Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » combofix

combofix Opzioni
Topic Precedente · Topic Sucessivo
tamagon
Inviato: Sunday, August 30, 2009 5:44:05 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ciao,oggi per curiosità ho fatto una scansione con combofix e questo è il log;chi me lo può controllare per favore?grazie e buona domenicaBoo hoo!

ComboFix 09-08-29.01 - Proprietario 30/08/2009 17.20.41.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.585 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\105789.msp
c:\windows\Installer\10578a.msp
c:\windows\Installer\10578b.msp
c:\windows\Installer\10578c.msp
c:\windows\Installer\10578d.msp
c:\windows\Installer\10578e.msp
c:\windows\Installer\10578f.msp
c:\windows\Installer\105790.msp
c:\windows\Installer\105791.msp
c:\windows\Installer\10fbad.msi
c:\windows\Installer\10fbc9.msi
c:\windows\Installer\11976c.msp
c:\windows\Installer\11976d.msp
c:\windows\Installer\11976e.msp
c:\windows\Installer\11976f.msp
c:\windows\Installer\119770.msp
c:\windows\Installer\119771.msp
c:\windows\Installer\119772.msp
c:\windows\Installer\119773.msp
c:\windows\Installer\119774.msp
c:\windows\Installer\164396.msp
c:\windows\Installer\164397.msp
c:\windows\Installer\164398.msp
c:\windows\Installer\164399.msp
c:\windows\Installer\16439a.msp
c:\windows\Installer\16439b.msp
c:\windows\Installer\16439c.msp
c:\windows\Installer\16439d.msp
c:\windows\Installer\16439e.msp
c:\windows\Installer\169679.msp
c:\windows\Installer\16967a.msp
c:\windows\Installer\16967b.msp
c:\windows\Installer\16967c.msp
c:\windows\Installer\16967d.msp
c:\windows\Installer\16967e.msp
c:\windows\Installer\16967f.msp
c:\windows\Installer\169680.msp
c:\windows\Installer\169681.msp
c:\windows\Installer\172962.msp
c:\windows\Installer\172963.msp
c:\windows\Installer\172964.msp
c:\windows\Installer\172965.msp
c:\windows\Installer\172966.msp
c:\windows\Installer\172967.msp
c:\windows\Installer\172968.msp
c:\windows\Installer\172969.msp
c:\windows\Installer\17296a.msp
c:\windows\Installer\17f491.msi
c:\windows\Installer\1c1f29.msp
c:\windows\Installer\1c1f2a.msp
c:\windows\Installer\1c1f2b.msp
c:\windows\Installer\1c1f2c.msp
c:\windows\Installer\1c1f2d.msp
c:\windows\Installer\1c1f2e.msp
c:\windows\Installer\1c1f2f.msp
c:\windows\Installer\1c1f30.msp
c:\windows\Installer\1c1f31.msp
c:\windows\Installer\1c2999.msp
c:\windows\Installer\1c299a.msp
c:\windows\Installer\1c299b.msp
c:\windows\Installer\1c299c.msp
c:\windows\Installer\1c299d.msp
c:\windows\Installer\1c299e.msp
c:\windows\Installer\1c299f.msp
c:\windows\Installer\1c29a0.msp
c:\windows\Installer\1c29a1.msp
c:\windows\Installer\1ddaf.msi
c:\windows\Installer\200b5f.msp
c:\windows\Installer\200b60.msp
c:\windows\Installer\200b61.msp
c:\windows\Installer\200b62.msp
c:\windows\Installer\200b63.msp
c:\windows\Installer\200b64.msp
c:\windows\Installer\200b65.msp
c:\windows\Installer\200b66.msp
c:\windows\Installer\200b67.msp
