ComboFix 09-11-13.04 - Gilberto 13/11/2009 15.54.26.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.343 [GMT 1:00]
Eseguito da: c:\documents and settings\Gilberto\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gilberto\Preferiti\Videos.url
c:\recycler\S-1-5-21-1659004503-179605362-839522115-1003
c:\recycler\S-1-5-21-1960408961-329068152-725345543-1003(2)
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004693_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\_004696_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004700_.tmp.dll
c:\windows\system32\_004701_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004707_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\ban_list.txt
c:\windows\system32\KGyGaAvL.sys
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Creati Da 2009-10-13 al 2009-11-13 )))))))))))))))))))))))))))))))))))
.
2019-10-15 10:41 . 2019-10-15 10:40 298104 ----a-w- c:\windows\system32\imon.dll
2019-10-15 10:41 . 2019-10-15 10:40 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2019-10-15 10:41 . 2019-10-15 10:40 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-11-13 12:43 . 2009-11-13 12:42 77312 ----a-w- C:\mbr.exe
2009-11-12 11:24 . 2009-11-12 11:24 -------- d-----w- c:\programmi\Lavalys
2009-11-12 10:36 . 2009-11-12 10:36 -------- d-----w- c:\programmi\Zone Labs
2009-11-12 00:01 . 2009-11-12 00:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PhotoMail
2009-11-12 00:01 . 2009-11-12 00:01 -------- d-----w- c:\programmi\PhotoMail Maker
2009-11-06 15:47 . 2009-11-06 15:47 -------- d-----w- c:\programmi\Microsoft Sync Framework
2009-11-02 15:27 . 2009-11-03 00:04 -------- d-----w- c:\programmi\ElcomSoft
2009-10-26 13:01 . 2009-10-26 13:01 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-10-23 12:30 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-10-23 12:30 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-23 12:30 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-10-23 12:30 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-23 12:30 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-14 23:09 . 2009-10-14 23:09 152576 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 11:02 . 2009-08-15 20:56 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\vlc
2009-11-13 10:59 . 2006-10-31 20:50 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\dvdcss
2009-11-12 01:43 . 2007-01-25 11:08 -------- d-----w- c:\programmi\Color7 Video Studio
2009-11-10 15:01 . 2006-03-22 10:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-09 00:47 . 2007-02-19 18:46 -------- d-----w- c:\programmi\emule
2009-11-09 00:31 . 2006-11-29 11:30 -------- d-----w- c:\programmi\Emersys
2009-11-07 11:22 . 2009-03-21 12:13 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-11-06 15:46 . 2007-12-18 10:02 -------- d-----w- c:\programmi\Windows Live
2009-11-06 15:43 . 2009-03-21 12:08 -------- d-----w- c:\programmi\Microsoft
2009-11-04 18:20 . 2009-07-28 00:00 117760 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-02 13:57 . 2001-08-31 11:00 98006 ----a-w- c:\windows\system32\perfc010.dat
2009-11-02 13:57 . 2001-08-31 11:00 520252 ----a-w- c:\windows\system32\perfh010.dat
2009-11-02 13:56 . 2008-10-19 22:13 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\PC Suite
2009-11-02 13:55 . 2009-11-02 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-31 23:49 . 2006-03-04 11:53 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\Skype
2009-10-29 10:28 . 2009-07-24 20:15 -------- d-----w- c:\programmi\IncrediMail
2009-10-26 13:01 . 2006-02-23 18:27 -------- d-----w- c:\programmi\DivX
2009-10-22 09:45 . 2004-08-19 13:39 1392671 ----a-w- c:\windows\system32\msvbvm60.dll
2009-10-19 14:32 . 2008-04-24 10:49 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\Any Video Converter
2009-10-18 23:24 . 2009-06-12 15:56 2776 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2009-10-18 23:24 . 2009-06-12 15:56 2776 --sha-w- c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2009-10-14 23:11 . 2006-10-29 10:58 -------- d-----w- c:\programmi\Java
2009-10-14 23:01 . 2006-02-24 11:24 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-01 00:12 . 2009-08-21 13:34 -------- d-----w- c:\documents and settings\Gilberto\Dati applicazioni\GetRightToGo
2009-09-17 23:52 . 2006-03-22 10:16 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-12 14:32 . 2009-09-12 14:32 1925024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-09-03 09:54 . 2009-09-03 09:41 104642 ----a-w- c:\windows\hpoins04.dat
