Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Dove si scarica Malwarebytes' Anti-Malware

2 pages: 1 [2]

Dove si scarica Malwarebytes' Anti-Malware

Opzioni

Topic Precedente · Topic Sucessivo

giovannino60

Inviato: Wednesday, January 27, 2010 5:17:12 PM

Rank: AiutAmico

Iscritto dal : 8/20/2009
Posts: 1,691

Ecco il log:

ComboFix 10-01-26.06 - UTENTE 27/01/2010 17.00.44.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.899 [GMT 1:00]
Eseguito da: c:\aiutamici\Combofix\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100127-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-12-27 al 2010-01-27 )))))))))))))))))))))))))))))))))))
.

2010-01-27 03:32 . 2010-01-27 03:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-26 14:15 . 2010-01-26 14:15 -------- d-----w- c:\programmi\Conduit
2010-01-26 14:15 . 2010-01-26 14:15 -------- d-----w- c:\documents and settings\UTENTE\Impostazioni locali\Dati applicazioni\Conduit
2010-01-26 14:15 . 2010-01-26 14:26 -------- d-----w- c:\documents and settings\UTENTE\Impostazioni locali\Dati applicazioni\IObitCom
2010-01-26 14:15 . 2010-01-26 14:15 -------- d-----w- c:\programmi\IObitCom
2010-01-26 14:15 . 2009-12-19 21:34 52224 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2010-01-26 14:15 . 2009-12-19 21:34 101376 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2010-01-26 14:15 . 2010-01-26 14:15 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\IObit
2010-01-26 14:15 . 2010-01-26 14:15 -------- d-----w- c:\programmi\IObit
2010-01-26 14:15 . 2009-11-04 15:49 635664 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\IObit\Common\TB_Helper.exe
2010-01-26 14:12 . 2010-01-26 08:01 9537816 ----a-w- C:\asc-setup.exe
2010-01-25 18:59 . 2010-01-25 18:59 -------- d-----w- C:\Z
2010-01-14 16:07 . 2010-01-14 16:09 -------- d-----w- C:\Activesync
2010-01-13 16:04 . 2010-01-13 16:04 -------- d-----w- c:\programmi\Java
2010-01-13 14:07 . 2010-01-13 14:07 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2010-01-13 14:04 . 2010-01-13 14:04 -------- d-----r- C:\MSOCache
2010-01-09 11:02 . 2010-01-09 11:02 -------- d-----w- c:\programmi\CCleaner
2010-01-08 19:38 . 2010-01-08 19:38 3584 ----a-r- c:\documents and settings\UTENTE\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-08 19:38 . 2010-01-08 19:38 -------- d-----w- c:\programmi\Windows Installer Clean Up
2010-01-08 15:51 . 2010-01-27 15:55 -------- d-----w- C:\Aiutamici
2010-01-07 21:10 . 2010-01-11 15:06 -------- d-----w- C:\Parcelle Tecnobit
2010-01-07 20:50 . 2010-01-07 20:51 -------- d-----w- C:\Windows installer cleanup
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SSScanAppDataDir
2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSScanAppDataDir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 16:11 . 2009-03-04 19:02 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\skypePM
2010-01-27 16:07 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-27 16:07 . 2009-03-13 20:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-27 15:40 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Skype
2010-01-25 20:55 . 2001-08-31 11:00 82698 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 20:55 . 2001-08-31 11:00 485418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-24 09:43 . 2009-11-21 13:24 -------- d-----w- c:\programmi\XoftSpySE
2010-01-22 12:40 . 2009-12-17 09:35 179 ----a-w- C:\handle.dat
2010-01-16 20:44 . 2009-11-22 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-15 13:51 . 2006-10-23 14:05 -------- d-----w- c:\programmi\EPSON
2010-01-14 16:12 . 2007-01-19 07:13 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-01-13 16:04 . 2009-10-22 14:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-13 16:03 . 2009-11-07 12:45 152576 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-13 15:31 . 2009-10-22 14:53 1 ----a-w- c:\documents and settings\UTENTE\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-13 14:12 . 2006-10-19 06:17 -------- d-----w- c:\programmi\Microsoft Works
2010-01-13 14:12 . 2009-03-12 15:53 -------- d-----w- c:\programmi\MSBuild
2010-01-13 14:10 . 2009-11-21 21:24 -------- d-----w- c:\programmi\OFFICE11
2010-01-13 13:23 . 2008-07-17 19:03 -------- d-----w- c:\programmi\PicoBackupOE
2010-01-13 13:23 . 2006-10-19 05:39 -------- d-----w- c:\programmi\QuickTime
2010-01-13 13:23 . 2006-10-23 16:30 -------- d-----w- c:\programmi\MemoRex
2010-01-12 17:08 . 2007-04-07 16:09 -------- d-----w- c:\programmi\Salvataggio outlook express
2010-01-08 19:37 . 2009-09-02 13:15 -------- d-----w- c:\programmi\MSECACHE
2010-01-07 21:15 . 2006-10-18 20:19 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-07 15:07 . 2009-09-19 06:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-19 06:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:27 . 2006-10-22 08:42 -------- d-----w- c:\programmi\Tecnobit
2009-12-17 09:35 . 2006-11-29 18:31 102637 ----a-w- c:\windows\hpgins13.dat
2009-12-17 09:35 . 2006-10-18 20:04 130568 ----a-w- c:\documents and settings\UTENTE\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-17 09:34 . 2009-12-17 09:34 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2009-12-17 09:34 . 2009-12-17 09:33 -------- d-----w- c:\programmi\File comuni\HP
2009-12-17 09:32 . 2006-10-24 05:30 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-17 09:32 . 2006-11-29 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-12-06 20:24 . 2009-10-30 18:19 -------- d-----w- c:\documents and settings\UTENTE\Dati applicazioni\Profis
2009-12-06 19:45 . 2009-11-21 21:23 -------- d-----w- c:\programmi\Hilti
2009-12-05 06:46 . 2009-03-04 18:58 -------- d-----r- c:\programmi\Skype
2009-12-05 06:45 . 2009-12-05 06:45 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-05 06:45 . 2009-03-04 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-12-03 05:46 . 2008-08-10 06:59 -------- d-----w- c:\programmi\IZArc
2009-12-01 17:41 . 2006-10-22 06:59 -------- d-----w- c:\programmi\AutoCAD LT 2000
2009-11-24 23:54 . 2009-11-22 18:10 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-11-22 18:10 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-11-22 18:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-22 18:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-22 18:10 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-11-22 18:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-18 09:50 . 2009-09-19 20:03 17383456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-04 15:23 . 2009-05-04 15:23 270978 ----a-w- c:\programmi\La direzione dei lavori.zip
2009-03-26 11:28 . 2009-11-21 21:27 901120 ----a-w- c:\programmi\DEI_ScuoleEcocompatibili.exe
2008-08-10 06:57 . 2008-08-10 06:57 3723454 ----a-w- c:\programmi\IZArc_Setup.exe
.

