ComboFix 09-08-23.01 - Kimberly Mangano 24/08/2009 17.04.00.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2940.2478 [GMT 2:00]
Eseguito da: c:\documents and settings\Kimberly Mangano\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Kimberly Mangano\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-07-24 al 2009-08-24 )))))))))))))))))))))))))))))))))))
.
2009-08-24 12:10 . 2009-08-24 12:10 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Malwarebytes
2009-08-24 12:10 . 2009-08-24 12:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-24 10:53 . 2009-08-24 10:53 -------- d-sh--w- c:\documents and settings\Kimberly Mangano\PrivacIE
2009-08-24 10:14 . 2009-08-24 10:14 -------- d-----w- c:\windows\system32\it
2009-08-24 10:14 . 2009-08-24 10:14 -------- d-----w- c:\windows\l2schemas
2009-08-24 10:13 . 2009-08-24 10:13 -------- d-----w- c:\windows\system32\bits
2009-08-24 09:45 . 2009-08-24 10:00 -------- d-----w- c:\windows\system32\NtmsData
2009-08-24 09:43 . 2009-08-24 09:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-24 09:42 . 2009-08-24 09:42 -------- d-sh--w- c:\documents and settings\Kimberly Mangano\IETldCache
2009-08-24 09:21 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-24 09:21 . 2009-07-19 16:42 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-08-24 09:21 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-24 09:21 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-24 09:21 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-24 09:21 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-24 09:21 . 2009-08-24 09:21 -------- d-----w- c:\windows\ie8updates
2009-08-24 09:20 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-24 09:19 . 2009-08-24 10:14 -------- d-----w- c:\windows\system32\it-IT
2009-08-24 09:19 . 2009-08-24 09:20 -------- dc-h--w- c:\windows\ie8
2009-08-24 00:27 . 2008-04-14 02:13 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-08-23 23:21 . 2009-08-23 23:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-08-23 17:59 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 17:59 . 2009-08-23 23:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-22 13:48 . 2009-08-22 13:48 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 13:48 . 2009-08-22 13:48 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-22 13:47 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 13:47 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 13:47 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 13:47 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 13:47 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 13:47 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 13:47 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-21 20:20 . 2009-08-21 20:20 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Ahead
2009-08-20 18:38 . 2009-08-20 18:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-20 16:33 . 2009-08-20 16:33 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Yahoo!
2009-08-20 16:33 . 2009-08-20 16:42 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-08-20 11:57 . 2009-08-20 11:57 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\TuneUp Software
2009-08-20 11:57 . 2009-08-20 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-08-20 11:56 . 2009-08-20 11:56 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-20 10:54 . 2009-08-20 10:54 -------- d-----w- c:\programmi\uTorrent
2009-08-20 10:41 . 2009-08-23 23:19 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\uTorrent
2009-08-18 20:00 . 2009-08-18 20:00 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Yahoo!
2009-08-13 10:50 . 2008-04-14 02:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 10:49 . 2009-08-24 10:10 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 09:18 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 16:01 . 2009-08-08 16:01 -------- d-----w- c:\programmi\Mad Scientist Productions
2009-08-07 21:06 . 2009-08-07 21:06 -------- d-----w- c:\documents and settings\Kimberly Mangano\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 15:57 . 2009-08-03 15:59 -------- d-----w- c:\documents and settings\Kimberly Mangano\Impostazioni locali\Dati applicazioni\Temp
2009-08-02 22:28 . 2009-08-23 11:50 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Desktopicon
2009-08-02 22:27 . 2009-08-02 22:27 -------- d-----w- c:\programmi\DsNET Corp
2009-08-01 22:57 . 2009-08-01 22:57 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-08-01 22:38 . 2009-08-01 22:38 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-08-01 22:38 . 2009-08-02 19:26 -------- d-----w- c:\documents and settings\Kimberly Mangano\Impostazioni locali\Dati applicazioni\Google
2009-08-01 22:37 . 2009-08-01 22:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-01 22:37 . 2009-08-01 22:39 -------- d-----w- c:\programmi\Google
2009-07-31 18:12 . 2009-07-31 18:12 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\e frontier
2009-07-29 15:33 . 2009-07-29 15:33 10134 ----a-r- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-29 13:21 . 2009-07-29 13:21 237056 ----a-w- c:\documents and settings\Kimberly\Impostazioni locali\Dati applicazioni\wuqyq.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 14:57 . 2009-06-06 19:57 745504 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-24 14:57 . 2009-06-06 19:57 4676 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-24 14:36 . 2009-06-06 19:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-08-24 14:35 . 2009-06-06 19:57 3605536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-24 14:35 . 2009-06-06 19:57 30296 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-24 14:27 . 2001-08-31 10:00 80688 ----a-w- c:\windows\system32\perfc010.dat
2009-08-24 14:27 . 2001-08-31 10:00 482274 ----a-w- c:\windows\system32\perfh010.dat
2009-08-24 10:39 . 2009-07-17 17:01 78856 ----a-w- c:\documents and settings\Kimberly Mangano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-24 10:16 . 2008-12-30 10:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-23 11:27 . 2008-12-30 14:30 78080 ----a-w- c:\documents and settings\Kimberly\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-23 11:16 . 2009-01-18 16:14 78080 ----a-w- c:\documents and settings\alex mangano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-21 20:13 . 2008-12-30 11:49 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-08-21 20:11 . 2008-12-30 14:30 -------- d-----w- c:\programmi\Yahoo!
