Questi i miei risultati ...
ComboFix 09-08-28.05 - Utente1 29/08/2009 17.13.31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.3327.2855 [GMT 2:00]
Eseguito da: l:\windows xp\programmini\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1784679431-2641084430-984598118-1000
c:\documents and settings\Utente1\Dati applicazioni\inst.exe
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\ffmmll.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\ffmmll_nav.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\ffmmll_navps.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\osmoa.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\osmoa_nav.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\osmoa_navps.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\wmkgoki.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\wmkgoki.exe
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\wmkgoki_nav.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\wmkgoki_navps.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\ykqgs.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\ykqgs_navps.dat
c:\programmi\Norton2009Reset.exe
c:\programmi\RelevantKnowledge
c:\programmi\RelevantKnowledge\rlservice.exe
c:\windows\Installer\1ba9a6f.msp
c:\windows\Installer\1ba9a70.msp
c:\windows\Installer\1ba9a71.msp
c:\windows\Installer\1ba9a72.msp
c:\windows\Installer\1ba9a73.msp
c:\windows\Installer\1ba9a74.msp
c:\windows\Installer\1ba9a75.msp
c:\windows\Installer\1ba9a76.msp
c:\windows\Installer\1ba9a77.msp
c:\windows\Installer\1bc9432.msp
c:\windows\Installer\1bc9433.msp
c:\windows\Installer\1bc9434.msp
c:\windows\Installer\1bc9435.msp
c:\windows\Installer\1bc9436.msp
c:\windows\Installer\1bc9437.msp
c:\windows\Installer\1bc9438.msp
c:\windows\Installer\1bc9439.msp
c:\windows\Installer\1bc943a.msp
c:\windows\Installer\1bc943b.msp
c:\windows\Installer\1bd2a6d.msp
c:\windows\Installer\1bd2a78.msp
c:\windows\Installer\1bd2a84.msp
c:\windows\Installer\e95d8.msp
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_.norton2009Reset
((((((((((((((((((((((((( Files Creati Da 2009-07-28 al 2009-08-29 )))))))))))))))))))))))))))))))))))
.
2009-08-27 21:44 . 2009-08-28 07:53 -------- d-sh--w- C:\Boot
2009-08-27 21:07 . 2009-06-13 17:54 1663488 ----a-w- c:\windows\system32\BootMan.exe
2009-08-27 21:07 . 2009-04-22 12:28 8704 ----a-w- c:\windows\system32\epmntdrv.sys
2009-08-27 21:07 . 2009-04-22 12:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-08-27 21:07 . 2009-04-22 12:28 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-08-27 21:07 . 2009-04-22 12:27 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-08-27 21:07 . 2009-08-27 21:07 -------- d-----w- c:\programmi\EASEUS
2009-08-27 20:39 . 2009-08-27 20:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-27 19:57 . 2009-08-27 20:37 -------- d-----w- c:\programmi\Acronis(2)
2009-08-20 16:32 . 2008-04-13 17:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-08-20 16:32 . 2008-04-13 17:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-20 16:32 . 2008-04-13 09:46 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-08-20 16:32 . 2008-04-13 09:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-08-12 11:01 . 2009-08-12 11:01 -------- d-----w- c:\windows\system32\3Planesoft
