H provato una scansione con Malwarebytes e questo è il log:

Malware.Trace - C:\Windows\rs.txt
Adware.EGDAccess - Windows\system32
Hijack.Start Menu
Sono tutti da eliminare?


Malwarebytes' Anti-Malware 1.31
Versione del database: 1492
Windows 5.1.2600 Service Pack 3

12/12/2008 14.10.15
malwarebytes-log-2008-12-12 (14-09-37).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 104608
Tempo trascorso: 40 minute(s), 22 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\rs.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.

Sono tutti da eliminare?

Grazie per la risposta.

Ciao.
Si eliminali.
Poi fai una scansione con Superantispyware.
P.S:
Giusto per sicurezza, ti consiglierei di postare un log di HJT.
Sempre in questo topic.

Ciao.
Usi come pagina iniziale sweetim.com ?
Se si', il log è a posto.

Sicuro che SweetIM te l'abbia messa SUPERAntiSpyware? Lo uso pure io, ma non m'ha messo proprio niente...

Comunque, ho controllato instalando SUPERAntiSpyware: e NON mi ha installato alcunché di SweetIM...

Ottimo! Bene.

r16, ho appena letto la tua risposta, ok cancello quelle voci. Dovevo già scrivere oggi perchè ho riscontrato una cosa strana, dovevo rimuovere un programma sono andato in Pannello di Controllo\Installazione Applicazioni e ho visto che diversi programmi installati non risultano nell'elenco e poi quasi tutti appaiono con l'icona come quella dei setup, monitor con disco davanti e case laterale, cliccando non appare la voce Rimuovi e non si possono disinstallare, ho provato con Revo uninstall e molti non appaiono nemmeno, eppure esistono e si aprono, cosa può essere successo, prima di usare Malwarebytes e postare il log di HJT andava tutto bene. Ciao grazie

Come si ripristina quella voce, in quarantena non c'è. Comunque ti posto il nuovo log di Malware e quello di HJT:

Malwarebytes' Anti-Malware 1.31
Versione del database: 1492
Windows 5.1.2600 Service Pack 3

13/12/2008 18.35.28
mbam-log-2008-12-13 (18-35-28).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 50182
Tempo trascorso: 5 minute(s), 6 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.05.40, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Tall Emu\Online Armor\oacat.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe
C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Tall Emu\Online Armor\oahlp.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programmi\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKCU\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAID Tool.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oacat.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programmi\Tall Emu\Online Armor\oasrv.exe

--
End of file - 9222 bytes

Questo è il log che è uscito


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

r16 ti posto il log di combofix e quello di Hijack:

ComboFix 08-12-13.03 - Administrator 2008-12-14 0:52:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1522 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Download\ComboFix.exe
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cacmcig.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cacmcig_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cacmcig_navps.dat
c:\documents and settings\Administrator\ResErrors.log
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Creati Da 2008-11-13 al 2008-12-13 )))))))))))))))))))))))))))))))))))
.

