ComboFix 09-07-08.A0 - Matteo_2 09/07/2009 23.28.51.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.39.1040.18.2047.1145 [GMT 2:00]
Eseguito da: c:\users\Matteo_2.PC-Matteo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {002A0148-0053-0078-0000-000000002A00}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: AntiVir Desktop *disabled* (Outdated) {002A0148-0053-0078-0000-000000002A00}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1183912856-3019111323-3057316918-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-372612208-3294270740-2322141399-1002
c:\$recycle.bin\S-1-5-21-372612208-3294270740-2322141399-1003
c:\$recycle.bin\S-1-5-21-372612208-3294270740-2322141399-1004
C:\InfoSat.txt
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\RelevantKnowledge\sporder.dll
c:\users\Matteo_2.PC-Matteo\AppData\Roaming\esentutl.exe
c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\comrepl.exe
c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\rsvp.exe
c:\users\Matteo_2.PC-Matteo\AppData\Roaming\mstinit.exe
c:\users\Matteo_2.PC-Matteo\AppData\Roaming\spoolsv.exe
c:\users\MATTEO~1.PC-\AppData\Roaming\esentutl.exe
c:\users\MATTEO~1.PC-\AppData\Roaming\Microsoft\comrepl.exe
c:\users\MATTEO~1.PC-\AppData\Roaming\Microsoft\rsvp.exe
c:\users\MATTEO~1.PC-\AppData\Roaming\mstinit.exe
c:\users\MATTEO~1.PC-\AppData\Roaming\spoolsv.exe
c:\windows\Installer\110e5c.msi
c:\windows\Installer\1e0982.msi
c:\windows\Installer\62a8f92.msi
c:\windows\system\cisvc.exe
c:\windows\system\comrepl.exe
c:\windows\system\dllhst3g.exe
c:\windows\system\esentutl.exe
c:\windows\system\rsvp.exe
c:\windows\system\spoolsv.exe
c:\windows\system32\bf57f0e8.dll
c:\windows\system32\drivers\clipsrv.exe
c:\windows\system32\drivers\mqtgsvc.exe
c:\windows\system32\kr_done1
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Files Creati Da 2009-06-09 al 2009-07-09 )))))))))))))))))))))))))))))))))))
.
2009-07-09 14:56 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-09 10:22 . 2009-07-09 10:22 -------- d-----w- C:\a51e228e425e981a92b5e2278465
2009-07-09 09:28 . 2009-07-09 09:28 -------- d-----w- c:\program files\CCleaner
2009-07-09 09:16 . 2009-07-09 09:16 1464 ----a-w- C:\avexport.bat
2009-07-08 22:34 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-08 22:33 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-08 22:33 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-08 22:28 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-08 22:28 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-08 21:13 . 2009-04-24 16:14 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-08 21:13 . 2009-04-24 16:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-08 21:13 . 2009-04-24 16:11 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-08 21:13 . 2009-04-24 13:53 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-08 21:13 . 2009-04-24 12:25 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-08 21:12 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-07-08 21:05 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-08 20:34 . 2009-07-08 20:34 6243 ----a-w- C:\backup.reg
2009-07-08 20:33 . 2009-07-09 09:16 574 ----a-w- C:\cleanup.bat
2009-07-08 20:33 . 2009-07-09 09:16 135168 ----a-w- C:\zip.exe
2009-07-08 20:02 . 2009-07-08 20:53 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Local\VirtualStore
2009-07-08 20:02 . 2009-07-08 20:53 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Local\VirtualStore
2009-07-08 19:59 . 2009-07-08 20:43 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-08 19:59 . 2009-07-08 20:43 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-08 19:56 . 2009-07-09 21:44 169729312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-08 19:56 . 2009-07-09 21:19 -------- d-----w- c:\progra~2\Kaspersky Lab
2009-07-08 19:56 . 2009-07-08 19:56 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-08 19:55 . 2009-07-08 19:55 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2009-07-08 17:50 . 2009-07-08 19:34 -------- d-----w- C:\FindyKill
2009-07-08 10:13 . 2009-07-08 10:42 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Local\WinZip
2009-07-08 10:13 . 2009-07-08 10:42 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Local\WinZip
2009-07-07 23:05 . 2009-07-07 23:10 -------- d-----w- c:\program files\Windows Live
2009-07-07 23:02 . 2009-07-08 09:40 -------- d-----w- C:\MSNCleaner
2009-07-07 22:53 . 2009-07-07 22:53 -------- d-----w- C:\BackUpMSNCleaner
2009-07-07 22:46 . 2009-07-07 22:46 -------- d-----w- c:\program files\AxBx
2009-07-07 21:13 . 2009-07-07 21:13 -------- d-----w- c:\users\Matteo_2.PC-Matteo\Tracing
