virtumonde in HKAY_LOCAL_MACHINE\SOFTWERE\microsoft\contim

[danny123]

ciao, ogni vota che effettua la scansione con spypot mi trova tre virtumode, una nella ciave di registro in oggetto specificata, e gli altri due sono file di configurazione, ecco il rapporto:

(SBI $4D2BC948) impostazioni
HKAY_LOCAL_MACHINE\SOFTWERE\microsoft\contim

(SBI $FDO8B4B7) file di configurazione
C:\Windows\system32\uBKmlnnn.ini2

(SBI $2A2DCEAC) file di configurazione
C:\Windows\system32\uBKmlnnn.ini

Cosa devo fare?

[Luke57]

Ciao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva il tea timer di spybot
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia e posta il contenuto del file o allegalo.

[danny123]

scusa l'ignoranza, ma non riesco a disattivare il tea timer di spybot. (spiegami in maniera elementare)

[Luke57]

Apri SpyBot in modalità avanzata (in alto, menù modalità - avanzata), in basso a sinistra clicca su "utilità" e poi su "resident" in alto a sinistra.
Se "resident" non ti appare nella colonna a sinistra, metti la spunta sulla sua voce nella finestra che ti appare quando premi "utilità".
Una volta in quella sezione togli la seconda spunta "attiva il modulo Tea Timer....

[danny123]

ok! ho fatto la scansione con spybot e non ha trovato niente. Adesso devo rimettere la spunta per attivare Tea Timer? di Combifix che ne faccio?... ti allego modulo combifix e grazie tante.

ComboFix 08-12-28.04 - Donato 2008-12-29 22.00.15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.447.210 [GMT 1:00]
Running from: c:\documents and settings\Donato\desktop\combofix.exe
Command switches used :: /killall
AV: Sistema Antivirus NOD32 2.51 *On-access scanning disabled* (Outdated)
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ilhhqcai.dll
c:\windows\system32\iylaxakf.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nnnlmKBu.dll
c:\windows\system32\uBKmlnnn.ini
c:\windows\system32\uBKmlnnn.ini2
c:\windows\system32\xcbrcjki.dll
c:\windows\Tasks\ikougrcf.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-29 00:49 . 2008-12-29 00:49 120 --ahs---- c:\windows\system32\fkaxalyi.ini
2008-12-28 18:39 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-28 17:48 . 2008-12-28 17:48 <DIR> d-------- c:\programmi\Microsoft Works
2008-12-28 17:41 . 2008-12-28 17:41 <DIR> d-------- c:\programmi\Microsoft.NET
2008-12-28 17:29 . 2008-12-28 17:29 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2008-12-28 17:25 . 2008-12-28 17:44 <DIR> d-------- c:\windows\SHELLNEW
2008-12-28 17:19 . 2008-12-28 17:19 <DIR> dr-h----- C:\MSOCache
2008-12-28 17:16 . 2008-12-28 18:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-27 17:39 . 2008-12-29 01:04 <DIR> d-------- c:\programmi\PokerStars.IT
2008-12-24 14:19 . 2008-12-24 14:19 91 --a------ c:\windows\wininit.ini
2008-12-23 14:25 . 2008-12-23 14:25 <DIR> d--h----- c:\windows\PIF
2008-12-23 00:02 . 2008-12-23 08:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-18 20:38 . 2008-12-18 20:38 1,409 --a------ c:\windows\system32\tmpD2680.FOT
2008-12-18 11:30 . 2008-12-18 11:31 713,181 --ahs---- c:\windows\system32\pjvkcdpo.ini
2008-12-17 15:27 . 2008-12-17 15:27 713,489 --ahs---- c:\windows\system32\xdpxkiqt.ini
2008-12-16 15:25 . 2008-12-16 15:25 696,935 --ahs---- c:\windows\system32\qrudlwmj.ini
2008-12-16 14:27 . 2008-12-16 14:27 <DIR> d-------- c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
2008-12-16 14:26 . 2008-12-17 14:28 <DIR> d-------- c:\programmi\securedie
2008-12-05 23:42 . 2008-12-28 22:55 <DIR> d-------- c:\windows\system32\Adobe
2008-12-05 17:00 . 2008-12-06 22:36 <DIR> d-------- c:\windows\system32\config\systemprofile\Dati applicazioni\SiteAdvisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-28 21:57 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-28 16:47 --------- d-----w c:\programmi\MSBuild
2008-12-26 22:39 --------- d-----w c:\programmi\eMule
2008-12-09 16:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2008-11-23 22:03 --------- d-----w c:\documents and settings\Donato\Dati applicazioni\HiYo
2008-11-17 16:06 --------- d-----w c:\programmi\Burraconline
2008-10-19 09:28 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-19 09:28 147,456 ------w c:\windows\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 68856]
"SpybotSD TeaTimer"="g:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-07 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-03-18 921600]
"SiteAdvisor"="c:\programmi\SiteAdvisor\6253\SiteAdv.exe" [2006-10-02 35928]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 561213]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-03-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\Drivers\ousbehci.sys [2008-10-08 36224]
S3 DIGIRPS;Driver PortServer Digi;c:\windows\system32\DRIVERS\digirlpt.sys [2008-10-08 42624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64eb2460-957f-11dd-9eed-db1b59af6522}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64eb2461-957f-11dd-9eed-db1b59af6522}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f2-9514-11dd-9ed5-d934d3beb281}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f4-9514-11dd-9ed5-c2e7f5dbcadc}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f5-9514-11dd-9ed5-c2e7f5dbcadc}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f6-9514-11dd-9ed5-c2e7f5dbcadc}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce40cdb8-a015-11dd-9f07-bcb9d2822d48}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbd9cfb4-956d-11dd-9eec-f7270ca2b181}]
\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbd9cfb5-956d-11dd-9eec-f7270ca2b181}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{cd36797a-70f3-4acd-8825-623d3b896881} - (no file)
BHO-{77AB59B4-55A3-4737-9FD5-B93C64307F78} - c:\windows\system32\xcbrcjki.dll
BHO-{C615AEC1-7922-4FCD-97B3-71CAB68A47EE} - (no file)
BHO-{cd36797a-70f3-4acd-8825-623d3b896881} - (no file)
BHO-{E0C5D988-929F-4366-83C5-EF96B83FE0E3} - c:\windows\system32\nnnlmKBu.dll
WebBrowser-{CD36797A-70F3-4ACD-8825-623D3B896881} - (no file)
HKLM-Run-HiYo - c:\programmi\HiYo\bin\HiYo.exe
Notify-mlJYqQig - mlJYqQig.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotinfolink.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Donato\Dati applicazioni\Mozilla\Firefox\Profiles\kfnt3mjf.default\
FF - component: c:\programmi\SiteAdvisor\6261\FF\components\FFHook.dll
FF - plugin: c:\programmi\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 22:12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Eset\nod32krn.exe
.
**************************************************************************
.
Completion time: 2008-12-29 22:22:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 21:22:05

