32\ipdetect.exe
2009-05-09 15:02 . 2003-07-17 14:48 46167 ----a-w c:\windows\system32\drivers\adildr.sys
2009-05-09 15:02 . 2002-11-15 12:33 126976 ----a-w c:\windows\system32\coclassfast.dll
2009-05-09 15:02 . 2002-08-15 15:36 135168 ----a-w c:\windows\system32\unaddrv.exe
2009-05-09 15:02 . 2001-02-09 08:43 4981 ----a-w c:\windows\system32\adadix2k.dll
2009-05-09 15:02 . 2001-02-08 09:05 46892 ----a-w c:\windows\system32\adadix16.dll
2009-05-09 15:02 . 2003-01-30 06:48 143360 ----a-w c:\windows\autoclk.exe
2009-05-09 15:02 . 2001-05-24 14:24 22395 ----a-w c:\windows\system32\drivers\fpga.bin
2009-05-09 15:02 . 2009-05-09 15:02 -------- d-----w c:\programmi\SAGEM
2009-05-09 14:59 . 2009-05-09 14:59 -------- d-----w c:\programmi\Telecom Italia
2009-05-08 20:10 . 2009-05-08 20:10 -------- d-----w c:\programmi\Microsoft Works
2009-05-08 20:10 . 2009-05-08 20:10 -------- d-----w c:\programmi\MSBuild
2009-05-08 20:09 . 2009-05-08 20:09 -------- d-----w c:\programmi\Microsoft.NET
2009-05-08 20:07 . 2009-05-08 20:07 -------- d-----w c:\programmi\Microsoft Visual Studio 8
2009-05-08 20:07 . 2009-05-08 20:10 -------- d-----w c:\windows\SHELLNEW
2009-05-08 20:06 . 2009-05-08 20:06 -------- d--h--r C:\MSOCache
2009-05-08 20:05 . 2009-05-08 20:05 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-05-08 20:05 . 2009-05-08 20:12 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-05-07 19:43 . 2001-08-30 18:41 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-05-07 19:43 . 2001-08-17 20:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-06 11:14 . 2008-09-03 08:56 151552 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
2009-05-06 11:14 . 2007-10-25 22:12 55296 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.dll
2009-05-06 11:14 . 2007-09-05 22:18 798720 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageMagicResize.dll
2009-05-06 11:14 . 2007-01-29 22:59 490496 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\avformat-51.dll
2009-05-06 11:14 . 2007-01-29 22:59 19968 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\avutil-49.dll
2009-05-06 11:14 . 2007-01-29 22:59 142848 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\swscale-0.dll
2009-05-06 11:14 . 2006-12-16 17:24 53248 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\2kPrerequisite.dll
2009-05-06 11:14 . 2006-11-14 17:00 258048 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\SDL.dll
2009-05-06 11:14 . 2003-02-21 01:42 348160 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\msvcr71.dll
2009-05-06 11:14 . 2007-01-29 22:59 7165440 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\avcodec-51.dll
2009-05-03 18:20 . 2009-05-14 15:51 -------- d-----w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\Ahead
2009-05-03 18:19 . 2009-05-03 18:19 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Ahead
2009-05-03 18:18 . 2009-05-03 18:19 -------- d-----w c:\programmi\File comuni\Ahead
2009-05-03 18:18 . 2009-05-03 18:18 -------- d-----w c:\programmi\Nero
2009-05-03 18:18 . 2009-05-03 18:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-05-03 16:51 . 2009-05-03 16:51 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Elaborate Bytes
2009-05-03 16:47 . 2009-05-03 16:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\SlySoft
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\programmi\SlySoft
2009-05-03 16:43 . 2009-05-03 16:43 -------- d-----w c:\programmi\Elaborate Bytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 12:38 . 2009-04-21 11:22 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-23 20:03 . 2009-04-19 19:02 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-05-23 20:03 . 2009-04-19 10:07 -------- d-----w c:\programmi\File comuni\InstallShield
2009-05-16 11:23 . 2009-05-15 15:32 -------- d-----w c:\programmi\Wild West Quest