2009-07-07 21:10 . 2009-07-07 21:10 -------- d-----w- c:\program files\Microsoft
2009-07-07 21:00 . 2009-07-07 21:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-29 14:33 . 2009-06-29 14:33 339968 ----a-w- c:\windows\system32\pythoncom25.dll
2009-06-29 14:33 . 2009-06-29 14:33 2117632 ----a-w- c:\windows\system32\python25.dll
2009-06-29 14:33 . 2009-06-29 14:33 114688 ----a-w- c:\windows\system32\pywintypes25.dll
2009-06-29 14:32 . 2008-09-16 16:26 1332197 ----a-w- c:\windows\system32\pythondll.zip
2009-06-29 14:30 . 2009-06-29 14:30 -------- d-----w- c:\progra~2\AGI
2009-06-29 14:30 . 2009-06-29 14:32 -------- d-----w- c:\program files\AGI
2009-06-29 12:32 . 2009-06-29 12:32 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\DivX
2009-06-29 12:32 . 2009-06-29 12:32 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\DivX
2009-06-26 18:40 . 2009-06-26 18:40 -------- d-----w- c:\program files\AC3Filter
2009-06-26 13:53 . 2009-06-26 13:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-26 13:02 . 2009-06-26 13:02 9446 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_6FEFF9B68218417F98F549.exe
2009-06-26 13:02 . 2009-06-26 13:02 9446 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_42AA15C43A133293CFA1B4.exe
2009-06-26 13:02 . 2009-06-26 13:02 9446 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_33FF69054B5E861AD501ED.exe
2009-06-26 12:56 . 2009-06-26 12:56 -------- d-----w- c:\program files\Caricature Software
2009-06-25 19:30 . 2009-06-25 19:30 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\Media Player Classic
2009-06-25 19:30 . 2009-06-25 19:30 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Media Player Classic
2009-06-25 15:25 . 2009-06-25 15:25 -------- d-----w- c:\progra~2\2935E
2009-06-25 14:19 . 2009-07-08 15:46 -------- d-----w- c:\program files\vghd
2009-06-25 14:19 . 2009-06-25 14:19 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\vghd
2009-06-25 14:19 . 2009-06-25 14:19 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\vghd
2009-06-16 12:09 . 2001-05-07 10:56 19805 ----a-w- c:\windows\system32\drivers\usbio.sys
2009-06-16 09:55 . 2009-06-16 09:55 -------- d-----w- c:\progra~2\B248
2009-06-15 16:47 . 2009-06-15 16:47 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\acccore
2009-06-15 16:47 . 2009-06-15 16:47 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\acccore
2009-06-15 16:46 . 2009-06-15 16:46 -------- d-----w- c:\progra~2\AOL OCP
2009-06-15 16:46 . 2009-06-15 16:46 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Local\AOL OCP
2009-06-15 16:46 . 2009-06-15 16:46 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Local\AOL OCP
2009-06-15 16:46 . 2009-06-15 16:46 -------- d-----w- c:\progra~2\AOL
2009-06-15 16:45 . 2009-06-15 16:45 -------- d-----w- c:\program files\Common Files\AOL
2009-06-15 16:44 . 2009-06-15 16:46 -------- d-----w- c:\program files\AIM6
2009-06-14 19:16 . 2009-06-14 19:16 -------- d-----w- c:\progra~2\Electronic Arts
2009-06-14 19:11 . 2009-06-14 19:11 10134 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-14 19:11 . 2009-06-14 19:11 -------- d-----w- c:\program files\Microsoft WSE
2009-06-14 18:58 . 2009-06-25 19:41 -------- d-----w- c:\program files\Electronic Arts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 21:40 . 2009-07-08 19:56 2273300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-09 19:07 . 2009-03-14 22:51 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\uTorrent
2009-07-09 19:07 . 2009-03-14 22:51 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\uTorrent
2009-07-09 19:03 . 2008-10-05 12:04 -------- d-----w- c:\progra~2\Avg8
2009-07-09 14:45 . 2008-10-20 16:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-09 14:09 . 2008-11-27 22:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-09 14:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-09 13:32 . 2009-03-08 15:48 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-09 09:05 . 2008-07-02 11:25 -------- d-----w- c:\program files\eMule
2009-07-08 20:44 . 2007-10-31 11:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-08 16:15 . 2008-10-01 13:00 -------- d-----w- c:\progra~2\WinZip
2009-07-07 23:18 . 2008-10-06 19:45 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-07 23:10 . 2008-10-06 19:40 -------- d-----w- c:\program files\Windows Live Toolbar
2009-07-07 23:04 . 2008-07-01 16:59 -------- d-----w- c:\progra~2\WLInstaller
2009-07-05 15:34 . 2008-10-06 11:22 -------- d-----w- c:\program files\Common Files\PAC207
2009-06-30 13:26 . 2009-05-18 23:05 -------- d-----w- c:\program files\AV WebCam Morpher
