Ecco quanto mi hai chiesto, ti assicuro che per me è tutto ARABO
questo e la scansione malwarebytes
Malwarebytes' Anti-Malware 1.40
Versione del database: 2551
Windows 5.1.2600 Service Pack 3
26/08/2009 0.07.15
mbam-log-2009-08-26 (00-07-15).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 91649
Tempo trascorso: 3 minute(s), 42 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Questa e quella di CombofixComboFix 09-08-24.06 - Administrator 26/08/2009 0.10.45.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1375 [GMT 2:00]
Eseguito da: e:\archivio programmi\PULIZIA\HiJackThis\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Firewall BitDefender *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\cgaagce_nav.dat
c:\programmi\Search Settings
c:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
c:\programmi\Search Settings\SearchSettings.exe
c:\windows\Installer\Ref135.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-07-25 al 2009-08-25 )))))))))))))))))))))))))))))))))))
.
2009-08-25 22:02 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 22:02 . 2009-08-25 22:02 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-25 22:02 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 10:14 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2009-08-21 21:45 . 2009-08-21 21:45 -------- d-----w- c:\programmi\File comuni\Acronis
2009-08-20 15:51 . 2009-06-16 10:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-20 15:50 . 2009-01-21 09:52 155648 ----a-w- c:\windows\system32\igfxCoIn_v5029.dll
2009-08-20 15:50 . 2009-01-29 08:12 993816 ----a-w- c:\windows\system32\igxpun.exe
2009-08-20 15:38 . 2009-08-20 15:38 -------- d-----w- c:\programmi\Driver-Soft
2009-08-20 15:36 . 2009-08-12 10:50 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-20 15:36 . 2009-08-12 10:50 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2009-08-20 15:36 . 2009-08-20 15:36 -------- d-----w- c:\programmi\Softland
2009-08-15 10:13 . 2009-08-15 10:13 -------- d-----w- c:\programmi\Sun
2009-08-15 07:32 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-08-15 07:32 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-08-15 07:32 . 2009-06-25 08:41 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-15 07:32 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-13 21:45 . 2002-12-31 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 14:44 . 2009-08-25 13:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SolidDocuments
2009-08-13 14:44 . 2009-08-13 14:44 -------- d-----w- c:\programmi\SolidDocuments
2009-08-13 14:10 . 2009-06-15 11:08 82432 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-08-13 14:10 . 2009-06-15 10:43 78336 ------w- c:\windows\system32\dllcache\telnet.exe
2009-08-13 14:10 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-08-13 14:10 . 2009-06-10 14:13 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-08-13 14:09 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-08-13 14:06 . 2009-08-05 08:59 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-13 14:04 . 2009-06-09 15:22 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-13 14:02 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 13:55 . 2009-07-31 08:53 2061592 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-08-13 13:55 . 2009-07-31 08:53 2000152 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgtray.exe
2009-08-13 13:55 . 2009-07-31 08:53 1213720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgfrw.exe
2009-08-13 13:54 . 2009-07-31 08:52 758040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avginet.dll
2009-08-05 14:20 . 2009-08-05 14:20 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 14:20 . 2009-08-05 14:20 99472 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-07-31 14:21 . 2009-07-31 14:21 -------- d-----w- c:\programmi\ecobyte
2009-07-31 08:54 . 2009-07-31 08:53 2295576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgfwui.dll
2009-07-31 08:52 . 2009-07-31 08:52 1126168 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.exe
2009-07-31 08:52 . 2009-07-31 08:52 1471768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll
2009-07-31 07:10 . 2009-07-31 08:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Download Manager
2009-07-29 12:28 . 2009-07-29 12:28 -------- d-----w- c:\documents and settings\Administrator\.VirtualBox
2009-07-29 12:27 . 2009-08-05 14:20 91472 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-07-29 12:27 . 2009-08-05 14:19 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-29 12:26 . 2009-08-05 14:21 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-07-27 15:34 . 2009-08-24 15:03 -------- d-----w- c:\programmi\EasyPicture2Icon
2009-07-27 15:27 . 2009-07-27 15:27 -------- d-----w- c:\programmi\File comuni\ConvexSoft
2009-07-27 15:27 . 2009-07-27 15:27 -------- d-----w- c:\programmi\ConvexSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 22:01 . 2009-04-19 20:09 -------- d-----w- c:\programmi\cFosSpeed
2009-08-25 13:17 . 2009-04-19 17:12 -------- d-----w- c:\programmi\EPSON Print CD
2009-08-25 13:04 . 2009-04-19 08:39 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Ashampoo
2009-08-24 16:12 . 2009-04-19 07:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-08-22 21:45 . 2009-05-09 17:18 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-21 21:45 . 2009-04-21 07:15 395744 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-21 21:45 . 2009-04-21 07:15 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-21 21:45 . 2009-04-21 07:15 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-20 10:05 . 2009-04-19 20:00 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 08:59 . 2002-12-31 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 15:59 . 2009-04-19 19:59 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-01 07:09 . 2009-04-28 13:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VSO
