ciao r16,
ecco il log di combofix (e per non sapere ne leggere ne scrivere come si dice sempre) ti posto anche l' hijackthis.
Grazie e buona Domenica.
ComboFix 10-01-23.02 - claudio 23/01/2010 20.26.50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1278.790 [GMT 1:00]
Eseguito da: c:\documents and settings\claudio\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\struct~.ini
c:\windows\system32\bit4cnsp.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\uninstall.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.
2010-01-22 19:44 . 2010-01-22 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-01-22 19:43 . 2010-01-22 19:45 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-01-22 19:42 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-22 19:42 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-22 17:20 . 2010-01-22 17:20 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 15:42 . 2010-01-22 15:42 -------- d-----w- C:\Media
2010-01-20 12:42 . 2010-01-20 12:42 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\LocalCopy\{3B28731F-53F5-F2EF-D2DA-CA1858030A37}-SASSEH.DLL
2010-01-20 12:25 . 2010-01-20 16:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\BitTorrent
2010-01-20 12:25 . 2010-01-20 12:25 -------- d-----w- c:\programmi\BitTorrent
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\RadioSure
2010-01-19 15:46 . 2010-01-19 15:46 -------- d-----w- c:\programmi\RadioSure
2010-01-17 09:08 . 2010-01-17 09:08 -------- d-----w- c:\programmi\Microsoft Security Essentials
2010-01-17 08:46 . 2010-01-17 08:46 -------- d-----w- C:\42b9b4cae99bf9510ee1ae
2010-01-15 19:22 . 2010-01-17 08:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-01-15 19:22 . 2010-01-15 19:22 -------- d-----w- c:\programmi\AVG
2010-01-15 16:36 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-15 15:51 . 2010-01-15 15:51 -------- d-----w- C:\0a13799fc49463eaf9fed0
2010-01-15 15:39 . 2010-01-15 15:39 -------- d-----w- C:\64a86bb6f395a9c16f27d165fd
2010-01-15 14:17 . 2010-01-15 14:17 -------- d-----w- C:\2da0d79d41e1d15f3caa716c5c34
2010-01-15 14:12 . 2010-01-15 14:12 -------- d-----w- C:\8467a3ee99fd30b4d58b5d99ff
2010-01-14 09:58 . 2010-01-14 09:59 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-11 19:29 . 2010-01-11 19:29 -------- d-----w- c:\programmi\TVLC
2010-01-10 17:54 . 2010-01-17 19:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\programmi\Nero
2010-01-10 17:53 . 2010-01-10 17:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-01-10 17:53 . 2010-01-10 17:54 -------- d-----w- c:\programmi\File comuni\Nero
2009-12-28 19:31 . 2009-12-28 19:31 686080 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-12-28 19:31 . 2009-12-28 19:31 568832 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-28 19:31 . 2009-12-28 19:31 655872 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-28 19:31 . 2009-12-28 19:31 583168 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-28 19:31 . 2009-12-28 19:31 224768 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\6C.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-28 08:51 . 2009-06-28 13:48 8186 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check2.bat
2009-12-28 08:51 . 2009-06-28 13:48 16327 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check1.bat
2009-12-28 08:51 . 2009-06-28 11:59 16 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\extensions\exif_viewer@mozilla.doslash.org\content\check.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 15:17 . 2009-09-14 14:11 1 ----a-w- c:\documents and settings\claudio\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-23 14:26 . 2009-10-01 12:40 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-23 10:45 . 2008-04-18 19:21 -------- d-----w- c:\programmi\Google
2010-01-23 10:37 . 2009-10-01 08:31 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SUPERAntiSpyware.com
2010-01-23 10:37 . 2009-10-01 08:31 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-23 10:24 . 2008-04-15 18:43 -------- d-----w- c:\programmi\Startup Inspector for Windows
2010-01-23 10:24 . 2008-04-15 18:53 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\wsInspector
2010-01-22 19:32 . 2009-04-28 13:00 -------- d-----w- c:\programmi\IZArc
2010-01-22 17:23 . 2009-06-01 18:31 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-21 07:55 . 2008-04-15 12:17 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\gtk-2.0
2010-01-20 16:53 . 2009-02-10 19:36 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-20 16:11 . 2009-04-05 16:48 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\dvdcss