2009-06-26 13:53 . 2008-09-05 10:54 -------- d-----w- c:\program files\DivX
2009-06-26 12:55 . 2009-04-12 20:45 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\GetRightToGo
2009-06-26 12:55 . 2009-04-12 20:45 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\GetRightToGo
2009-06-26 12:03 . 2008-09-29 20:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-25 22:31 . 2008-11-13 11:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 22:23 . 2009-02-16 21:34 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\SoundSpectrum
2009-06-25 22:23 . 2009-02-16 21:34 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\SoundSpectrum
2009-06-25 19:45 . 2007-01-07 17:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 19:42 . 2009-05-28 15:35 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\Atari
2009-06-25 19:42 . 2009-05-28 15:35 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Atari
2009-06-25 19:31 . 2008-07-01 13:10 -------- d-----w- c:\progra~2\LightScribe
2009-06-25 14:59 . 2009-01-05 11:14 152904 ----a-w- c:\windows\system32\vghd.scr
2009-06-13 14:11 . 2009-01-15 20:56 230432 ----a-w- C:\PA207.DAT
2009-06-08 22:18 . 2009-06-08 22:18 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\U3
2009-06-08 22:18 . 2009-06-08 22:18 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\U3
2009-06-08 20:41 . 2007-01-08 00:59 691958 ----a-w- c:\windows\system32\perfh010.dat
2009-06-08 20:41 . 2007-01-08 00:59 119350 ----a-w- c:\windows\system32\perfc010.dat
2009-06-06 21:34 . 2009-06-06 21:34 -------- d-----w- c:\program files\Datel
2009-06-04 12:49 . 2009-06-04 12:49 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\MoioSMS
2009-06-04 12:49 . 2009-06-04 12:49 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\MoioSMS
2009-05-28 16:20 . 2009-05-28 15:53 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-28 15:39 . 2009-05-28 15:39 -------- d-----w- c:\program files\Atari
2009-05-26 15:49 . 2009-05-23 14:06 680 ----a-w- c:\users\MATTEO~1.PC-\AppData\Local\d3d9caps.dat
2009-05-26 15:49 . 2009-05-23 14:06 680 ----a-w- c:\users\Matteo_2.PC-Matteo\AppData\Local\d3d9caps.dat
2009-05-25 14:34 . 2009-05-25 14:33 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-05-25 10:54 . 2009-05-25 10:54 194560 ----a-w- c:\windows\system32\oc_screensaver.scr
2009-05-20 12:18 . 2009-05-18 20:25 8 ----a-w- C:\temp.dat
2009-05-19 21:07 . 2009-02-11 13:50 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\Screenshot Sender
2009-05-19 21:07 . 2009-02-11 13:50 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Screenshot Sender
2009-05-19 10:38 . 2009-05-19 10:38 -------- d-----w- c:\progra~2\32101
2009-05-19 00:20 . 2009-05-19 00:20 -------- d-----w- c:\progra~2\272DE
2009-05-18 22:43 . 2009-05-18 22:43 -------- d-----w- c:\program files\QuickTime
2009-05-18 16:35 . 2007-01-07 17:24 -------- d-----w- c:\progra~2\CyberLink
2009-05-18 16:35 . 2009-05-18 16:35 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\CyberLink
2009-05-18 16:35 . 2009-05-18 16:35 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\CyberLink
2009-05-18 13:36 . 2009-02-13 20:58 -------- d-----w- c:\users\MATTEO~1.PC-\AppData\Roaming\Download Manager
2009-05-18 13:36 . 2009-02-13 20:58 -------- d-----w- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Download Manager
2009-05-18 10:34 . 2009-05-18 10:34 -------- d-----w- c:\progra~2\1AB7
2009-05-15 18:25 . 2009-05-15 18:25 -------- d-----w- c:\program files\Hasbro Interactive
2009-05-11 09:36 . 2009-05-11 09:36 -------- d-----w- c:\program files\VirtualDJ
2009-05-10 22:00 . 2009-02-10 21:50 54904 ----a-w- c:\users\MATTEO~1.PC-\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 22:00 . 2009-02-10 21:50 54904 ----a-w- c:\users\Matteo_2.PC-Matteo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-07 12:55 . 2009-05-07 12:55 13094 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_2cd672ae.exe
2009-05-07 12:55 . 2009-05-07 12:55 13094 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_16496df1.exe
2009-05-07 12:55 . 2009-05-07 12:55 1078 ----a-r- c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_69525f90.exe