c:\windows\Installer\2d539.msp
c:\windows\Installer\2d53a.msp
c:\windows\Installer\2d53b.msp
c:\windows\Installer\2d53c.msp
c:\windows\Installer\2d53d.msp
c:\windows\Installer\2d53e.msp
c:\windows\Installer\2d53f.msp
c:\windows\Installer\2d540.msp
c:\windows\Installer\2d541.msp
c:\windows\Installer\2eebc.msp
c:\windows\Installer\2eebd.msp
c:\windows\Installer\2eebe.msp
c:\windows\Installer\2eebf.msp
c:\windows\Installer\2eec0.msp
c:\windows\Installer\2eec1.msp
c:\windows\Installer\2eec2.msp
c:\windows\Installer\2eec3.msp
c:\windows\Installer\2eec4.msp
c:\windows\Installer\30d21.msp
c:\windows\Installer\30d22.msp
c:\windows\Installer\30d23.msp
c:\windows\Installer\30d24.msp
c:\windows\Installer\30d25.msp
c:\windows\Installer\30d26.msp
c:\windows\Installer\30d27.msp
c:\windows\Installer\30d28.msp
c:\windows\Installer\30d29.msp
c:\windows\Installer\3214ed.msp
c:\windows\Installer\3214ee.msp
c:\windows\Installer\3214ef.msp
c:\windows\Installer\3214f0.msp
c:\windows\Installer\3214f1.msp
c:\windows\Installer\3214f2.msp
c:\windows\Installer\3214f3.msp
c:\windows\Installer\3214f4.msp
c:\windows\Installer\3214f5.msp
c:\windows\Installer\3732e.msp
c:\windows\Installer\3732f.msp
c:\windows\Installer\37330.msp
c:\windows\Installer\37331.msp
c:\windows\Installer\37332.msp
c:\windows\Installer\37333.msp
c:\windows\Installer\37334.msp
c:\windows\Installer\37335.msp
c:\windows\Installer\37336.msp
c:\windows\Installer\3b9bfa.msi
c:\windows\Installer\3b9bfb.msp
c:\windows\Installer\3b9bfc.msp
c:\windows\Installer\3b9bfd.msp
c:\windows\Installer\3b9bfe.msp
c:\windows\Installer\3b9bff.msp
c:\windows\Installer\3b9c00.msp
c:\windows\Installer\3b9c01.msp
c:\windows\Installer\3b9c02.msp
c:\windows\Installer\3b9c03.msp
c:\windows\Installer\3e5036.msp
c:\windows\Installer\3e5037.msp
c:\windows\Installer\3e5038.msp
c:\windows\Installer\3e5039.msp
c:\windows\Installer\3e503a.msp
c:\windows\Installer\3e503b.msp
c:\windows\Installer\3e503c.msp
c:\windows\Installer\3e503d.msp
c:\windows\Installer\3e503e.msp
c:\windows\Installer\3e939.msp
c:\windows\Installer\3e93a.msp
c:\windows\Installer\3e93b.msp
c:\windows\Installer\3e93c.msp
c:\windows\Installer\3e93d.msp
c:\windows\Installer\3e93e.msp
c:\windows\Installer\3e93f.msp
c:\windows\Installer\3e940.msp
c:\windows\Installer\3e941.msp
c:\windows\Installer\3fcc66.msp
c:\windows\Installer\3fcc67.msp
c:\windows\Installer\3fcc68.msp
c:\windows\Installer\3fcc69.msp
c:\windows\Installer\3fcc6a.msp
c:\windows\Installer\3fcc6b.msp
c:\windows\Installer\3fcc6c.msp
c:\windows\Installer\3fcc6d.msp
c:\windows\Installer\3fcc6e.msp
c:\windows\Installer\40329d.msi
c:\windows\Installer\419c13.msi
c:\windows\Installer\419c14.msp
c:\windows\Installer\419c15.msp
c:\windows\Installer\419c16.msp
c:\windows\Installer\419c17.msp
c:\windows\Installer\419c18.msp
c:\windows\Installer\419c19.msp
c:\windows\Installer\419c1a.msp
c:\windows\Installer\419c1b.msp
c:\windows\Installer\419c1c.msp