2009-08-12 11:01 . 2009-08-12 11:01 -------- d-----w- c:\programmi\3Planesoft Screensaver Manager
2009-08-11 20:37 . 2009-08-11 20:37 -------- d-----w- c:\programmi\CCleaner
2009-08-11 20:30 . 2003-05-27 11:55 1438 ----a-w- C:\cleanxp.bat
2009-08-11 20:30 . 2003-05-27 11:51 438 ----a-w- C:\xp.cmd
2009-08-10 18:02 . 2009-08-21 15:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Test Drive Unlimited
2009-08-10 17:36 . 2009-08-10 17:36 49152 ----a-r- c:\documents and settings\Utente1\Dati applicazioni\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-08-09 22:27 . 2009-08-09 22:28 -------- d-----w- C:\d73329ec3a6da4ac931989ed98c1d2eb
2009-08-09 22:27 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 22:27 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 22:27 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 22:27 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 22:27 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 22:27 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 22:27 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 21:30 . 2009-08-09 21:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2009-08-09 21:10 . 2009-08-09 21:10 -------- d-----w- c:\documents and settings\Utente1\Dati applicazioni\Desktopicon
2009-08-09 21:01 . 2009-08-09 21:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-08-09 20:54 . 2009-08-09 20:54 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-08-09 20:51 . 2009-08-09 20:51 -------- d--h--r- C:\AHCache
2009-08-08 17:32 . 2009-08-09 22:28 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 17:32 . 2009-08-08 17:32 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-04 18:18 . 2009-08-04 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-08-04 18:17 . 2009-08-04 18:17 152576 ----a-w- c:\documents and settings\Utente1\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-01 19:54 . 2009-08-01 19:54 -------- d-----w- c:\documents and settings\Utente1\Dati applicazioni\Image Zone Express
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 15:13 . 2008-04-14 12:00 563564 ----a-w- c:\windows\system32\perfh010.dat
2009-08-29 15:13 . 2008-04-14 12:00 109272 ----a-w- c:\windows\system32\perfc010.dat
2009-08-29 15:09 . 2008-11-26 21:12 69224 ----a-w- c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-27 17:16 . 2008-11-24 18:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-12 12:07 . 2009-04-06 17:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-08-11 20:41 . 2009-05-07 19:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-09 21:31 . 2009-07-10 18:46 -------- d-----w- c:\programmi\Electronic Arts
2009-08-09 21:10 . 2009-07-01 18:52 -------- d-----w- c:\programmi\Thoosje Vista Sidebar
2009-08-09 21:01 . 2009-06-28 08:09 -------- d-----w- c:\documents and settings\Utente1\Dati applicazioni\DAEMON Tools Lite
2009-08-09 20:21 . 2009-04-23 20:11 -------- d-----w- c:\programmi\Styler
2009-08-09 20:20 . 2009-01-02 19:59 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-08-09 20:15 . 2009-06-06 08:57 -------- d-----w- c:\programmi\RocketDock
2009-08-09 20:10 . 2009-03-19 19:24 -------- d-----w- c:\programmi\DVDFab Platinum 4
2009-08-09 19:43 . 2009-06-08 19:32 -------- d-----w- c:\programmi\TrueTransparency
