paolo poti posto il risultato della scansione con Combofix poi se mi consigli quale firewall sia buono sia gratis che a pagamento grazie
ComboFix 10-03-26.01 - GINO 26/03/2010 19.40.29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1572 [GMT 1:00]
Eseguito da: c:\documents and settings\GINO\Documenti\FIRE\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100326-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\GINO\Dati applicazioni\Desktopicon
c:\documents and settings\GINO\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\GINO\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\system32\msssc.dll
c:\windows\system32\nnmnon.dll
c:\windows\system32\yabyaa.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-02-26 al 2010-03-26 )))))))))))))))))))))))))))))))))))
.
2010-03-26 15:04 . 2010-03-26 15:04 -------- d-----w- c:\programmi\CleverTune Software
2010-03-26 15:04 . 2010-03-26 15:04 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\PackageAware
2010-03-26 14:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 14:27 . 2010-03-26 14:27 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-26 14:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 02:56 . 2010-03-26 02:56 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\Malwarebytes
2010-03-26 02:56 . 2010-03-26 02:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-26 02:21 . 2010-03-26 02:21 -------- d-----w- C:\Program Files
2010-03-26 02:21 . 2000-11-13 09:55 109056 ----a-w- c:\windows\system32\ESFinish.exe
2010-03-26 02:00 . 2010-03-26 02:00 -------- d-----w- c:\programmi\Focus Magic
2010-03-25 21:15 . 2010-03-25 21:15 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-03-24 21:26 . 2010-03-24 21:26 361344 -c--a-w- c:\windows\system32\dllcache\TCPIP.SYS
2010-03-24 21:18 . 2010-03-24 21:18 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\uTorrent
2010-03-24 17:39 . 2010-03-24 17:39 -------- d-----w- c:\programmi\FreeGamePick.com
2010-03-23 11:54 . 2010-03-23 12:05 -------- d-----w- c:\programmi\iCarbon
2010-03-23 11:49 . 2010-03-23 14:34 -------- d-----w- c:\programmi\iCopy
2010-03-23 11:37 . 2010-03-23 11:37 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Matteo Rossi
2010-03-23 11:37 . 2010-03-23 11:37 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\iCopy
2010-03-23 11:20 . 2009-07-28 09:08 45056 ----a-w- c:\windows\system32\PRNTPARM.DLL
2010-03-23 02:40 . 2010-03-23 02:40 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\msplyi4d
2010-03-23 02:40 . 2010-03-23 02:40 373645 ----a-w- c:\documents and settings\GINO\Dati applicazioni\msplyi4d\msplyi4d.exe
2010-03-23 02:40 . 2010-03-23 02:40 373645 ----a-w- c:\documents and settings\GINO\msplyi4d.exe
2010-03-23 02:40 . 2010-03-23 02:40 71871 ----a-w- c:\documents and settings\GINO\pod60.exe
2010-03-23 02:40 . 2010-03-23 02:40 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\esentnetdrv
2010-03-23 02:08 . 2010-03-23 02:32 -------- d-----w- c:\programmi\Photocopier
2010-03-22 22:18 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-03-22 22:18 . 2010-03-22 22:18 -------- d-----w- c:\programmi\CDBurnerXP
2010-03-22 18:36 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-22 16:32 . 2010-03-22 17:00 -------- d-----w- c:\programmi\JDownloader
2010-03-20 23:26 . 2010-03-20 23:27 -------- d-sha-w- c:\windows\Repair
2010-03-20 23:03 . 2010-03-20 23:28 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\GetRightToGo
2010-03-20 22:48 . 2010-03-20 22:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-03-20 22:46 . 2010-03-20 22:46 43646 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_D707CE1C009F1381803C2C.exe
2010-03-20 22:46 . 2010-03-20 22:46 43646 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_33E47820CFD4F5D3775329.exe
2010-03-20 22:46 . 2010-03-20 22:46 43646 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_25E0DDF4BB5DA2E0BB26B4.exe
2010-03-20 22:46 . 2010-03-20 22:46 43646 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_21F3885A18D238E15AAE81.exe
2010-03-20 22:46 . 2010-03-20 22:46 29926 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_EABE28F7A0A98A84188A78.exe
2010-03-20 22:46 . 2010-03-20 22:46 109534 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_6FEFF9B68218417F98F549.exe