2009-05-15 15:40 . 2009-05-15 15:38 0 ----a-w C:\error_fix.exe
2009-05-15 15:39 . 2009-05-15 15:37 0 ----a-w C:\directx.exe
2009-05-15 15:39 . 2009-05-15 15:37 0 ----a-w C:\wmcodec_update.exe
2009-05-15 15:38 . 2009-05-15 15:34 -------- d-----w c:\programmi\10 Days Under The Sea
2009-05-15 15:27 . 2009-05-15 15:24 -------- d-----w c:\programmi\Mortimer and the Enchanted Castle
2009-05-15 13:16 . 2009-05-15 13:16 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Astar Games
2009-05-12 20:05 . 2009-04-19 08:20 -------- d-----w c:\programmi\Windows Media Connect 2
2009-05-09 15:39 . 2009-04-24 11:36 83128 ----a-w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-09 15:02 . 2009-05-09 15:02 22 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-04-24 11:51 . 2009-04-24 11:51 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-04-24 11:37 . 2009-04-24 11:37 -------- d-----w c:\programmi\File comuni\Windows Live
2009-04-24 06:07 . 2009-04-24 06:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-24 06:07 . 2009-04-19 08:29 -------- d-----w c:\programmi\Java
2009-04-24 06:05 . 2009-04-24 06:05 152576 ----a-w c:\documents and settings\Grishnackh\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-21 11:16 . 2009-04-21 11:16 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\vlc
2009-04-19 20:46 . 2009-04-19 20:46 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\ACD Systems
2009-04-19 20:45 . 2009-04-19 20:45 -------- d-----w c:\programmi\File comuni\ACD Systems
2009-04-19 20:45 . 2009-04-19 20:45 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-04-19 20:45 . 2009-04-19 20:45 -------- d-----w c:\programmi\ACD Systems
2009-04-19 20:45 . 2009-04-19 20:45 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-04-19 20:43 . 2009-04-19 20:43 -------- d-----w c:\programmi\VideoLAN
2009-04-19 19:07 . 2009-04-19 18:57 -------- d-----w c:\programmi\Creative
2009-04-19 18:30 . 2001-08-31 10:00 72442 ----a-w c:\windows\system32\perfc010.dat
2009-04-19 18:30 . 2001-08-31 10:00 444372 ----a-w c:\windows\system32\perfh010.dat
2009-04-19 16:32 . 2009-04-19 16:32 -------- d-----w c:\documents and settings\Grishnackh\Dati applicazioni\Media Player Classic
2009-04-19 08:56 . 2009-04-19 08:29 -------- d-----w c:\programmi\DAEMON Tools
2009-04-19 08:53 . 2009-04-19 08:53 -------- d-----w c:\programmi\SiS Compatible VGA V2.09L
2009-04-19 08:49 . 2009-04-19 08:49 139 ----a-w c:\documents and settings\Grishnackh\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-04-19 08:46 . 2009-04-19 08:46 998 ----a-w c:\windows\system32\syswinan.vbs
2009-04-19 08:36 . 2007-10-20 08:16 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-04-19 08:31 . 2009-04-19 08:31 -------- d-----w c:\programmi\VisualTaskTips
2009-04-19 08:31 . 2009-04-19 08:31 -------- d-----w c:\programmi\Stardock
2009-04-19 08:31 . 2009-04-19 08:31 -------- d-----w c:\programmi\File comuni\Stardock
2009-04-19 08:31 . 2009-04-19 08:31 -------- d-----w c:\programmi\SpeedFan
2009-04-19 08:29 . 2009-04-19 08:29 -------- d-----w c:\programmi\File comuni\Java
2009-04-19 08:29 . 2009-04-19 08:29 -------- d-----w c:\programmi\Glass2k
2009-04-19 08:29 . 2009-04-19 08:29 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-19 08:29 . 2009-04-19 08:29 -------- d-----w c:\programmi\Programmi
2009-04-19 08:29 . 2009-04-19 08:29 -------- d-----w c:\programmi\CCleaner
2009-04-19 08:29 . 2009-04-19 08:29 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-19 08:24 . 2009-04-19 08:24 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 08:23 . 2009-04-19 08:23 -------- d-----w c:\programmi\Servizi in linea
2009-04-19 08:21 . 2009-04-19 08:21 21840 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 00:40 . 2009-04-10 00:40 103744 ----a-w c:\windows\system32\drivers\AnyDVD.sys
.