Pre-Run: 640.446.464 byte disponibili
Post-Run: 809,869,312 byte disponibili

163 --- E O F --- 2008-12-29 21:14:57

[Luke57]

Ciao, adesso apri un file di testo (start>esegui>notepad.exe (lo digiti nello spazio)>OK)
Ci incolli il seguente codice:

Codice: Seleziona tutto

File::
c:\windows\system32\fkaxalyi.ini
c:\windows\system32\tmpD2680.FOT
c:\windows\system32\pjvkcdpo.ini
c:\windows\system32\xdpxkiqt.ini
c:\windows\system32\qrudlwmj.ini
c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
F:\AutoRun.exe
G:\AutoRun.exe


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64eb2460-957f-11dd-9eed-db1b59af6522}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64eb2461-957f-11dd-9eed-db1b59af6522}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f2-9514-11dd-9ed5-d934d3beb281}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f4-9514-11dd-9ed5-c2e7f5dbcadc}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f5-9514-11dd-9ed5-c2e7f5dbcadc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f6-9514-11dd-9ed5-c2e7f5dbcadc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce40cdb8-a015-11dd-9f07-bcb9d2822d48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbd9cfb4-956d-11dd-9eec-f7270ca2b181}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbd9cfb5-956d-11dd-9eec-f7270ca2b181}]

chiamalo obbligatoriamente CFScript.txt e salvalo nella stessa direzione di combofix. Trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione. Al riavvio del computer posta il nuovo report.

[danny123]

fatto tutto! .. mi ha trovato un virus con Nod32, che è stato messo in autoquarantena. dimmi cos'altro...