c:\windows\Installer\419c1d.msp
c:\windows\Installer\428235.msi
c:\windows\Installer\428236.msp
c:\windows\Installer\44217.msp
c:\windows\Installer\44218.msp
c:\windows\Installer\44219.msp
c:\windows\Installer\4421a.msp
c:\windows\Installer\4421b.msp
c:\windows\Installer\4421c.msp
c:\windows\Installer\4421d.msp
c:\windows\Installer\4421e.msp
c:\windows\Installer\4421f.msp
c:\windows\Installer\60c19.msp
c:\windows\Installer\60c1a.msp
c:\windows\Installer\60c1b.msp
c:\windows\Installer\60c1c.msp
c:\windows\Installer\60c1d.msp
c:\windows\Installer\60c1e.msp
c:\windows\Installer\60c1f.msp
c:\windows\Installer\60c20.msp
c:\windows\Installer\60c21.msp
c:\windows\Installer\6288cb.msp
c:\windows\Installer\6288cc.msp
c:\windows\Installer\6288cd.msp
c:\windows\Installer\6288ce.msp
c:\windows\Installer\6288cf.msp
c:\windows\Installer\6288d0.msp
c:\windows\Installer\6288d1.msp
c:\windows\Installer\6288d2.msp
c:\windows\Installer\6288d3.msp
c:\windows\Installer\66a81.msp
c:\windows\Installer\66a8b.msp
c:\windows\Installer\66a96.msp
c:\windows\Installer\6c747c.msp
c:\windows\Installer\6ec6e.msi
c:\windows\Installer\a4ebc.msp
c:\windows\Installer\a4ebd.msp
c:\windows\Installer\a4ebe.msp
c:\windows\Installer\a4ebf.msp
c:\windows\Installer\a4ec0.msp
c:\windows\Installer\a4ec1.msp
c:\windows\Installer\a4ec2.msp
c:\windows\Installer\a4ec3.msp
c:\windows\Installer\a4ec4.msp
c:\windows\Installer\b37760.msi
c:\windows\Installer\b5b4e.msp
c:\windows\Installer\c24bc0.msp
c:\windows\Installer\c24bc1.msp
c:\windows\Installer\c24bc2.msp
c:\windows\Installer\c24bc3.msp
c:\windows\Installer\c24bc4.msp
c:\windows\Installer\c24bc5.msp
c:\windows\Installer\c24bc6.msp
c:\windows\Installer\c24bc7.msp
c:\windows\Installer\c24bc8.msp
c:\windows\Installer\cbef1.msp
c:\windows\Installer\cbef2.msp
c:\windows\Installer\cbef3.msp
c:\windows\Installer\cbef4.msp
c:\windows\Installer\cbef5.msp
c:\windows\Installer\cbef6.msp
c:\windows\Installer\cbef7.msp
c:\windows\Installer\cbef8.msp
c:\windows\Installer\cbef9.msp
c:\windows\Installer\df2464.msp
c:\windows\Installer\df2465.msp
c:\windows\Installer\df2466.msp
c:\windows\Installer\df2467.msp
c:\windows\Installer\df2468.msp
c:\windows\Installer\df2469.msp
c:\windows\Installer\df246a.msp
c:\windows\Installer\df246b.msp
c:\windows\Installer\df246c.msp
c:\windows\Installer\fbb49.msp
c:\windows\Installer\fbb4a.msp
c:\windows\Installer\fbb4b.msp
c:\windows\Installer\fbb4c.msp
c:\windows\Installer\fbb4d.msp
c:\windows\Installer\fbb4e.msp
c:\windows\Installer\fbb4f.msp
c:\windows\Installer\fbb50.msp
c:\windows\Installer\fbb51.msp
c:\windows\Installer\ffe7c.msp
c:\windows\Installer\ffe7d.msp
c:\windows\Installer\ffe7e.msp
c:\windows\Installer\ffe7f.msp
c:\windows\Installer\ffe80.msp
c:\windows\Installer\ffe81.msp
c:\windows\Installer\ffe82.msp
c:\windows\Installer\ffe83.msp
c:\windows\Installer\ffe84.msp

.
((((((((((((((((((((((((( Files Creati Da 2009-07-28 al 2009-08-30 )))))))))))))))))))))))))))))))))))
.