2010-03-20 22:46 . 2010-03-20 22:46 -------- d-----w- c:\programmi\Macrium
2010-03-19 00:51 . 2010-03-19 00:51 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Adobe
2010-03-19 00:51 . 2010-03-19 00:51 -------- d-----w- c:\programmi\File comuni\Adobe
2010-03-19 00:48 . 2010-03-19 00:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-03-19 00:46 . 2010-03-19 00:46 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\AdobeUM
2010-03-18 15:21 . 2008-04-13 18:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-18 15:15 . 2008-04-13 18:13 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-03-18 15:14 . 2008-04-13 18:14 2109440 -c----w- c:\windows\system32\dllcache\wmvcore.dll
2010-03-18 15:13 . 2007-08-10 07:20 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-18 11:08 . 2010-03-18 11:08 -------- d--h--w- c:\windows\PIF
2010-03-18 00:49 . 2010-03-18 00:50 -------- d-----w- c:\programmi\SpeedLord
2010-03-17 23:49 . 2010-03-18 15:26 -------- d-----w- c:\documents and settings\GINO\Tracing
2010-03-17 23:45 . 2010-03-17 23:45 -------- d-----w- c:\programmi\Microsoft Office Outlook Connector
2010-03-17 23:45 . 2010-03-17 23:45 -------- d-----w- c:\programmi\Microsoft
2010-03-17 23:44 . 2010-03-17 23:44 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-03-17 23:44 . 2010-03-17 23:44 -------- d-----w- c:\programmi\Windows Live
2010-03-17 23:41 . 2010-03-17 23:41 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-03-17 22:21 . 2010-03-17 22:21 -------- d-----w- c:\programmi\DustBuster
2010-03-17 22:15 . 2010-03-17 22:26 -------- d-----w- c:\programmi\SIW
2010-03-17 22:13 . 2010-03-24 22:58 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\vlc
2010-03-17 22:04 . 2010-03-17 22:09 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\Auslogics
2010-03-17 22:04 . 2010-03-17 22:04 -------- d-----w- c:\programmi\Auslogics
2010-03-17 22:01 . 2010-03-17 22:01 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\Canneverbe Limited
2010-03-17 22:01 . 2010-03-17 22:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canneverbe Limited
2010-03-17 21:57 . 2010-03-17 21:57 -------- d-----w- c:\programmi\CCleaner
2010-03-17 21:39 . 2010-03-17 21:39 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\FastStone
2010-03-17 21:38 . 2010-03-17 22:26 -------- d-----w- c:\programmi\FastStone Flash Player
2010-03-17 21:25 . 2010-03-17 21:25 -------- d-----w- c:\windows\Sun
2010-03-17 21:15 . 2010-03-17 21:15 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Identities
2010-03-17 14:30 . 2010-03-20 02:01 -------- d-----w- c:\programmi\XoftSpySE
2010-03-17 14:28 . 2010-03-17 14:28 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2010-03-17 12:15 . 2010-03-17 12:16 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Temp
2010-03-17 12:15 . 2010-03-17 12:15 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2010-03-17 12:15 . 2010-03-18 12:20 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Google
2010-03-17 12:15 . 2010-03-17 12:16 -------- d-----w- c:\programmi\Google
2010-03-17 11:36 . 2010-03-25 10:38 -------- d-----w- c:\programmi\uTorrent
2010-03-17 11:30 . 2010-03-26 01:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-17 11:30 . 2010-03-17 11:32 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-17 11:20 . 2010-03-17 11:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-17 11:20 . 2010-03-17 22:26 -------- d-----w- c:\programmi\SpywareBlaster
2010-03-17 11:19 . 2010-03-17 11:19 -------- d-----w- c:\programmi\VideoLAN
2010-03-17 11:04 . 2010-03-26 02:33 -------- d-----w- c:\programmi\RegCleaner
2010-03-17 11:03 . 2010-03-24 21:06 -------- d-----w- c:\programmi\Unlocker
2010-03-17 11:02 . 2010-03-25 02:04 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2010-03-17 11:01 . 2008-03-28 09:07 20992 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Convivea\Bit_Che\languages\compare.exe
2010-03-17 11:01 . 2008-03-28 09:02 60928 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Convivea\Bit_Che\scripts\update.exe
2010-03-17 11:01 . 2010-03-17 11:01 -------- d-----w- c:\programmi\Bit Che
2010-03-17 11:01 . 2010-03-17 11:01 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\Convivea
2010-03-17 11:01 . 2009-04-10 17:40 118784 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Convivea\Bit_Che\scripts\x.exe