2009-08-01 06:51 . 2009-04-18 22:01 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-31 08:53 . 2009-05-03 07:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 08:53 . 2009-05-03 07:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-31 08:53 . 2009-05-03 07:39 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 08:53 . 2009-07-16 07:21 3476760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgui.exe
2009-07-30 12:28 . 2009-04-21 07:49 -------- d-----w- c:\programmi\Plustek OpticSlim M12
2009-07-27 13:59 . 2009-06-27 09:29 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-07-26 15:58 . 2009-07-26 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-07-26 15:58 . 2009-07-26 15:58 -------- d-----w- c:\programmi\Innovative Solutions
2009-07-25 07:39 . 2009-07-25 07:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\IcoFX
2009-07-25 07:13 . 2009-07-25 07:13 -------- d-----w- c:\programmi\IcoFX 1.6
2009-07-24 12:40 . 2009-07-24 12:40 -------- d-----w- c:\programmi\File comuni\Nero
2009-07-22 15:50 . 2009-07-22 15:50 7680 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\4000006fa00002i\SpywareCease.exe
2009-07-22 15:49 . 2009-07-22 15:50 721178 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\unins000.exe
2009-07-22 15:49 . 2009-07-15 07:57 14570864 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\update\SpywareCease_Setup.exe
2009-07-22 15:30 . 2009-07-22 15:30 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2009-07-22 15:25 . 2009-07-22 15:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-22 15:21 . 2009-07-22 15:50 7269168 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\SpywareCease.exe
2009-07-22 14:23 . 2009-07-22 15:50 70960 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\mtools.dll
2009-07-21 09:46 . 2009-07-22 15:50 1006896 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\AutoUpdate.exe
2009-07-20 13:08 . 2009-07-22 15:50 202032 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\opfile.dll
2009-07-17 19:01 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 14:45 . 2009-04-30 16:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2009-07-15 09:27 . 2009-07-22 15:50 197936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\networkdll.dll
2009-07-15 07:58 . 2009-07-15 07:58 7680 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\4000001a00002i\SpywareCease_Setup.exe
2009-07-15 07:57 . 2009-07-15 07:57 7680 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\400000fa00002i\AutoUpdate.exe
2009-07-15 07:56 . 2009-07-15 07:56 7680 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\4000008000002i\Splash Screen.exe
2009-07-15 07:56 . 2009-07-13 15:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall
2009-07-13 21:43 . 2002-12-31 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 18:34 . 2009-07-13 18:34 -------- d-----w- c:\programmi\JRE
2009-07-13 18:33 . 2009-07-13 18:33 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-07-13 18:33 . 2009-07-13 18:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale
2009-07-13 18:33 . 2009-07-13 18:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2009-07-12 15:25 . 2009-04-19 07:30 114568 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-12 14:48 . 2009-07-12 14:48 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-12 14:44 . 2009-07-12 14:44 682496 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\uno_packages\3A.tmp_\pdfimport-Windows.oxt\pdfimport.uno.dll
2009-07-12 14:44 . 2009-07-12 14:44 655872 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\uno_packages\3A.tmp_\pdfimport-Windows.oxt\msvcr90.dll
2009-07-12 14:44 . 2009-07-12 14:44 568832 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\uno_packages\3A.tmp_\pdfimport-Windows.oxt\msvcp90.dll
2009-07-12 14:44 . 2009-07-12 14:44 564224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\uno_packages\3A.tmp_\pdfimport-Windows.oxt\xpdfimport.exe
2009-07-12 14:44 . 2009-07-12 14:44 224768 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\uno_packages\3A.tmp_\pdfimport-Windows.oxt\msvcm90.dll
2009-07-12 14:44 . 2009-07-12 14:44 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org-originale\3\user\uno_packages\cache\stamp.sys
2009-07-11 16:45 . 2009-04-19 08:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\IObit
2009-07-11 16:28 . 2009-07-11 16:28 -------- d-----w- c:\programmi\redist
2009-07-11 16:28 . 2009-07-11 16:28 -------- d-----w- c:\programmi\readmes
2009-07-11 16:28 . 2009-07-11 16:28 -------- d-----w- c:\programmi\licenses
2009-07-11 16:28 . 2009-04-21 18:58 -------- d-----w- c:\programmi\Java
2009-07-09 16:40 . 2009-06-25 21:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Orbit
2009-07-08 08:20 . 2009-07-22 15:50 34736 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%SystemSystem%\drivers\RKHit.sys
2009-07-06 09:06 . 2009-07-22 15:50 65328 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\zlib1.dll
2009-07-06 09:06 . 2009-07-22 15:50 238896 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\spkdll.dll
2009-07-06 09:06 . 2009-07-22 15:50 197936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\ussafe.dll
2009-07-06 09:06 . 2009-07-22 15:50 120112 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\RkHitApi.dll
2009-07-03 16:55 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 16:35 . 2009-06-17 14:54 -------- d-----w- c:\programmi\Simple Sudoku
2009-06-29 18:58 . 2009-07-22 15:50 185624 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\Spyware Cease v4.0\%ProgramFilesDir%\Spyware Cease\md5.dll
2009-06-28 12:46 . 2009-04-18 22:38 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-27 16:39 . 2009-06-27 16:39 -------- d-----w- c:\programmi\VSO
2009-06-27 14:31 . 2009-06-27 14:31 -------- d-----w- c:\programmi\pdfconverter.com
