ciao, ho finalmente fatto la scansione con combofix che ha rilevato ed eliminato divresi file...però devo dire che ha apportato un paio problemi, il primo è facilmente risolvibile perhè è andato via il wallpaper dal desktop, il secondo è che l'errore di caricamento dll continua a esserci e ne sono comparsi altri di simile fattura! comunque copio qui il log e spero mi illuminiate sul da farsi!
ComboFix 08-09-04.09 - Master 2008-09-05 17.52.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.502 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Master\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Master\Cookies\master@ad.yieldmanager[1].txt
C:\Documents and Settings\Master\Cookies\master@clickpoint[1].txt
C:\Documents and Settings\Master\Cookies\master@clicktorrent[2].txt
C:\Documents and Settings\Master\Cookies\master@statcounter[1].txt
C:\Documents and Settings\Master\Dati applicazioni\inst.exe
C:\WINDOWS\system32\kntoiolb.ini
C:\WINDOWS\system32\sfufclia.ini
C:\WINDOWS\system32\wfxhelp22.dll
C:\WINDOWS\system32\winapi32.dll
K:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2008-08-05 al 2008-09-05 )))))))))))))))))))))))))))))))))))
.
2008-09-01 17:07 . 2008-09-02 17:30 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-01 17:07 . 2008-09-01 17:07 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Malwarebytes
2008-09-01 17:07 . 2008-09-01 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-01 17:07 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 17:07 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 12:29 . 2008-09-01 12:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-08-30 19:36 . 2008-08-30 19:36 <DIR> d-------- C:\Temp
2008-08-30 16:53 . 2008-09-05 18:33 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-29 12:30 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Adobe Systems
2008-08-29 11:19 . 2008-08-29 11:19 <DIR> d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-08-26 18:02 . 2008-08-26 18:02 <DIR> d-------- C:\Programmi\AutoPowerOn
2008-08-26 18:02 . 2008-08-26 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AutoPowerOn
2008-08-26 00:59 . 2008-08-26 00:59 <DIR> d-------- C:\Programmi\Dnote Software
2008-08-26 00:50 . 2008-08-26 00:51 <DIR> d-------- C:\Programmi\PoigpsGo
2008-08-26 00:33 . 2008-08-31 12:17 <DIR> d-------- C:\Richard_Davies
2008-08-26 00:32 . 2000-01-30 22:24 421,888 --------- C:\WINDOWS\system32\DFORRT.DLL
2008-08-26 00:32 . 2004-05-29 09:55 86,016 --------- C:\WINDOWS\system32\qtXLS.dll
2008-08-26 00:32 . 2004-04-15 15:27 938 --------- C:\WINDOWS\system32\L0611-879268.lic
2008-08-24 18:24 . 2008-08-24 18:24 <DIR> d-------- C:\Programmi\Magellan
2008-08-23 12:15 . 2008-08-23 12:15 0 --a------ C:\WINDOWS\windowfx3.ini
2008-08-23 11:49 . 2008-08-23 11:49 0 --a------ C:\WINDOWS\windowfx2.ini
2008-08-23 11:37 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-08-23 10:59 . 2008-08-23 11:00 <DIR> d-------- C:\Programmi\UberIcon
2008-08-22 16:13 . 2008-05-16 00:51 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-08-22 16:13 . 2008-05-16 00:51 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
2008-08-22 16:13 . 2008-05-16 00:51 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-08-22 16:13 . 2008-05-16 00:51 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2008-08-22 16:13 . 2008-05-16 00:51 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-08-22 16:13 . 2008-05-16 00:52 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-08-22 16:13 . 2008-05-16 00:51 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-08-22 16:13 . 2008-05-16 00:51 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-08-22 16:13 . 2008-05-16 00:51 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-08-22 16:12 . 2008-05-16 00:52 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2008-08-22 16:08 . 2008-08-22 16:08 <DIR> d-------- C:\Programmi\File comuni\VMware
2008-08-22 15:12 . 2008-08-22 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Modelli
2008-08-21 02:25 . 2008-09-05 18:37 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-20 00:58 . 2008-08-20 00:58 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\.ZMatrix
2008-08-20 00:57 . 2008-08-20 00:57 <DIR> d-------- C:\Programmi\ZMatrix
2008-08-20 00:57 . 2008-08-20 00:57 <DIR> d-------- C:\Programmi\Winamp
2008-08-20 00:57 . 2008-08-20 00:57 64 --a------ C:\WINDOWS\ZMatrixSS.ini
2008-08-19 18:50 . 2008-08-19 18:50 299,008 --a------ C:\WINDOWS\system32\miccyhook.dll
2008-08-19 17:34 . 2008-07-03 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-08-18 12:42 . 2008-08-18 12:47 <DIR> d-------- C:\Programmi\Driver Sweeper