2010-03-17 11:01 . 2007-07-11 18:43 24557 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Convivea\Bit_Che\scripts\special.exe
2010-03-17 11:01 . 2003-08-19 04:06 80896 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Convivea\Bit_Che\scripts\x.dll
2010-03-17 10:40 . 2010-03-17 10:40 0 ----a-w- c:\windows\nsreg.dat
2010-03-17 10:40 . 2010-03-17 10:40 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Mozilla
2010-03-17 10:34 . 2010-03-17 10:34 -------- d-s---w- c:\documents and settings\GINO\UserData
2010-03-17 10:27 . 2010-03-17 10:27 -------- d-----w- c:\programmi\Rainbow Folders
2010-03-17 10:26 . 2010-03-22 23:54 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Adobe
2010-03-17 10:20 . 2010-03-17 10:20 152576 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 10:19 . 2010-03-17 10:19 79488 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-17 10:13 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-17 10:13 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-17 10:13 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-17 10:13 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-17 10:13 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-17 10:13 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-17 10:13 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-17 10:13 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-17 10:12 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-17 10:12 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-03-17 10:12 . 2010-03-17 10:12 -------- d-----w- c:\programmi\Alwil Software
2010-03-17 10:11 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-17 10:11 . 2010-03-17 10:20 -------- d-----w- c:\programmi\Java
2010-03-17 10:11 . 2010-03-17 10:11 152576 ----a-w- c:\documents and settings\GINO\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-17 10:10 . 2010-03-17 22:26 -------- d-----w- c:\programmi\Vista Drive Icon
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\programmi\File comuni\Apple
2010-03-17 10:07 . 2010-03-17 22:24 -------- d-----w- c:\programmi\QuickTime
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Apple
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\programmi\Apple Software Update
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\Apple Computer
2010-03-17 10:06 . 2010-03-17 22:26 -------- d-----w- c:\programmi\Windows Installer Clean Up
2010-03-17 10:06 . 2010-03-17 10:06 3584 ----a-r- c:\documents and settings\GINO\Dati applicazioni\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-17 10:05 . 2010-03-17 10:05 -------- d-----w- c:\programmi\MSECACHE
2010-03-17 10:03 . 2010-03-17 10:03 -------- d-----w- c:\programmi\TorrentFetcher
2010-03-17 09:59 . 2010-03-26 03:29 -------- d-----w- c:\documents and settings\GINO\Dati applicazioni\uTorrent
2010-03-17 09:56 . 2010-03-17 09:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2010-03-17 09:54 . 2010-03-17 09:54 -------- d-----w- c:\programmi\Elaborate Bytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 21:26 . 2010-03-24 21:26 361344 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-03-24 21:26 . 2004-08-03 21:14 361344 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2010-03-23 11:43 . 2001-08-31 11:00 74432 ----a-w- c:\windows\system32\perfc010.dat
2010-03-23 11:43 . 2001-08-31 11:00 447874 ----a-w- c:\windows\system32\perfh010.dat
2010-03-17 09:53 . 2010-03-17 09:53 24 --sh--w- c:\windows\S8A12B964.tmp
2010-03-17 09:28 . 2010-03-17 09:28 -------- d-----w- c:\programmi\LHSP
2010-03-17 01:38 . 2010-03-17 01:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-17 01:35 . 2010-03-17 01:35 -------- d-----w- c:\programmi\SiSLan
2010-03-17 01:35 . 2010-03-17 01:35 -------- d-----w- c:\programmi\Analog Devices
2010-03-17 01:34 . 2010-03-17 01:33 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-03-17 01:33 . 2010-03-17 01:33 -------- d-----w- c:\programmi\Silicon Integrated Systems
2010-03-16 23:37 . 2010-03-16 23:37 -------- d-----w- c:\programmi\microsoft frontpage
2010-03-16 23:36 . 2010-03-16 23:36 -------- d-----w- c:\programmi\Servizi in linea
2010-03-16 23:34 . 2010-03-16 23:34 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-03 17:35 . 2010-02-03 17:35 1343562 ----a-w- c:\documents and settings\GINO\cppro.exe
.