2008-12-13 21:59 . 2008-12-13 21:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ATI
2008-12-13 21:10 . 2008-12-13 21:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-12-12 22:50 . 2008-12-13 21:10 <DIR> d-------- c:\programmi\SUPERAntiSpyware
2008-12-12 22:50 . 2008-12-12 22:50 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2008-12-12 21:01 . 2008-12-12 21:01 <DIR> d-------- C:\OnlineArmor
2008-12-12 15:59 . 2008-12-12 16:05 <DIR> d-------- c:\programmi\Zone Labs
2008-12-12 13:23 . 2008-12-14 00:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-12 11:57 . 2008-12-12 11:57 <DIR> d-------- c:\programmi\Trend Micro
2008-12-12 09:40 . 2008-12-12 09:40 <DIR> d-------- c:\programmi\SweetIM
2008-12-12 09:40 . 2008-12-12 09:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SweetIM
2008-12-11 20:45 . 2008-12-11 20:45 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-12-11 20:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 20:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 23:28 . 2008-12-10 23:28 <DIR> d-------- c:\programmi\Lavasoft
2008-12-10 23:28 . 2008-12-13 20:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-10 23:27 . 2008-12-13 20:56 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-12-10 22:50 . 2008-12-10 22:50 <DIR> d-------- c:\programmi\Sophos
2008-12-03 21:21 . 2008-12-03 21:45 <DIR> d-------- c:\programmi\Eusing Free Registry Cleaner
2008-12-02 23:36 . 2008-12-14 00:58 4,442,144 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-02 23:36 . 2008-12-14 00:56 52,892 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-02 23:31 . 2008-12-02 23:33 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-12-02 23:30 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc0410.dll
2008-12-02 23:30 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc0410.dll
2008-12-02 23:30 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc0410.dll
2008-12-02 23:30 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc0410.dll
2008-12-02 23:30 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll
2008-12-02 23:29 . 2008-12-12 18:30 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-12-02 23:29 . 2008-12-02 23:29 <DIR> d-------- c:\programmi\Zone Alarm
2008-12-02 23:28 . 2008-12-12 18:29 <DIR> d-------- c:\windows\Internet Logs
2008-12-01 16:22 . 2008-12-01 16:23 <DIR> d-------- c:\programmi\File comuni\FotoNation
2008-11-30 22:42 . 2008-11-30 22:42 <DIR> d-------- c:\programmi\Defraggler
2008-11-29 16:35 . 2008-11-29 16:35 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
2008-11-29 10:17 . 2008-12-13 20:48 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-29 10:17 . 2008-11-29 10:17 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-29 10:17 . 2008-11-29 10:17 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-29 10:17 . 2008-11-29 10:17 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-29 10:07 . 2008-11-29 10:17 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-28 17:05 . 2008-11-28 17:05 <DIR> d-------- c:\programmi\AVG
2008-11-22 11:58 . 2008-11-22 11:59 <DIR> d-------- c:\programmi\Cobian Backup 9
2008-11-20 10:37 . 2008-11-30 10:40 <DIR> d-------- c:\programmi\File comuni\Symantec Shared
2008-11-19 23:15 . 2008-11-19 23:14 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-19 23:14 . 2008-11-19 23:15 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2008-11-18 22:54 . 2008-11-18 23:22 <DIR> d-------- C:\Downloads
2008-11-18 22:22 . 2008-11-18 22:22 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\IM
2008-11-18 10:52 . 2008-11-18 10:59 <DIR> d-------- c:\programmi\Windows Live Toolbar
2008-11-18 10:49 . 2008-11-18 10:50 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-11-18 10:48 . 2008-11-18 10:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-14 11:32 . 2008-11-14 11:32 <DIR> d-------- c:\windows\system32\URTTEMP
2008-11-14 10:23 . 2008-11-14 10:23 <DIR> d-------- c:\windows\system32\msmq
2008-11-13 23:11 . 2008-11-13 23:11 <DIR> d-------- c:\programmi\Free Download Manager
2008-11-13 23:11 . 2008-12-12 12:02 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Free Download Manager
2008-11-13 16:46 . 2008-11-13 16:46 <DIR> d-------- c:\programmi\Kibisoft
2008-11-13 16:46 . 2008-11-13 16:46 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\kibisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 20:51 --------- d-----w c:\programmi\ATI Technologies
2008-12-13 15:43 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Vso
2008-12-13 15:23 --------- d-----w c:\programmi\vso
2008-12-13 11:13 --------- d-----w c:\programmi\Mozilla Thunderbird
2008-12-08 13:15 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\ZoomBrowser EX
2008-12-05 20:33 --------- d-----w c:\programmi\Canon
2008-12-02 21:54 --------- d-----w c:\programmi\Java
2008-12-02 21:41 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-01 20:56 --------- d-----w c:\programmi\File comuni\Canon
2008-12-01 14:47 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-28 13:13 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-19 10:39 --------- d-----w c:\programmi\AdvancedSystemCare
2008-11-19 10:39 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\IObit
2008-11-15 11:03 --------- d-----w c:\programmi\VS Revo Group
2008-11-12 13:45 --------- d-----w c:\programmi\QuickTime
2008-11-12 13:45 --------- d-----w c:\programmi\File comuni\Apple
2008-10-29 10:21 --------- d-----w c:\programmi\Unlocker
2008-10-29 09:45 --------- d-----w c:\programmi\TELE2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 16:49 --------- d-----w c:\programmi\Windows Defender
2008-10-23 06:20 --------- d-----w c:\programmi\Microsoft Silverlight
2008-10-22 09:31 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Desktopicon
2008-10-22 09:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-22 09:06 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2008-10-22 08:10 --------- d-----w c:\programmi\Google
2008-10-22 08:07 --------- d-----w c:\programmi\VIA
2008-10-22 08:07 --------- d-----w c:\programmi\Intel
2008-10-16 13:52 --------- d-----w c:\programmi\OpenOffice.org 3
2008-10-16 13:52 --------- d-----w c:\programmi\JRE
2008-10-16 12:46 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2008-10-16 12:39 --------- d-----w c:\programmi\OpenOffice
2008-05-13 18:37 3,067,904 -c--a-w c:\documents and settings\Administrator\Setupx.exe
2007-11-26 22:04 47,360 -c--a-w c:\documents and settings\Administrator\Dati applicazioni\pcouffin.sys
2003-04-08 12:00 94,816 -csh--w c:\windows\twain.dll
2008-04-14 02:13 50,688 -csh--w c:\windows\twain_32.dll
2008-04-14 02:14 1,695,232 -csha-w c:\windows\ServicePackFiles\i386\msmsgs.exe
2008-04-14 02:13 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 02:13 57,344 -csha-w c:\windows\system32\msvcirt.dll
2008-04-14 02:13 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-03-20 20:52 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008032020080321\index.dat
2008-05-07 18:56 32,768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008050720080508\index.dat
.