2008-08-17 22:45 . 2008-08-17 22:45 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Windows Search
2008-08-17 19:14 . 2008-08-17 19:14 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-17 19:14 . 2008-08-19 16:31 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-08-17 19:11 . 2008-07-22 16:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-17 19:11 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-17 19:11 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-17 19:11 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-17 19:10 . 2008-07-22 16:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-17 19:10 . 2008-07-22 16:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-15 17:44 . 2008-08-23 01:32 <DIR> d-------- C:\DESKTOP
2008-08-15 15:22 . 2008-08-15 15:22 <DIR> d-------- C:\Programmi\RocketDock
2008-08-15 00:51 . 2008-08-20 19:21 <DIR> d-------- C:\Documents and Settings\Master\Dati applicazioni\Azureus
2008-08-15 00:51 . 2008-08-15 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-08-15 00:50 . 2008-08-15 00:51 <DIR> d-------- C:\Programmi\Vuze
2008-08-15 00:48 . 2008-08-15 00:48 <DIR> d-------- C:\Documents and Settings\Master\Temp
2008-08-14 11:18 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:17 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 21:16 . 2007-03-16 14:30 15,360 -ra------ C:\WINDOWS\system32\viahdcpl.cpl
2008-08-13 21:15 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-08-13 16:05 . 2002-08-20 14:17 217,088 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-08-13 12:23 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-08-13 12:23 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-08-13 10:41 . 2004-07-09 04:26 47,104 --a--c--- C:\WINDOWS\system32\dllcache\wstdecod.dll
2008-08-13 10:41 . 2004-07-09 04:26 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-08-13 10:41 . 2004-07-09 04:26 18,688 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-08-13 10:41 . 2004-07-09 04:26 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-08-13 10:41 . 2004-07-09 04:26 14,976 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,880 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-08-13 10:41 . 2004-07-09 04:26 10,112 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-08-11 21:11 . 2008-08-11 21:11 267,304 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-08-11 21:10 . 2008-08-11 21:10 952,360 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 16:39 35,786,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-05 16:39 1,138,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-05 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-09-05 16:38 --------- d-----w C:\Programmi\cFosSpeed
2008-09-05 16:37 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\VMware
2008-09-05 16:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VMware
2008-09-05 16:35 483,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-05 16:35 109,772 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-05 15:51 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\uTorrent
2008-09-02 09:55 --------- d-----w C:\Programmi\Startup Faster
2008-08-31 15:53 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\CyberLink
2008-08-29 10:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-08-25 14:53 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\VMware
2008-08-23 14:27 --------- d-----w C:\Programmi\Electronic Arts
2008-08-23 10:57 --------- d-----w C:\Programmi\Google Earth Pro 4.2
2008-08-23 09:37 --------- d-----w C:\Programmi\Stardock
2008-08-23 09:32 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\LimeWire
2008-08-22 23:13 --------- d-----w C:\Programmi\PicLensIE
2008-08-22 14:08 --------- d-----w C:\Programmi\VMware
2008-08-20 21:04 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\DivX
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Nokia
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\mIRC
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\IceChat
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-08-20 17:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-20 17:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-08-19 14:49 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-16 20:15 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Vso
2008-08-14 17:33 162,432 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-14 09:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-13 19:16 --------- d-----w C:\Programmi\VIA
2008-08-07 14:43 --------- d-----w C:\Programmi\Folder Lock