------- Sigcheck -------
[-] 2010-03-24 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2010-03-24 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-29 06:15 344064 ----a-w- c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 18:14 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2008-04-13 12:39 49152 ----a-w- c:\programmi\Vista Drive Icon\DrvIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esentnetdrv]
2010-03-22 05:09 69632 ----a-w- c:\documents and settings\GINO\Impostazioni locali\Dati applicazioni\esentnetdrv\esentnetdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msplyi4d]
2010-03-23 02:40 373645 ----a-w- c:\documents and settings\GINO\Dati applicazioni\msplyi4d\msplyi4d.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
2002-07-12 10:15 106496 ----a-w- c:\windows\SiSUSBrg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 07:57 143360 ----a-w- c:\programmi\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 ----a-w- c:\programmi\Unlocker\UnlockerAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17/03/2010 9.51.48 15328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/03/2010 11.13.06 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/03/2010 11.13.06 20560]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [17/03/2010 9.51.28 220128]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/03/2010 13.15.55 136176]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [17/03/2010 9.51.40 44512]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-17 12:15]
2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-03-17 12:15]
2010-03-23 c:\windows\Tasks\XoftSpySE.job
- c:\programmi\XoftSpySE\XoftSpy.exe [2006-06-19 21:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
mStart Page = hxxp://www.virgilio.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C5D0957E-2233-4A52-BD5D-4F572BEFA55C} = 85.37.17.51 85.38.28.97
FF - ProfilePath - c:\documents and settings\GINO\Dati applicazioni\Mozilla\Firefox\Profiles\wz9dkazw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-wvvttsdrv - yabyaa.dll
HKCU-Run-DriverUpdaterPro - c:\programmi\CleverTune Software\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-vtutuvsys - nnmnon.dll
HKLM-Run-nnkjjgdrv - yabyaa.dll
HKU-Default-Run-fcyywxsys - nnmnon.dll
HKU-Default-Run-tuvstrdrv - yabyaa.dll
MSConfigStartUp-awtttqdrv - yabyaa.dll
MSConfigStartUp-hgghgedrv - yabyaa.dll
MSConfigStartUp-iiijhgdrv - yabyaa.dll
MSConfigStartUp-ljgfgdsys - nnmnon.dll
MSConfigStartUp-pmkijhsys - nnmnon.dll
MSConfigStartUp-qonnkkdrv - yabyaa.dll
MSConfigStartUp-qoponnsys - nnmnon.dll
MSConfigStartUp-qopopmdrv - yabyaa.dll
MSConfigStartUp-rqoollsys - nnmnon.dll
MSConfigStartUp-rqponndrv - yabyaa.dll
MSConfigStartUp-tutsrpdrv - yabyaa.dll
MSConfigStartUp-urrpmmdrv - yabyaa.dll
MSConfigStartUp-urstqodrv - yabyaa.dll
MSConfigStartUp-xxxvtssys - nnmnon.dll
AddRemove-eBay Icon - c:\documents and settings\GINO\Dati applicazioni\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-26 19:45
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-26 19:48:01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-26 18:47
Pre-Run: 92.440.928.256 byte disponibili
Post-Run: 92.321.931.264 byte disponibili
- - End Of File - - 57ACF055C94E0AE916F284163345BF40