ComboFix 08-12-28.04 - Donato 2008-12-30 16:57:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.447.128 [GMT 1:00]
Eseguito da: c:\documents and settings\Donato\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Donato\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active


FILE ::
c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
c:\windows\system32\fkaxalyi.ini
c:\windows\system32\pjvkcdpo.ini
c:\windows\system32\qrudlwmj.ini
c:\windows\system32\tmpD2680.FOT
c:\windows\system32\xdpxkiqt.ini
F:\AutoRun.exe
G:\AutoRun.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fkaxalyi.ini
c:\windows\system32\pjvkcdpo.ini
c:\windows\system32\qrudlwmj.ini
c:\windows\system32\tmpD2680.FOT
c:\windows\system32\xdpxkiqt.ini
F:\AutoRun.exe . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-30 )))))))))))))))))))))))))))))))))))
.

2008-12-29 23:39 . 2008-12-30 03:51 1,393 --a------ c:\windows\imsins.BAK
2008-12-28 18:39 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-28 17:48 . 2008-12-28 17:48 <DIR> d-------- c:\programmi\Microsoft Works
2008-12-28 17:41 . 2008-12-28 17:41 <DIR> d-------- c:\programmi\Microsoft.NET
2008-12-28 17:29 . 2008-12-28 17:29 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2008-12-28 17:25 . 2008-12-28 17:44 <DIR> d-------- c:\windows\SHELLNEW
2008-12-28 17:19 . 2008-12-28 17:19 <DIR> dr-h----- C:\MSOCache
2008-12-28 17:16 . 2008-12-30 03:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-27 17:39 . 2008-12-30 16:10 <DIR> d-------- c:\programmi\PokerStars.IT
2008-12-24 14:19 . 2008-12-24 14:19 91 --a------ c:\windows\wininit.ini
2008-12-23 14:25 . 2008-12-23 14:25 <DIR> d--h----- c:\windows\PIF
2008-12-23 00:02 . 2008-12-23 08:04 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-16 14:27 . 2008-12-16 14:27 <DIR> d-------- c:\windows\E4153266612C460FAB94C9DB6802459A.TMP
2008-12-16 14:26 . 2008-12-17 14:28 <DIR> d-------- c:\programmi\securedie
2008-12-05 23:42 . 2008-12-28 22:55 <DIR> d-------- c:\windows\system32\Adobe
2008-12-05 17:00 . 2008-12-06 22:36 <DIR> d-------- c:\windows\system32\config\systemprofile\Dati applicazioni\SiteAdvisor
2008-11-23 23:03 . 2008-11-23 23:03 <DIR> d-------- c:\documents and settings\Donato\Dati applicazioni\HiYo
2008-11-21 15:07 . 2008-11-21 15:07 <DIR> d-------- c:\windows\system32\it
2008-11-21 15:07 . 2008-11-21 15:07 <DIR> d-------- c:\windows\system32\bits
2008-11-21 15:07 . 2008-11-21 15:07 <DIR> d-------- c:\windows\l2schemas
2008-11-17 16:32 . 2008-11-17 17:06 <DIR> d-------- c:\programmi\Burraconline
2008-11-17 15:44 . 2008-04-14 03:13 69,120 --a------ c:\windows\system32\wlanapi.dll
2008-11-17 15:44 . 2008-04-14 03:13 50,688 --a------ c:\windows\system32\tspkg.dll
2008-11-17 15:43 . 2008-04-14 03:14 32,768 --a------ c:\windows\system32\setupn.exe
2008-11-17 15:43 . 2008-04-13 19:40 10,240 --a------ c:\windows\system32\drivers\sffp_mmc.sys
2008-11-17 15:42 . 2008-09-10 02:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll
2008-11-17 15:42 . 2008-04-14 03:13 293,888 --a------ c:\windows\system32\qagentrt.dll
2008-11-17 15:42 . 2008-04-14 03:13 199,680 --a------ c:\windows\system32\napmontr.dll
2008-11-17 15:42 . 2008-04-14 03:14 177,152 --a------ c:\windows\system32\napstat.exe
2008-11-17 15:42 . 2008-04-14 03:13 150,528 --a------ c:\windows\system32\qagent.dll
2008-11-17 15:42 . 2008-04-14 03:13 144,896 --a------ c:\windows\system32\onex.dll
2008-11-17 15:42 . 2008-04-14 02:53 92,672 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2008-11-17 15:42 . 2008-04-14 03:13 76,800 --a------ c:\windows\system32\qutil.dll
2008-11-17 15:42 . 2008-04-14 03:13 62,464 --a------ c:\windows\system32\qcliprov.dll
2008-11-17 15:42 . 2008-04-14 03:13 61,952 --a------ c:\windows\system32\rasqec.dll
2008-11-17 15:42 . 2008-04-14 03:13 31,232 --a------ c:\windows\system32\napipsec.dll
2008-11-17 15:41 . 2008-04-14 03:13 397,312 --a------ c:\windows\system32\mmcex.dll
2008-11-17 15:41 . 2008-04-14 03:13 184,320 --a------ c:\windows\system32\microsoft.managementconsole.dll
2008-11-17 15:41 . 2008-04-14 03:13 155,136 --a------ c:\windows\system32\mssha.dll
2008-11-17 15:41 . 2008-04-14 03:13 106,496 --a------ c:\windows\system32\mmcfxcommon.dll
2008-11-17 15:41 . 2008-04-14 02:52 80,896 --a------ c:\windows\system32\msshavmsg.dll
2008-11-17 15:41 . 2008-04-14 03:14 33,792 --a------ c:\windows\system32\mmcperf.exe
2008-11-17 15:40 . 2008-04-14 03:13 61,440 --a------ c:\windows\system32\kmsvc.dll
2008-11-17 15:40 . 2008-04-14 03:13 37,376 --a------ c:\windows\system32\l2gpstore.dll
2008-11-17 15:40 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbdpash.dll
2008-11-17 15:40 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbdnepr.dll
2008-11-17 15:40 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbdiultn.dll
2008-11-17 15:40 . 2008-04-14 03:12 6,144 --a------ c:\windows\system32\kbdbhc.dll
2008-11-17 15:39 . 2008-04-14 02:56 2,524 --a------ c:\windows\system32\pid.inf
2008-11-17 15:37 . 2008-04-13 17:36 144,384 --a------ c:\windows\system32\drivers\hdaudbus.sys
2008-11-17 15:37 . 2006-12-28 20:01 19,569 --a------ c:\windows\005554_.tmp
2008-11-17 15:36 . 2008-04-14 03:13 184,832 --a------ c:\windows\system32\eapp3hst.dll
2008-11-17 15:36 . 2008-04-14 03:13 179,712 --a------ c:\windows\system32\eapphost.dll
2008-11-17 15:36 . 2008-04-14 03:13 126,976 --a------ c:\windows\system32\eappcfg.dll
2008-11-17 15:36 . 2008-04-14 03:13 94,720 --a------ c:\windows\system32\eappgnui.dll
2008-11-17 15:36 . 2008-04-14 03:13 59,392 --a------ c:\windows\system32\eapqec.dll
2008-11-17 15:36 . 2008-04-14 03:13 40,960 --a------ c:\windows\system32\eappprxy.dll
2008-11-17 15:36 . 2008-04-14 03:13 33,792 --a------ c:\windows\system32\eapsvc.dll
2008-11-17 15:36 . 2008-04-14 03:13 31,232 --a------ c:\windows\system32\eapolqec.dll
2008-11-17 15:35 . 2008-04-14 03:13 651,264 --a------ c:\windows\system32\dot3ui.dll
2008-11-17 15:35 . 2008-04-14 03:13 133,120 --a------ c:\windows\system32\dot3svc.dll
2008-11-17 15:35 . 2008-04-14 03:13 59,904 --a------ c:\windows\system32\dot3cfg.dll
2008-11-17 15:35 . 2008-04-14 03:13 56,832 --a------ c:\windows\system32\dot3msm.dll
2008-11-17 15:35 . 2008-04-14 03:13 48,640 --a------ c:\windows\system32\dhcpqec.dll
2008-11-17 15:35 . 2008-04-14 03:13 39,936 --a------ c:\windows\system32\dot3gpclnt.dll
2008-11-17 15:35 . 2008-04-14 03:13 39,936 --a------ c:\windows\system32\dimsroam.dll
2008-11-17 15:35 . 2008-04-14 03:13 26,112 --a------ c:\windows\system32\dot3api.dll
2008-11-17 15:35 . 2008-04-14 03:13 19,456 --a------ c:\windows\system32\dimsntfy.dll
2008-11-17 15:35 . 2008-04-14 03:13 9,216 --a------ c:\windows\system32\dot3dlg.dll