2009-08-05 08:59 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:18 . 2009-01-30 20:54 -------- d-----w- c:\programmi\Java
2009-08-02 17:51 . 2009-05-15 17:59 -------- d-----w- c:\documents and settings\Utente1\Dati applicazioni\BlackBean
2009-08-02 17:28 . 2009-05-15 17:50 -------- d-----w- c:\programmi\BlackBeanGames
2009-08-01 19:57 . 2008-11-28 08:04 140520 ----a-w- c:\windows\hpoins12.dat
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 18:46 . 2008-11-26 22:05 2456 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-01 18:03 . 2009-03-19 19:25 -------- d-----w- c:\documents and settings\Utente1\Dati applicazioni\Vso
2009-06-29 15:55 . 2008-04-14 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:55 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:54 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 08:09 . 2009-06-28 08:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-11-24 17:21 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-04-14 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-03-21 17:50 . 2009-03-21 16:50 103131812 ----a-w- c:\programmi\Cai2_by_ouralisev3.rar
2009-03-04 12:39 . 2009-03-04 11:46 150000000 ----a-w- c:\programmi\I.Love.Shopping.2009.MD.TS.XviD-MASA.part2.rar
2009-03-01 06:32 . 2009-02-28 19:53 102400000 ----a-w- c:\programmi\Photoshop_cs2_keygen_STANLEZZ.part2.rar
2009-03-01 06:17 . 2009-02-28 19:53 102400000 ----a-w- c:\programmi\Photoshop_cs2_keygen_STANLEZZ.part1.rar
2009-03-01 06:15 . 2009-02-28 19:53 102400000 ----a-w- c:\programmi\Photoshop_cs2_keygen_STANLEZZ.part3.rar
2009-02-28 22:02 . 2009-02-28 19:53 36720851 ----a-w- c:\programmi\Photoshop_cs2_keygen_STANLEZZ.part4.rar
2009-02-27 12:44 . 2009-02-27 12:43 50385384 ----a-w- c:\programmi\Adobe_Photoshop__CS3__Extended___Crack.part1.rar.part
2009-02-27 12:44 . 2009-02-27 12:43 50612588 ----a-w- c:\programmi\Adobe_Photoshop__CS3__Extended___Crack.part3.rar.part
2009-02-27 12:44 . 2009-02-27 12:43 50684488 ----a-w- c:\programmi\Adobe_Photoshop__CS3__Extended___Crack.part4.rar.part
2009-02-27 12:44 . 2009-02-27 12:43 51134582 ----a-w- c:\programmi\Adobe_Photoshop__CS3__Extended___Crack.part2.rar.part
2009-02-27 12:44 . 2009-02-27 12:43 50350872 ----a-w- c:\programmi\Adobe_Photoshop__CS3__Extended___Crack.part5.rar.part
2009-02-05 21:21 . 2009-02-05 21:19 19599556 ----a-w- c:\programmi\Wallpapers_2_QoopC.rar
2007-09-21 16:07 . 2009-01-14 18:00 2590 ---h--w- c:\programmi\Descript.ion
2007-09-20 17:34 . 2009-01-27 19:33 129536 ----a-w- c:\programmi\RarExt.dll
2007-09-05 21:10 . 2009-01-27 19:33 17171 ------w- c:\programmi\Novità.Txt
2007-09-05 10:26 . 2009-01-27 19:33 11352 ------w- c:\programmi\NoteTecniche.Txt
2007-04-19 21:11 . 2009-01-27 19:33 2235 ------w- c:\programmi\Leggimi.Txt
2007-04-03 22:08 . 2009-01-27 19:33 7480 ------w- c:\programmi\Licenza.Txt
2007-01-10 21:34 . 2009-01-27 19:33 611 ------w- c:\programmi\Uninstall.Lst
2007-01-10 21:32 . 2009-01-27 19:33 7784 ------w- c:\programmi\Ordina.htm
2007-01-10 21:32 . 2009-01-27 19:33 7784 ------w- c:\programmi\Ordin.htm
2006-12-23 16:37 . 2009-01-27 19:33 44032 ----a-w- c:\programmi\RarExtLoader.exe
2006-12-11 01:14 . 2009-01-27 19:33 43008 ----a-w- c:\programmi\RarExt64.dll
2006-04-28 22:47 . 2009-01-27 19:33 1373 ------w- c:\programmi\RarFiles.Lst
2005-06-08 20:43 . 2009-01-27 19:33 244 ------w- c:\programmi\SorgUnRAR.Txt
.