2009-08-29 15:36 . 2009-08-29 15:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2009-08-29 14:54 . 2009-08-29 15:43 -------- d-----w- C:\Advanced SystemCare 3
2009-08-28 22:00 . 2009-08-28 22:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Arovax
2009-08-27 16:37 . 2009-08-27 16:37 -------- d-----w- C:\toto14
2009-08-27 16:32 . 2009-08-27 16:32 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Softvision
2009-08-27 16:32 . 2009-08-27 16:32 -------- d-----w- c:\programmi\Softvision
2009-08-27 16:32 . 2009-08-27 16:32 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Softvision
2009-08-27 14:35 . 2009-08-27 14:35 -------- d-----w- c:\programmi\PowerISO
2009-08-25 15:50 . 2009-08-25 15:50 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 15:50 . 2009-08-25 15:50 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 15:50 . 2009-08-25 15:50 264720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-25 15:50 . 2009-08-25 15:50 59920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-08-25 15:50 . 2009-08-25 15:50 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-08-25 15:50 . 2009-08-25 15:50 264720 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-08-24 17:23 . 2007-06-28 14:30 28672 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\hghox8ke.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
2009-08-24 16:07 . 2009-08-30 15:20 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-23 18:45 . 2009-08-23 18:45 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Cooliris
2009-08-23 16:02 . 2009-08-23 16:02 -------- d-----w- c:\programmi\DsNET Corp
2009-08-22 17:49 . 2009-08-22 17:50 -------- d-----w- c:\programmi\FreeTime
2009-08-22 16:43 . 2009-08-29 14:58 -------- d-----w- c:\programmi\Any Video Converter
2009-08-22 16:17 . 2009-08-30 15:10 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\vlc
2009-08-22 14:26 . 2009-08-22 14:26 -------- d-----w- C:\ubuntu
2009-08-22 13:23 . 2009-08-22 13:23 -------- d-----w- c:\programmi\JerMar Software Corp
2009-08-22 13:23 . 2001-11-29 06:57 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2009-08-21 16:54 . 2009-08-21 16:54 -------- d-----w- C:\Nexon
2009-08-21 16:54 . 2009-08-21 16:54 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-08-19 19:54 . 2009-08-19 22:36 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Ashampoo
2009-08-19 19:40 . 2009-08-19 19:40 -------- d-----w- c:\programmi\Ashampoo
2009-08-19 15:15 . 2009-08-19 16:42 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Download Manager
2009-08-19 09:17 . 2009-08-19 09:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-17 17:28 . 2009-08-19 09:16 -------- d-----w- c:\programmi\ThreatFire
2009-08-17 17:07 . 2009-08-17 17:07 -------- d-----w- c:\documents and settings\Proprietario\DoctorWeb
2009-08-16 15:54 . 2009-08-19 09:16 -------- d-----w- c:\programmi\Anubis P2P
2009-08-16 15:50 . 2009-08-19 09:16 -------- d-----w- c:\programmi\AGStreme
2009-08-14 16:17 . 2009-08-29 14:58 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\VSO
2009-08-14 16:17 . 2009-08-14 16:17 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\VSO
2009-08-14 16:16 . 2009-08-14 16:16 -------- d-----w- c:\programmi\VSO
2009-08-13 21:41 . 2009-08-13 21:41 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\URSE Games
2009-08-13 21:41 . 2009-08-13 21:41 -------- d-----w- c:\programmi\GameTop.com
2009-08-13 11:55 . 2008-04-14 02:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 10:52 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 18:06 . 2009-08-16 13:44 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Quadra
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 21:16 . 2009-08-04 21:16 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\AVG8
2009-08-04 20:28 . 2009-08-04 21:00 -------- d-----w- c:\programmi\BeatBall2
2009-08-04 20:27 . 2009-08-04 20:30 -------- d-----w- c:\programmi\Netris
2009-08-01 16:39 . 2009-08-01 17:15 -------- d-----w- c:\programmi\Kyodai Mahjongg 2006

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 15:05 . 2009-07-07 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-08-29 17:16 . 2009-03-03 19:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-29 15:36 . 2009-03-07 15:46 -------- d-----w- c:\programmi\IObit
2009-08-29 14:58 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Superenalotto 3000
2009-08-29 14:58 . 2009-01-30 20:22 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\TeraCopy
2009-08-29 14:58 . 2009-07-31 09:37 -------- d-----w- c:\programmi\DXBall2