2009-08-21 13:45 . 2009-02-04 17:44 -------- d-----w- c:\programmi\e frontier
2009-08-20 18:49 . 2009-06-06 19:58 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-20 18:49 . 2009-06-06 19:58 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-20 18:49 . 2009-06-06 20:15 861448 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-08-18 21:28 . 2008-12-30 10:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-13 10:50 . 2008-12-30 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-08-05 08:59 . 2004-08-19 13:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 12:44 . 2009-01-13 15:07 -------- d-----w- c:\programmi\RocketDock
2009-07-29 08:16 . 2009-06-12 13:03 -------- d-----w- c:\programmi\Games-Attack
2009-07-18 13:08 . 2009-01-01 23:21 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-07-18 11:48 . 2009-07-18 11:34 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\Winamp
2009-07-17 19:01 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 12:54 . 2009-07-14 12:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 12:53 . 2009-07-14 12:53 -------- d-----w- c:\programmi\Java
2009-07-14 12:53 . 2009-07-14 12:50 152576 ----a-w- c:\documents and settings\alex mangano\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-07-12 16:34 . 2009-07-12 16:34 -------- d-----w- c:\documents and settings\Kimberly Mangano\Dati applicazioni\DivX
2009-07-08 21:11 . 2009-01-14 17:14 -------- d-----w- c:\documents and settings\Kimberly\Dati applicazioni\uTorrent
2009-07-05 21:16 . 2009-07-05 21:07 -------- d-----w- c:\documents and settings\Kimberly\Dati applicazioni\DAEMON Tools Pro
2009-07-05 21:09 . 2009-07-05 21:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Pro
2009-07-05 21:07 . 2009-06-18 15:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-05 20:30 . 2009-07-05 20:30 -------- d-----w- c:\programmi\Elaborate Bytes
2009-07-03 16:55 . 2004-08-19 13:39 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 18:34 . 2004-08-19 13:39 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:34 . 2004-08-19 13:39 519168 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:34 . 2004-08-19 13:39 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:34 . 2004-08-19 13:39 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:34 . 2004-08-19 13:39 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:34 . 2004-08-19 13:39 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:34 . 2004-08-19 13:39 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:34 . 2004-08-19 13:39 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:34 . 2004-08-19 13:39 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:34 . 2004-08-19 13:39 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:34 . 2004-08-19 13:39 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:34 . 2004-08-19 13:39 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:25 . 2004-08-19 13:39 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-19 13:39 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-19 13:39 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-19 13:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-19 13:39 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-19 13:39 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 20:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:49 . 2004-08-19 13:39 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-19 13:39 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-19 13:39 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-18 15:19 . 2009-06-18 15:19 10134 ----a-r- c:\documents and settings\Kimberly\Dati applicazioni\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-16 14:36 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-31 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:43 . 2004-08-19 13:39 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:43 . 2004-08-19 13:39 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 13:04 . 2009-06-12 13:04 4086216 ----a-w- c:\documents and settings\Kimberly\Dati applicazioni\Games-Attack\flash\GA.exe
2009-06-12 12:44 . 2009-06-12 12:44 32768 ----a-r- c:\documents and settings\Kimberly\Dati applicazioni\Microsoft\Installer\{F5C59845-C983-4769-8234-0E98456225CD}\_42E70C2F6A7C_473C_B8F3_BB8C8668C41E.exe
2009-06-10 14:13 . 2004-08-19 13:39 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-19 13:39 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 20:15 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-06 20:15 . 2009-06-06 20:15 33808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-06-06 20:15 . 2009-06-06 20:15 213520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-06-06 20:15 . 2009-06-06 20:15 21256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-06-06 20:15 . 2009-06-06 20:15 83208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-06-06 20:15 . 2009-06-06 20:15 62728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-06-06 20:15 . 2009-06-06 20:15 43784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-06-06 20:15 . 2009-06-06 20:15 365832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-06-06 20:15 . 2009-06-06 20:15 201992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-06-03 19:09 . 2004-08-19 13:39 1296384 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-28 150040]
"THotkey"="c:\programmi\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"ACU"="c:\programmi\Atheros\ACU.exe" [2008-04-14 450648]
"BDRegion"="c:\programmi\Cyberlink\Shared Files\brs.exe" [2008-02-14 91432]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-06-06 201992]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-08-28 16860672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\alex mangano\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"\\\\ALESSANDRO\\F SU ALESSANDRO\\Documenti Kimberly\\uTorrent.exe"=
"d:\\Mangano\\Salvataggio dati Kimberly\\uTorrent.exe"=
"c:\\Documents and Settings\\Kimberly\\Desktop\\uTorrent.exe"=
"c:\\Programmi\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [30/12/2008 12.49.04 5888]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20.07.10 24592]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [30/12/2008 12.50.57 57408]
S2 gupdate1ca12f8d1ab71c6;Servizio di Google Update (gupdate1ca12f8d1ab71c6);c:\programmi\Google\Update\GoogleUpdate.exe [02/08/2009 0.38.38 133104]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-24 17:07
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1848)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(1068)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-08-24 17.08.34
ComboFix-quarantined-files.txt 2009-08-24 15:08
ComboFix2.txt 2009-08-24 14:39
Pre-Run: 61.661.294.592 byte disponibili
Post-Run: 61.635.112.960 byte disponibili
234 --- E O F --- 2009-08-24 10:35