2009-09-03 09:34 . 2009-09-03 09:34 152576 ----a-w- c:\documents and settings\Gilberto\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-25 14:42 . 2009-08-25 14:42 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-25 14:42 . 2009-08-25 14:42 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-25 14:42 . 2009-08-25 14:42 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-25 14:42 . 2009-08-25 14:42 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-25 14:39 . 2009-08-25 14:42 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita_web.exe
2009-08-15 20:00 . 2006-02-23 08:43 23648 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2009-08-14 09:30 . 2009-08-14 09:30 0 --sh--w- c:\windows\S66D4B3FA.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E06IXLRD_174203625"="c:\programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" [2005-06-04 301776]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"UVS10 Preload"="c:\programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2019-10-15 949376]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-12-11 286720]
"Corel File Shell Monitor"="c:\programmi\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"BootRacer"="c:\programmi\BootRacer\Bootrace.exe" [2009-01-14 1548392]
c:\documents and settings\Gilberto\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-09-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-12 07:35 352256 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PMCS"="c:\programmi\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
"PMCRemote"=c:\programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Mirc Horror\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Gilberto\\Desktop\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Mirc invision Darksin ita\\mirc.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\emule\\eMule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImLc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"7776:TCP"= 7776:TCP:BitComet 7776 TCP
"7776:UDP"= 7776:UDP:BitComet 7776 UDP
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1755:TCP"= 1755:TCP:emule tcp
"1765:UDP"= 1765:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [10/06/2008 11.25.10 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [10/06/2008 11.25.10 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15/10/2019 11.41.05 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11.53.48 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 10.39.26 55024]
R2 BootRacerServ;BootRacerServ;c:\programmi\BootRacer\BootRacerServ.exe [14/01/2009 14.30.50 57088]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [25/01/2007 11.40.10 6736]
R2 Vqtfk;Vqtfk;c:\windows\system32\Vqtfk.sys [25/01/2007 11.39.37 19936]
R3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [27/12/2006 11.17.20 827008]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [24/02/2006 14.00.12 1287296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [12/11/2009 12.25.12 23152]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [04/06/2004 12.21.12 70888]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15.51.08 4096]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
2007-02-21 c:\windows\Tasks\PMCS_Wakeup633076516117350000.job
- c:\programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [2006-12-27 08:41]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
LSP: c:\windows\system32\imon.dll
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\programmi\DAP\DAPIE.DLL
Name-Space Handler: HTTPS\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
hxxp://downloads.ewido.net/ewidoOnlineScan.cabDPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} -
hxxps://servizi.inps.it/servizi/ParlaCo ... IPhona.cabFF - ProfilePath - c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\
FF - prefs.js: browser.startup.homepage -
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\Firefox\Profiles\5jx98s66.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Gilberto\Dati applicazioni\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPGWrap.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-WgaLogon - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-13 16:16
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BB4008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86bb4008
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x02546841
malicious code @ sector 0x02546844 !
PE file found in sector at 0x0254685A !