------- Sigcheck -------

2004-08-19 14:39 14336 73955b04f209d8a1c633867841267a96 c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 03:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:14 14336 bb8363abec09aa2f9b363484e282117c c:\windows\system32\svchost.exe

2005-03-02 19:20 578048 488019bfe2b0f9f8cd8394276d5b664a c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 16:48 579072 bab4f995e526484a235a276e269aaf7f c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 16:37 578560 9daa2190a18739b657b58f794acf2e47 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-19 14:39 578048 08447bdfce5d1b1956f962602381f5c1 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:10 578048 14b5d6b20467dba209853d65d1f6a124 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 03:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 03:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\system32\user32.dll

2004-08-19 14:39 82944 12ead983c875ed9bcc8b90e3f77f2e4a c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 03:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:13 82432 d34f635ff28f2aabedc95bfeb891864c c:\windows\system32\ws2_32.dll

2004-08-19 14:39 504832 4166454e2bcfcc20d1b8a5ac9feab243 c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-10-22 10:52 510464 90f406811ee1eee294792d00e21ca16c c:\windows\system32\winlogon.exe

2004-08-03 22:14 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\explorer.exe
2007-06-13 14:10 1035776 b4e85805be6d23de697f7b3ba7492d0b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1035776 7e2817a623e16f830b660f81c0fd63da c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-19 14:39 1034752 178d42bd8fc34a9837417a6ce1d6bb7b c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-19 14:39 108544 e77f6fa2a15390f1727f4c1c55b69da6 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 03:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:14 109056 dac0440c89b1ea4e35684896d5bf856e c:\windows\system32\services.exe

2004-08-19 14:39 13312 0815e8da286775fa432c7c9ee5e10ba1 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 03:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:14 13312 0fba335727905de8e4cb5a2cf438abf5 c:\windows\system32\lsass.exe

2004-08-19 14:39 15360 5b33b4265966ee063c7fbea28958d9c2 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\system32\ctfmon.exe

2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 14:39 57856 216f8454a9415dd3e451b169dc3121c4 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 03:14 57856 60977c9bae8f86f9075829325303d0c9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:14 57856 60977c9bae8f86f9075829325303d0c9 c:\windows\system32\spoolsv.exe

2004-08-19 14:39 25088 c1e7fe19f98a877bf8f941bf48148695 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:14 26624 df69726907357c3add243f48902b0331 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:14 26624 df69726907357c3add243f48902b0331 c:\windows\system32\userinit.exe

2004-08-19 14:39 296960 c06cd1890279603e15020757e02de56b c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 03:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:13 296960 fe5a5329ccfc33d645c33077ff04f052 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 188416]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"TerraTec Scheduler"="c:\progra~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe" [2005-02-24 618496]
"Seagate Scheduler2 Service"="c:\programmi\File comuni\Seagate\Schedule2\schedhlp.exe" [2008-08-22 136472]
"DiscWizardMonitor.exe"="c:\programmi\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-08-22 1348224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AcronisTimounterMonitor"="c:\programmi\Seagate\DiscWizard\TimounterMonitor.exe" [2008-08-22 905248]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2008-05-17 805392]
RAID Tool.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2008-10-22 561152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uranium

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)

R0 viaraid;viaraid;c:\windows\system32\DRIVERS\viaraid.sys [2008-10-22 70272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 SSHDRV64;SSHDRV64;\??\c:\windows\system32\drivers\SSHDRV64.sys [2007-11-24 113152]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-29 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-29 76040]
R2 SgtSch2Svc;Seagate Scheduler2 Service;"c:\programmi\File comuni\Seagate\Schedule2\schedul2.exe" [2008-08-22 431384]
R2 WinDefend;Windows Defender;"c:\programmi\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 3xHybrid;Cinergy 600 TV Radio service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-12-04 1121536]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2007-10-18 14095]
R3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\62.tmp []
S3 TTTv600;Cinergy 600 TV Tuner;c:\windows\system32\DRIVERS\PhTvTune.sys [2007-10-18 19520]
S3 UPnPService;UPnPService; []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
CtServ REG_MULTI_SZ CtServ
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2007-10-22 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\programmi\RegClean\RegClean.exe []

2007-10-22 c:\windows\Tasks\RegClean Scheduled Scan.job
- c:\programmi\RegClean []

2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{3FC260BE-C836-4C1D-B4E9-2A40E73219A6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://google.it/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\bqfm39rt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.milanofinanza.it/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\programmi\OpenOffice.org 3\program\npsoplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 00:57:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\62.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\programmi\Canon\CAL\CALMAIN.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-14 1:00:44 - macchina è stato riavviato [Administrator]
ComboFix-quarantined-files.txt 2008-12-14 00:00:36

Pre-Run: 96,034,004,992 byte disponibili
Post-Run: 96,018,460,672 byte disponibili

343 --- E O F --- 2008-12-12 11:01:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.23.45, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe
C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Programmi\File comuni\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Programmi\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKCU\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAID Tool.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Programmi\File comuni\Seagate\Schedule2\schedul2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8021 bytes