------- Sigcheck -------
[-] 2008-04-14 12:00 579584 3E163C943AC3ECC44826954A579E0F87 c:\windows\system32\user32.dll
[-] 2008-04-14 12:00 579584 3E163C943AC3ECC44826954A579E0F87 c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 12:00 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\winlogon.exe
[-] 2008-04-14 12:00 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\dllcache\winlogon.exe
[7] 2009-02-09 11:14 2069888 FF69166080436A31A3EAC9CC7C3F1847 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 18:25 2069760 C812D8551FD3B6ACDBF7EB6B18B1B992 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 13:22 2027520 BC8D2FF46D42B76655F443EF1386930F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 12:00 2027520 FE93732DE7D6EA191E2FF816341D6FFF c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-10 17:02 2069760 310B4DD8E34D9281D609B5EBDFDE34A7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-09 11:23 2188800 58067AE0C38014627F3B5AF32E0E7C2B c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 11:23 2188800 58067AE0C38014627F3B5AF32E0E7C2B c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-10 17:14 2192896 3B5928FCD0DD3E10DEB1C13CA35201F6 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 18:25 2192896 0EE73494680235D59F4E57301D7AD580 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 13:22 2148864 15315CDC4A67DCBBAE59967F08129499 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 12:00 2148864 85B6D05F83DFBAFEF5F58836CE39586C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-09 11:23 2192768 AAC0F03E70F066D2E13FA2BA534BB2A8 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 11:22 2310144 B330561E515AA626F81407978AB5C72C c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:22 2310144 B330561E515AA626F81407978AB5C72C c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 12:00 1543168 889676A942A232F349C9F8177CD9B782 c:\windows\explorer.exe
[-] 2008-04-14 12:00 1543168 889676A942A232F349C9F8177CD9B782 c:\windows\system32\dllcache\explorer.exe
[-] 2008-04-14 12:00 40448 7F4C43F75EBF781352DB3B5EF6BF8230 c:\windows\system32\ctfmon.exe
[-] 2008-04-14 12:00 40448 7F4C43F75EBF781352DB3B5EF6BF8230 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 12:00 1547264 4A4DB364EFEC67E730BC587DE11D0F89 c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 1547264 4A4DB364EFEC67E730BC587DE11D0F89 c:\windows\system32\dllcache\comres.dll
[-] 2008-04-14 12:00 643072 6B00176C49AD983527346A0CB3B29BD1 c:\windows\system32\comctl32.dll
[-] 2008-04-14 12:00 643072 6B00176C49AD983527346A0CB3B29BD1 c:\windows\system32\dllcache\comctl32.dll
[7] 2008-04-14 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 12:00 1054208 9530E35D9033ACED20CDA2509A21073A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Eset GUI"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-24 1447168]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-24 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Utente1^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=c:\documents and settings\Utente1\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EA Core"=c:\programmi\Electronic Arts\EADM\Core.exe -silent
"Mobile Partner"="c:\programmi\Yahoo!\Yahoo!.exe"
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"Microsoft Office Outlook"=c:\progra~1\MI1933~1\Office12\OUTLOOK.EXE /recycle
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Codemasters\\GRID\\GRID.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/09/2008 15.53.52 34312]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [24/11/2008 20.32.02 36864]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27/08/2009 23.07.43 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27/08/2009 23.07.43 3072]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-29 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 10:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.mini20.com
uInternet Connection Wizard,ShellNext =
ftp://10.0.0.249/IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {CA954007-5259-478B-BC71-05F26A3F134C} = 151.99.125.2,151.99.125.3
FF - ProfilePath - c:\documents and settings\Utente1\Dati applicazioni\Mozilla\Firefox\Profiles\5b4deyzs.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-29 17:17
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1060284298-1972579041-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-1060284298-1972579041-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,ff,90,db,ba,c3,7f,57,cc,89,7a,0e,ea,8c,f4,f2,98,d0,5f,c2,ea,ce,79,
01,d2,c7,07,27,5f,77,b9,13,a1,41,5b,d9,ac,26,a0,16,55,ed,35,5c,8b,c2,82,b8,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
[HKEY_USERS\S-1-5-21-1060284298-1972579041-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:1f,2a,b6,13,8b,b9,66,c4,36,17,2c,eb,e9,99,c4,25,af,0e,e5,8d,11,
99,48,fb,1a,b9,45,3e,d5,7d,d9,d6,c1,48,38,30,17,4e,b6,2b,f2,62,47,e5,74,71,\
"rkeysecu"=hex:73,e7,07,a2,90,76,de,cc,44,06,70,8d,d7,06,7f,71
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\cscript.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-29 17.19.00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-29 15:18
Pre-Run: 192.635.027.456 byte disponibili
Post-Run: 192.708.775.936 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /NOEXECUTE=OPTIN /FASTDETECT
390 --- E O F --- 2009-08-28 17:52