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F934923E-FB1D-D557-2C11-F9A8C5E537BB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oamnofbeablnbnhfeoimeccbfngfof"=hex:63,61,6d,70,6b,70,00,7c
"oaipngklgfkookdidopilepcocaeoa"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,
65,63,67,69,61,64,00,fd
"nakoicbeboehhhjiikhdlaglnkeg"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,
65,63,67,69,61,64,00,fd
"iamnofbeablnbnhfeo"=hex:63,61,70,70,68,61,00,07
"iaipngklgfkookdido"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,65,63,67,69,
61,64,00,c0
"hakoicbeboehhhji"=hex:6a,61,6d,70,65,61,68,68,6c,70,6b,68,70,6b,65,63,67,69,
61,64,00,c0
[HKEY_USERS\S-1-5-21-1960408961-329068152-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (S-1-5-21-1960408961-329068152-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\htafile\CLSID]
@DACL=(02 0000)
@="{3050f4d8-98B5-11CF-BB82-00AA00BDCE0B}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D6375E760DDDD7E72729032EC3CED2EB2C0A04E8ED6F6BA0567C20E184713F0B77C6CFF2A75A0AA1A9AE865769AF1390727FC17A5CB95F8FC591EBD0FEDB41C84FE00A506BF2AA50903DBF645BC4DAA749011B83FE0B51573CDAB94B22FB1C1732AEB72E9DF5EBFCDBF5ED349CA9004C00C485C5B6E3DA46F24C5690C95C4E13E4F819EDB616D138811D676865D8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6676DFC78D5134C3D8C8E8A5BEA83C1115DFEA572DBBCD4F2DF9C03B770D479E8D699A8C655C83B45F656DEFC417EBAA3E20ABCE43596C045A2BDB874410A542EBD0ED195E41AF120DD4CC687F5954559FCDFDC089B65792D2881B3D0D76D95675844AEE3A7BDEC7FCA6FE728A3931D2000A1BCD544A99C76B04F5D34A4D5D95CE98878A3640068C92F906D7D8BD93F9A24C7183B87790AA05BE4A2F7B7AE820A20FAED3E063F67185BD5079B0FDC709F869C2F97E27D645EAF5073EAC77535A108124F0C1BEEAFB80939E40B3924B6B9273F45C2F6F2159895F6C4CFAE3C5B86929463DD57964CAB52873FC8344CDEA76B21A18409AA48E85B0F0FD9E929A05118A0727692D10A27386450435084F5DA990B1099820CEDA130254FB51C77F6CED2A6CB8BC4CEFC149B43D7DF0292D07BDF16E0336E0E3BC3AC1886800A749480606BC04A8E51F891C5EF17F5DFCE86E24DB166F5FEBFA508481D38CB9E82EF99C3862650B3B01AEFE207D5D026A4719FD721F9FB0A416C59613B6D9EE717C983E26656B019D8BD3401FADC31B515307556FA765106C68D58B9CD33F1963FA05A88CB2E73CBC8859892907D4B1233A75986A83BF6129C4DD674851A350116B96E63CA9092F993588B71E388476228FD7688E92B63ED9E36DE9C66B648A2CF9FC305CCE1FC74DFE0AE57DF554072301EABDE53B07CFEBC11A89F46228317B21F94E30D8C1735690CD464C73EC7349B380BF44834A34D7DF0A64F5378302298484CDB9E7E36D5000C0A9B30A1603A4F3FDA95062826077A27FA5F8B5A0BA76F710B296428261586D70BE20562823BC1E816711B7E4BFB604FFC6BC3EB47B3B93327701801A5D574A94A8902681B1581316B9CE8AECA227042396EA3D60B738DEA27B5C680E81F547EEBBB3B9C08C62DD73D8F2735539100A16E4CA548703895B8C765CF26959BC51A498D946DA07479DFA2A6E012048779D110499BEE057810837B4CE972C79AFC01F0F6C74FA965AE8F65247448726557FAC58D28814ACDCFF3E49E9B6B8C0F407EA4D2E2386106A8F28329155EA7AE2E88EBA8C2B637F539765CF1C39A6A906B21D861C8227666D9D930BF48E2A10DA1AB910B38CCB553493C7040128E"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(7640)
c:\programmi\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\RunDll32.exe
c:\programmi\IncrediMail\bin\IMApp.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\programmi\File comuni\Protexis\License Service\PsiService_2.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-13 16:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-13 15:19
Pre-Run: 163.557.638.144 byte disponibili
Post-Run: 163.368.509.440 byte disponibili
Current=7 Default=7 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 3F5800BE679849D0299A55CC225F0ED4