2009-06-26 13:11 . 2002-12-31 12:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2002-12-31 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2002-12-31 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2002-12-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:41 . 2002-12-31 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2002-12-31 12:00 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 10:28 . 2002-12-31 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 15:12 . 2009-06-16 15:12 43646 -c--a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_D707CE1C009F1381803C2C.exe
2009-06-16 15:12 . 2009-06-16 15:12 43646 -c--a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_21F3885A18D238E15AAE81.exe
2009-06-16 15:12 . 2009-06-16 15:12 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_E3296CA52D73B98AE9B5F9.exe
2009-06-16 15:12 . 2009-06-16 15:12 43646 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_BBCA226959C1D3D63C885B.exe
2009-06-16 15:12 . 2009-06-16 15:12 29926 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_EDC08689E679B6EDDC26F8.exe
2009-06-16 15:12 . 2009-06-16 15:12 109534 -c--a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_6FEFF9B68218417F98F549.exe
2009-06-16 14:36 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-12-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:08 . 2002-12-31 12:00 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-15 10:43 . 2002-12-31 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-12-31 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:17 . 2002-12-31 12:00 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:22 . 2009-04-18 22:00 2067968 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:11 . 2002-12-31 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 10:55 . 2009-07-23 15:53 65536 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\mmqbmye6.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
2009-04-23 16:37 . 2009-04-23 16:37 336 ----a-w- c:\programmi\setup.ini
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programmi\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programmi\instmsia.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E07IXLRD_1768906"="c:\programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" [2006-06-13 351000]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-04-19 214456]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-07-27 1644784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"cFosSpeed"="c:\programmi\cFosSpeed\cFosSpeed.exe" [2008-07-18 867544]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"PCE Print Dispatcher"="c:\windows\system32\pcPDisp.exe" [2009-02-11 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-12 1186904]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-12 1962736]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2006-12-12 87584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-04-10 16126464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 08:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Smart Touch.lnk]
backup=c:\windows\pss\Smart Touch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgam.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [03/05/2009 9.39.18 12552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/05/2009 9.39.14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/05/2009 9.39.17 108552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14.07.26 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14.07.26 72944]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [29/07/2009 14.27.01 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [29/07/2009 14.26.58 41424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/05/2009 9.39.01 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [03/05/2009 10.28.21 1370488]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [06/08/2008 11.34.02 216032]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [03/05/2009 9.19.45 29208]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [29/07/2009 14.27.01 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2009 16.20.00 99472]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [14/10/2008 15.35.47 37376]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [03/05/2009 9.19.45 29208]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [08/07/2008 12.39.28 31712]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14.07.28 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-07-29 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\programmi\Defraggler\df.exe [2009-07-22 14:10]
2009-08-25 c:\windows\Tasks\WinASORegistryOptimizerForAdministrator.job
- c:\programmi\WinASO\Registry Optimizer\RegOpt.exe [2009-05-03 05:35]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-TrueImageMonitor - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
IE: Aggiungi al banner Blocco pubblicità
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\programmi\Nitro PDF\PDF Download\nitroweb.htm
IE: {{AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\programmi\Nitro PDF\PDF Download\NitroPDF.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\mmqbmye6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/|http://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\mmqbmye6.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\mmqbmye6.default\extensions\fotofox@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.pipelining - falsec:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-26 00:12
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-839522115-1364589140-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,74,57,2c,fb,51,d6,4f,b1,ec,d0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,74,57,2c,fb,51,d6,4f,b1,ec,d0,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\relog_ap.dll
.
Ora fine scansione: 2009-08-25 0.13.41
ComboFix-quarantined-files.txt 2009-08-25 22:13
Pre-Run: 68.080.885.760 byte disponibili
Post-Run: 68.037.021.696 byte disponibili
340 --- E O F --- 2009-08-15 07:35
ciao e grazie di tutto