------- Sigcheck -------

[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\System32\ctfmon.exe ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\programmi\IObitCom\tbIObi.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-11-09 17:38 2331672 ----a-w- c:\programmi\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\programmi\IObitCom\tbIObi.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\programmi\IObitCom\tbIObi.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"="d:\setup.exe \RESET" [X]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"HPUsageTracking"="c:\programmi\HP\HP UT\bin\hppusg.exe" [2006-06-14 36864]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2010-01-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-12-17 443664]

c:\documents and settings\UTENTE\Menu Avvio\Programmi\Esecuzione automatica\
Printkey.lnk - C:\Printkey.exe [2006-10-22 514560]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2006-10-23 212992]
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-11-23 25214]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-24 66864]
Status Monitor.lnk - c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-23 819200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Acrobat\\Acrobat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/11/2009 19.10.45 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [21/09/2009 16.08.32 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [21/09/2009 16.08.32 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [21/09/2009 16.08.32 29776]
R2 ACCAKeyServer;ACCA Key Server v.2.00;c:\acca\ACCAKeyServer\ACCAKeyService.EXE [15/03/2009 18.35.13 528896]
R2 CPUSB;CPUsb.Sys driver;c:\windows\system32\drivers\CPUSB.sys [22/10/2006 9.09.26 17080]
R2 cpwnt;cpwnt;c:\windows\system32\drivers\CPWNT.SYS [21/10/2006 19.08.06 21824]
S1 SASKUTIL;SASKUTIL;\??\f:\programmi\SuperantiSpyware\SASKUTIL.sys --> f:\programmi\SuperantiSpyware\SASKUTIL.sys [?]
S2 OAcat;Online Armor Helper Service;"f:\programmi\Firewall Armor\Online Armor\OAcat.exe" --> f:\programmi\Firewall Armor\Online Armor\OAcat.exe [?]
S2 SvcOnlineArmor;Online Armor;f:\programmi\Firewall Armor\Online Armor\oasrv.exe --> f:\programmi\Firewall Armor\Online Armor\oasrv.exe [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/03/2009 17.33.32 33808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-27 c:\windows\Tasks\XoftSpySE 2.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]

2010-01-27 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2009-11-21 16:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\Office12\EXCEL.EXE/3000
TCP: {667CCFE0-179F-4596-86C5-C5967CC876D0} = 151.99.125.2,151.99.125.3
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&q=
FF - component: c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\UTENTE\Dati applicazioni\Mozilla\Firefox\Profiles\1awbkkbc.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-CTFMON.EXE - c:\windows\System32\CTFMON.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-329068152-1343024091-725345543-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(8824)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Logitech\MouseWare\system\em_exec.exe
c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-27 17:14:54 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-27 16:14

Pre-Run: 228 146 180 096 byte disponibili
Post-Run: 228 116 729 856 byte disponibili

- - End Of File - - 1406153F15EDC5225066B271F2A29585