2008-08-06 16:49 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-04 19:39 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\BlackBean
2008-08-04 19:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ATI
2008-08-04 19:26 --------- d-----w C:\Programmi\ATI Technologies
2008-08-04 17:32 --------- d-----w C:\Programmi\BlackBeanGames
2008-08-01 22:40 --------- d-----w C:\Programmi\Java
2008-08-01 17:19 --------- d-----w C:\Programmi\Screen Saver
2008-07-25 13:59 --------- d-----w C:\Programmi\Nokia
2008-07-25 13:59 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-07-25 13:58 --------- d-----w C:\Programmi\File comuni\Nokia
2008-07-25 13:33 --------- d-----w C:\Programmi\Nero
2008-07-25 13:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-07-25 12:00 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Nero
2008-07-24 16:18 --------- d-----w C:\Programmi\eXtreme Movie Manager
2008-07-24 14:14 --------- d-----w C:\Programmi\Free Audio Pack
2008-07-24 14:09 --------- d-----w C:\Programmi\FLAC
2008-07-23 17:50 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-21 16:17 --------- d-----w C:\Documents and Settings\Master\Dati applicazioni\Reasonable Software House Ltd
2008-07-16 20:24 --------- d-----w C:\Programmi\TVersity Codec Pack
2008-07-10 15:23 --------- d-----w C:\Programmi\RegDoctor
2008-07-08 14:01 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2008-07-07 22:11 --------- d-----w C:\Programmi\IceChat7
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 17:11 162,816 ----a-w C:\WINDOWS\system32\fmod.dll
2008-07-07 17:10 --------- d-----w C:\Programmi\Yamicsoft
2008-07-06 10:08 --------- d-----w C:\Programmi\LimeWire
2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-25 08:33 290,008 ----a-w C:\WINDOWS\system32\cfosspeed.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-17 16:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-23 22:04 47,360 ----a-w C:\Documents and Settings\Master\Dati applicazioni\pcouffin.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-05-07 16:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050720080508\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="C:\Programmi\Startup Faster\startuploader.exe" [2008-03-22 1393888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Master\Menu Avvio\Programmi\Esecuzione automatica\StartupFaster
StartupFaster.ini [2008-09-05 285]
ZMatrix.lnk - C:\Programmi\ZMatrix\matrix.exe [2003-05-25 114688]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\StartupFaster
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-10-04 10:58 184320 C:\Programmi\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\SimpleCenter\\Home Media Server.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Programmi\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Programmi\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Programmi\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\cFosSpeed\\cfosspeed.exe"=
"C:\\Programmi\\IceChat7\\IceChat7.exe"=
"C:\\Programmi\\TVersity\\Media Server\\MediaServer.exe"=
"C:\\Programmi\\Vuze\\Azureus.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58594:TCP"= 58594:TCP:l
"4662:TCP"= 4662:TCP:utorrent1
"4662:UDP"= 4662:UDP:utorrent2
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\
000.fcl [2008-01-30 13:28 41456]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
R2 PD91Agent;PD91Agent;C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PD91Engine;PD91Engine;C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 167808]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/ig?hl=itR1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{DB59CE9D-EA67-481A-870B-2AB0E3D73504}: NameServer = 192.168.0.1,85.37.17.8,85.38.28.73
O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- File Associations (Beta) -------
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-05 18:37:29
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\
000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programmi\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\cFosSpeed\spd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmi\cFosSpeed\cfosspeed.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmi\AutoPowerOn\AutoPowerOn.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\SimpleCenter\bin\win\sclauncher.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Startup Faster\SFAgent.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2008-09-05 18:43:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 16:43:00
Pre-Run: 8,261,652,480 byte disponibili
Post-Run: 20,968,857,600 byte disponibili
350 --- E O F --- 2008-08-28 10:22:32