------- Sigcheck -------
[-] 2007-10-20 08:15 920064 76042B62EFE8E0CCB7845AE3955EC0BC c:\windows\system32\wininet.dll
[7] 2007-10-20 08:15 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\VistaMizer\old\wininet.dll
[-] 2004-08-19 14:39 544256 E6F62282EBAA63BA07FA2DC7198B8D0D c:\windows\system32\winlogon.exe
[7] 2004-08-19 14:39 504832 4166454E2BCFCC20D1B8A5AC9FEAB243 c:\windows\VistaMizer\old\winlogon.exe
[-] 2007-10-20 08:25 2323328 F88A5BE0CCB2C0B8E8827C0C5755E826 c:\windows\system32\ntkrnlpa.exe
[7] 2007-10-20 08:25 2066048 C4ED0DD9532F403ABAA842018B5790BD c:\windows\VistaMizer\old\ntkrnlpa.exe
[-] 2007-10-20 08:07 2446464 69F3F785A413AD942F53421E5093434C c:\windows\system32\ntoskrnl.exe
[7] 2007-10-20 08:07 2189184 09C89F94C15C323D91742B8BBD0E0ABB c:\windows\VistaMizer\old\ntoskrnl.exe
[-] 2007-10-20 08:05 1554432 FB8A222C2828375F2F75758CAEDC0120 c:\windows\explorer.exe
[7] 2007-10-20 08:05 1035776 B4E85805BE6D23DE697F7B3BA7492D0B c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-19 14:39 25088 40DE117B6CCFC031D2DC8B73D82020CF c:\windows\system32\ctfmon.exe
[7] 2004-08-19 14:39 15360 5B33B4265966EE063C7FBEA28958D9C2 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 25088]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-04-19 5828608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1825792]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2002-05-09 303104]
"SiSUSBRG"="c:\windows\sisUSBrg.exe" [2002-04-25 32768]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 25088]
"LClock"="c:\programmi\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-10-20 123904]
c:\documents and settings\Grishnackh\Menu Avvio\Programmi\Esecuzione automatica\
glass2k.exe.lnk - c:\programmi\Glass2k\Glass2k.exe [2009-4-19 56325]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-5-9 962663]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Grishnackh\\Desktop\\utorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R3 ENE;ENE;c:\windows\system32\drivers\EMCR7SK.sys [19/04/2009 11.32.45 75520]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - HELPSVC
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{40406751-8A92-40F7-AE1A-68D500D527B4} - c:\windows\system32\fccccCVn.dll
BHO-{99972D1B-964E-49EC-92F4-1EB39F4810A5} - c:\windows\system32\xxyxXRkl.dll
BHO-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\aef3fee.dll
HKCU-Run-aecoy - c:\documents and settings\grishnackh\impostazioni locali\dati applicazioni\aecoy.exe
HKLM-Run-Microsoft Windows Sound - svghost.exe
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\aef3fee.dll
ShellExecuteHooks-{99972D1B-964E-49EC-92F4-1EB39F4810A5} - c:\windows\system32\xxyxXRkl.dll
ShellExecuteHooks-{1ae25bae-7d00-4b0a-a2f9-546468b4898f} - c:\windows\system32\hszkwl.dll
SafeBoot-procexp90.Sys
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext =
https://login.live.com/ppsecure/sha1auth.srf?lc=1040uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage -
hxxp://it.yahoo.itFF - prefs.js: keyword.URL -
hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\Grishnackh\Dati applicazioni\Mozilla\Firefox\Profiles\fy4f1ktc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites -
hxxp://s1.travian.it http://s2.travian.it http://s3.travian.it http://s4.travian.it http://s5.travian.it http://s6.travian.it http://s7.travian.it http://s8.travian.it http://s9.travian.it http://s10.travian.itFF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-26 10:20
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\SHDOCVW.dll
c:\programmi\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programmi\LClock\LC.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-26 10.23.57 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-26 08:23
Pre-Run: 16.179.908.608 byte disponibili
Post-Run: 16.176.119.808 byte disponibili
388