2010-01-20 09:16 . 2008-05-21 08:07 57344 ----a-w- c:\windows\system32\SSLEmptyCache.exe
2010-01-18 19:05 . 2009-10-10 14:50 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\PrimoPDF
2010-01-18 16:12 . 2009-02-15 08:57 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Uniblue
2010-01-18 15:49 . 2009-10-01 12:40 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-18 15:48 . 2009-10-01 12:40 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-18 15:48 . 2009-10-01 12:40 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-18 15:48 . 2009-10-01 12:40 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-18 15:48 . 2009-10-01 12:40 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-18 15:48 . 2009-10-01 12:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-18 15:48 . 2009-10-01 12:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-17 13:50 . 2008-03-27 12:19 64584 ----a-w- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-15 14:08 . 2008-04-02 13:38 -------- d-----w- c:\programmi\Total Uninstall
2010-01-14 20:49 . 2008-03-30 14:32 -------- d-----w- c:\programmi\File comuni\ACD Systems
2010-01-14 20:48 . 2009-02-09 08:38 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\SumatraPDF
2010-01-14 20:42 . 2009-01-14 17:06 -------- d-----w- c:\programmi\Participatory Culture Foundation
2010-01-14 20:40 . 2008-09-29 12:29 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Inkscape
2010-01-14 20:14 . 2008-03-30 15:11 -------- d-----w- c:\programmi\ACD Systems
2010-01-14 10:12 . 2009-12-06 16:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 04:03 . 2009-04-30 20:02 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-04-30 20:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-04-30 20:02 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-04-30 20:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2008-03-27 11:38 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2008-03-27 11:38 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2008-03-27 11:38 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2008-03-27 11:38 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2008-03-27 11:38 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-07 15:07 . 2009-06-01 18:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-01 18:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 17:26 . 2008-04-19 12:30 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Azureus
2009-12-27 14:09 . 2004-09-03 10:37 84854 ----a-w- c:\windows\system32\perfc010.dat
2009-12-27 14:09 . 2004-09-03 10:37 490618 ----a-w- c:\windows\system32\perfh010.dat
2009-12-24 15:21 . 2009-02-02 17:51 249856 ------w- c:\windows\Setup1.exe
2009-12-24 15:21 . 2009-02-02 17:51 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 19:06 . 2004-09-03 10:36 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 16:18 . 2009-09-18 12:20 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canon
2009-12-17 10:00 . 2009-11-08 14:35 -------- d-----w- c:\programmi\Any Video Converter
2009-12-17 10:00 . 2009-12-17 10:00 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\AnvSoft
2009-12-16 07:41 . 2009-12-02 14:38 -------- d-----w- c:\programmi\CDBurnerXP
2009-12-15 22:05 . 2009-12-15 22:05 -------- d-----w- c:\documents and settings\claudio\Dati applicazioni\Canneverbe Limited
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 19:04 . 2009-09-14 14:00 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-12-06 16:20 . 2009-12-06 16:20 -------- d-----w- c:\programmi\Windows Defender
2009-12-04 09:26 . 2008-03-27 11:48 -------- d-----w- c:\programmi\Java
2009-12-04 09:11 . 2009-02-12 17:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 09:10 . 2009-11-04 14:49 152576 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 09:09 . 2009-12-04 09:09 79488 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-25 08:49 . 2009-11-25 08:49 -------- d-----w- c:\programmi\MSXML 4.0
2009-11-21 15:54 . 2004-09-03 10:36 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-03-27 11:39 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-17 10:55 . 2009-10-01 12:41 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-12 16:57 . 2008-12-01 10:54 10686001 ----a-w- c:\documents and settings\claudio\Dati applicazioni\Azureus\plugins\azump\mplayer.exe
2008-09-30 17:09 . 2008-09-30 17:09 217 ----a-w- c:\programmi\setup.ini
2005-10-29 16:19 . 2008-03-27 16:04 458752 ----a-w- c:\programmi\sgphoto.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programmi\instmsia.exe
2002-01-19 09:11 . 2002-01-19 09:11 44 ----a-w- c:\programmi\stdout.txt
2002-01-19 09:11 . 2002-01-19 09:11 0 ----a-w- c:\programmi\stderr.txt