2008-11-17 15:34 . 2008-04-14 03:13 233,472 --a------ c:\windows\system32\azroles.dll
2008-11-17 15:34 . 2008-04-14 03:13 12,800 --a------ c:\windows\system32\credssp.dll
2008-11-17 15:34 . 2008-04-14 03:13 7,168 --a------ c:\windows\system32\bitsprx4.dll
2008-11-13 01:13 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:04 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-28 21:57 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-28 16:47 --------- d-----w c:\programmi\MSBuild
2008-12-26 22:39 --------- d-----w c:\programmi\eMule
2008-12-09 16:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2008-10-19 09:28 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-19 09:28 147,456 ------w c:\windows\Setup1.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-29_22.19.35.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:40 18,808 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:40 233,848 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:38 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:40 763,768 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:40 402,296 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:04 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:06:04 18,808 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:06:05 233,848 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:06:04 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:42:38 763,768 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:42:45 402,296 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
- 2008-12-28 16:44:24 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-12-30 02:39:08 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-08-26 07:57:14 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:57:14 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:57:14 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:57:14 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:57:14 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:39:58 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:57:14 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:57:15 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:57:15 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:57:15 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:57:17 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:57:17 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:57:18 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:57:18 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:57:18 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:57:20 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:57:21 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:57:21 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:57:21 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:57:21 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:57:21 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:57:22 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:57:22 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:48:14 215,776 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:49:24 390,880 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 19:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 19:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 14:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 19:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 19:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-12-28 16:44:24 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 14:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 20:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-12-28 17:40:42 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-30 02:56:45 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-28 17:40:43 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-30 02:56:46 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-28 17:40:43 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-30 02:56:46 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-28 17:40:43 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-30 02:56:46 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-28 17:40:43 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-30 02:56:46 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-28 17:40:43 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-30 02:56:46 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-28 17:40:44 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-30 02:56:46 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-28 17:40:43 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-30 02:56:46 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-28 17:40:43 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-30 02:56:46 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-28 17:40:43 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-30 02:56:46 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-28 17:40:44 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-30 02:56:46 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-28 17:40:43 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-30 02:56:46 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:57:14 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:04:22 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:57:14 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:04:22 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:57:14 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:04:22 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:57:14 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:04:22 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:57:14 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:04:22 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:57:14 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:04:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:39:58 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:13:44 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:57:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:04:22 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:57:15 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:04:22 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:57:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:04:22 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:57:15 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:04:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 16:58:43 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:04:23 