2009-04-24 16:22 . 2009-07-08 21:14 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-21 12:04 . 2009-07-08 21:14 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-25 13:55 . 2007-01-07 17:11 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-25 13:55 . 2007-01-07 17:11 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-25 13:55 . 2007-01-07 17:11 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-25 13:55 . 2007-01-07 17:11 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-25 13:55 . 2007-01-07 17:11 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-01-08 01:40 . 2007-01-08 01:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-01-19 20:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-08 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-17 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2009-07-08 319488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-372612208-3294270740-2322141399-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16/10/2007 11.05.28 20496]
R2 dvdmmg;dvdmmg;c:\windows\System32\drivers\dvdmmg.sys [06/09/2007 13.15.22 5504]
R2 WebCamHelper;WebCamHelper;c:\progra~1\AVWEBC~1\WebCamHelper.sys [19/05/2009 1.05.21 2688]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\System32\drivers\PFC027.SYS [14/05/2007 10.26.10 508288]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\System32\drivers\avwebcam.sys [17/05/2009 23.24.39 215552]
S2 gupdate1c98e11e57e9586;Servizio di Google Update (gupdate1c98e11e57e9586);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2009 21.33.04 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{905502AB-1987-46cd-9EC5-42B1E087D319} - c:\program files\EasyPrediction\2.0\ltie.dll
HKLM-Explorer_Run-ClipSrv - c:\windows\System\clipsrv.exe
HKLM-Explorer_Run-MstInit - c:\windows\mstinit.exe
HKLM-Explorer_Run-Esent Utl - c:\users\Matteo_2.PC-Matteo\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe
HKLM-Explorer_Run-DllHst - c:\users\MATTEO~1.PC-\AppData\Roaming\dllhst3g.exe
HKLM-Explorer_Run-rsvp - c:\users\MATTEO~1.PC-\AppData\Roaming\rsvp.exe
HKLM-Explorer_Run-IEudinit - c:\windows\System32\drivers\ieudinit.exe
HKLM-Explorer_Run-MqtgSVC - c:\windows\mqtgsvc.exe
HKLM-Explorer_Run-CmSTP - c:\windows\System32\drivers\cmstp.exe
HKLM-Explorer_Run-ComRepl - c:\windows\System32\drivers\comrepl.exe
HKLM-Explorer_Run-Cisvc - c:\users\Matteo_2.PC-Matteo\LOCALS~1\APPLIC~1\cisvc.exe
HKLM-Explorer_Run-Mstsc - c:\users\MATTEO~1.PC-\AppData\Roaming\mstsc.exe
HKLM-Explorer_Run-Logman - c:\windows\System\logman.exe
HKCU-Explorer_Run-MqtgSVC - c:\users\MATTEO~1.PC-\AppData\Roaming\mqtgsvc.exe
HKU-Default-Explorer_Run-Cisvc - c:\windows\System32\drivers\cisvc.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page =
hxxp://www.forospyware.commWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: CabBuilder -
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabFF - ProfilePath - c:\users\MATTEO~1.PC-\AppData\Roaming\Mozilla\Firefox\Profiles\6ep31dcw.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=FF - prefs.js: browser.search.selectedEngine - PHPNukeEN Customized Web Search
FF - prefs.js: browser.startup.homepage -
http://www.google.itFF - prefs.js: keyword.URL -
hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{ecdc465a-cf20-4b82-9a26-47c9dc52fa32}\components\FFAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Matteo_2.PC-Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\6ep31dcw.default\extensions\{3DB3D228-A2E9-4581-B400-CE1331C5269E}\components\LTff.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-09 23:42
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(3780)
c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Powercinema\Kernel\TV\PCMRM2Splter.ax
c:\program files\Powercinema\Kernel\TV\PCMBM2Splter.ax
c:\program files\Powercinema\Kernel\TV\PCMBM1Splter.ax
c:\program files\Powercinema\Kernel\VideoProcessor\MDTLM1Splter.ax
c:\program files\Powercinema\Kernel\VideoProcessor\MDTLM2Splter.ax
c:\program files\common files\ahead\dsfilter\nevideo.ax
c:\program files\Common Files\Ahead\Lib\AdvrCntr2.dll
c:\program files\Common Files\Ahead\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Ahead\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Ahead\DSFilter\NeSplitter.ax
c:\program files\Powercinema\Kernel\Movie\CLDemuxer.ax
c:\program files\Common Files\Ahead\DSFilter\NeOggSplitter.ax
c:\program files\Common Files\Ahead\DSFilter\NeSubpicture.ax
c:\program files\Common Files\Ahead\DSFilter\NeResize.ax
c:\program files\common files\ahead\dsfilter\nevideohd.ax
c:\program files\Powercinema\Kernel\Video\CLMedia.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\System32\lxcecoms.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Powercinema\Kernel\TV\CLSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-09 23.54.12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-09 21:53
Pre-Run: 93.318.844.416 byte disponibili
Post-Run: 94.791.000.064 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
385 --- E O F --- 2009-07-09 15:39