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SSLEmptyCache"="c:\windows\system32\SSLEmptyCache.exe" [2010-01-20 57344]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-18 3168216]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"MSSE"="c:\programmi\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-23 08:40 133104 ----atw- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShotGenius]
2005-10-29 16:19 458752 ----a-w- c:\programmi\sgphoto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-04 09:11 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Eldy Lombardia\\jre1.6.0\\launch4j-tmp\\eldyApplication.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Eurekr.com\\YouTube Batch Downloader\\bin\\utdman.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [01/10/2009 13.41.16 233136]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\vcd\VCdRom.sys [19/12/2001 11.45.00 8576]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [01/10/2009 13.41.21 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [01/10/2009 13.40.34 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [01/10/2009 13.40.34 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [01/10/2009 13.40.32 115216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2008 21.35.42 716272]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [22/10/2008 9.13.58 24832]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [01/10/2009 13.40.34 32680]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [11/12/2008 21.03.45 44000]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-23 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-11-20 16:02]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006Core.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1952799511-3203439391-2660778636-1006UA.job
- c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-02-23 08:40]
2010-01-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D} = 208.67.222.222,208.67.220.220
DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} - hxxp://www.crs.regione.lombardia.it/components/OcsKitCittadino.cab
DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} - hxxp://www.crs.regione.lombardia.it/components/OcxCertUpdate.cab
DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} - hxxp://www.crs.regione.lombardia.it/components/OcxCrsInfo.cab
DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} - hxxp://supportsiss.lispa.it/components/pdlc.cab
FF - ProfilePath - c:\documents and settings\claudio\Dati applicazioni\Mozilla\Firefox\Profiles\caiosempronio\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?hl=it&client=firefox-a&channel=s&rls=org.mozilla:it:official&hs=SYk&btnG=Cerca
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\claudio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\programmi\QuickTime\Plugins\npqtplugin9.dll
FF - plugin: c:\programmi\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-bit4id store register - c:\windows\system32\bit4cnsp.dll
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-ffdshow - c:\windows\system32\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-23 20:32
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00+\03pè\13\00pè\13\00\18î"
.
Ora fine scansione: 2010-01-23 20:35:17
ComboFix-quarantined-files.txt 2010-01-23 19:35
Pre-Run: 108.836.511.744 byte disponibili
Post-Run: 108.801.736.704 byte disponibili
- - End Of File - - 32E5F13C2E245B22C5773CA1AE274FDC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.50.20, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Microsoft Security Essentials\msseces.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SSLEmptyCache] C:\WINDOWS\system32\SSLEmptyCache.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Programmi\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\periferiche\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {15D151C8-5180-43C1-9360-4D794663BD6E} (Posto di Lavoro del Cittadino - Attestazione) -
http://www.crs.regione.lombardia.it/components/OcsKitCittadino.cabO16 - DPF: {3263F297-5CB9-4D8C-A2DB-CDFB8C69CB6D} (Posto di Lavoro del Cittadino - Autenticazione utente) -
http://www.crs.regione.lombardia.it/components/OcxCertUpdate.cabO16 - DPF: {4384AA75-43AB-4095-84F9-C5B35EC62B5D} (Posto di Lavoro del Cittadino - Interprete dati) -
http://www.crs.regione.lombardia.it/components/OcxCrsInfo.cabO16 - DPF: {877E14A6-0ACF-4509-8CF3-E4A0F4ED46F4} (Postazione di Lavoro del Cittadino 3.0) -
http://supportsiss.lispa.it/components/pdlc.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E4DAAF6-D936-41D8-99AC-9FB56AC0E75D}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 7540 bytes