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:57:17 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:04:23 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:57:17 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:04:23 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:57:18 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:04:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 19:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:57:18 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:04:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:57:18 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:04:23 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:57:22 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:36:24 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:57:20 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:04:24 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:57:21 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:04:24 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:57:21 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:04:24 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:57:21 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:04:24 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:57:21 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:04:25 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 02:13:55 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:46 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:57:21 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:04:25 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:57:22 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:57:22 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:04:25 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:57:22 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:04:25 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 20:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:57:14 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:04:22 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:57:14 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:04:22 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:57:14 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:04:22 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-04-14 02:13:39 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:57:14 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:04:22 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:13:44 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:57:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:04:22 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:57:15 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:04:22 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:57:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:04:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:57:15 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:04:22 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 16:58:43 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:04:23 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:57:17 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:04:23 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:57:17 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:04:23 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:57:18 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:04:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 19:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:57:18 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:04:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:57:18 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:04:23 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:57:22 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:36:24 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:57:20 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:04:24 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:57:21 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:04:24 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:57:21 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:04:24 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:57:21 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:04:24 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:57:21 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:04:25 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-14 02:13:55 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:46 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 02:14:22 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:57:21 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:04:25 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:57:22 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:04:25 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:57:22 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:04:25 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:57:22 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:04:25 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-18 20:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 20:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-03-07 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-03-18 921600]
"SiteAdvisor"="c:\programmi\SiteAdvisor\6253\SiteAdv.exe" [2006-10-02 35928]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 561213]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-03-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\Drivers\ousbehci.sys [2008-10-08 36224]
S3 DIGIRPS;Driver PortServer Digi;c:\windows\system32\DRIVERS\digirlpt.sys [2008-10-08 42624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c58f5-9514-11dd-9ed5-c2e7f5dbcadc}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.hotinfolink.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Donato\Dati applicazioni\Mozilla\Firefox\Profiles\kfnt3mjf.default\
FF - component: c:\programmi\SiteAdvisor\6261\FF\components\FFHook.dll
FF - plugin: c:\programmi\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 17:03:05
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Eset\nod32krn.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-30 17:13:05 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-30 16:12:58
ComboFix2.txt 2008-12-29 21:22:19

Pre-Run: 246,280,192 byte disponibili
Post-Run: 185,974,784 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

448 --- E O F --- 2008-12-30 02:56:55