2009-08-29 14:40 . 2004-08-19 11:00 591756 ----a-w- c:\windows\system32\perfh010.dat
2009-08-29 14:40 . 2004-08-19 11:00 131868 ----a-w- c:\windows\system32\perfc010.dat
2009-08-28 17:03 . 2009-02-15 18:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-28 16:34 . 2009-01-06 21:23 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\uTorrent
2009-08-27 16:35 . 2006-01-01 01:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-25 16:04 . 2009-03-21 17:39 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\dvdcss
2009-08-24 16:06 . 2009-08-24 16:06 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-23 16:25 . 2009-01-06 18:39 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Desktopicon
2009-08-16 13:58 . 2009-08-16 13:58 1840 ----a-w- c:\windows\pchealth\helpctr\PackageStore(2)\SkuStore.bin
2009-08-16 13:58 . 2009-08-16 13:58 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache(2)\index.dat
2009-08-11 16:36 . 2009-03-28 17:25 -------- d-----w- c:\programmi\blueMSX
2009-08-10 18:30 . 2009-01-06 22:19 -------- d-----w- c:\programmi\Quadra
2009-08-05 15:52 . 2009-01-05 23:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-05 15:52 . 2009-03-02 19:12 3942048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 08:59 . 2004-08-19 11:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-01-05 23:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-01-05 23:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 17:40 . 2009-08-02 17:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-02 17:40 . 2009-08-02 17:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-02 17:12 . 2009-03-22 20:36 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\SUPERAntiSpyware.com
2009-08-02 17:12 . 2009-01-29 18:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-08-02 17:12 . 2009-03-22 20:36 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-01 16:39 . 2009-07-31 09:29 -------- d-----w- c:\programmi\Kyodai
2009-07-31 14:39 . 2009-04-19 17:55 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-31 14:22 . 2009-07-31 14:22 -------- d-----w- c:\programmi\Zone.com Deluxe Games
2009-07-31 09:46 . 2009-07-31 09:46 -------- d-----w- c:\programmi\Alhademic Sniper
2009-07-31 09:23 . 2009-07-31 09:23 -------- d-----w- c:\programmi\Alawar
2009-07-30 22:21 . 2009-07-30 21:55 12322 ----a-w- c:\windows\system32\SpoonUninstall-Jardinains!.dat
2009-07-30 22:21 . 2009-07-02 16:35 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-30 22:07 . 2009-06-30 17:59 -------- d-----w- c:\programmi\OpenAL
2009-07-30 22:05 . 2009-06-30 17:59 -------- d-----w- c:\programmi\Jardinains 2!
2009-07-30 21:55 . 2009-07-02 16:35 -------- d-----w- c:\programmi\Jardinains!
2009-07-30 21:22 . 2009-02-20 17:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-30 21:11 . 2009-07-28 16:42 -------- d-----w- c:\programmi\ATS2
2009-07-30 21:10 . 2009-01-06 18:39 -------- d-----w- c:\programmi\Unlocker
2009-07-30 09:18 . 2009-07-30 09:18 49211 ----a-w- c:\documents and settings\Jardinains 2!\unins000.dat
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-26 15:39 . 2009-07-26 15:39 -------- d-----w- c:\programmi\Sophos
2009-07-20 16:08 . 2009-01-05 19:30 -------- d-----w- c:\programmi\Google
2009-07-17 19:01 . 2004-08-19 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 18:07 . 2009-01-16 07:58 -------- d-----w- c:\programmi\HP
2009-07-17 18:06 . 2009-07-17 18:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2009-07-15 16:13 . 2009-07-15 16:12 -------- d-----w- c:\programmi\Superenalotto 3000
2009-07-15 15:37 . 2009-07-15 15:37 -------- d-----w- c:\programmi\Tetris
2009-07-13 21:43 . 2004-08-19 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 15:49 . 2009-07-11 15:42 -------- d-----w- c:\programmi\SpeedFan
2009-07-11 15:20 . 2009-07-11 15:20 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Neverball
2009-07-10 17:21 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-10 17:21 . 2009-07-10 17:21 296976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\5.1\klif.sys
2009-07-10 17:21 . 2009-07-10 17:21 128016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-10 17:20 . 2009-07-10 17:20 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-10 17:18 . 2009-07-10 17:18 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-10 17:18 . 2009-07-10 17:18 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-10 17:17 . 2009-02-21 19:24 -------- d-----w- c:\programmi\Kaspersky Lab
2009-07-10 17:16 . 2009-01-26 23:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-07-09 23:01 . 2009-07-09 23:01 -------- d-----w- c:\programmi\FreeGamePick.com
2009-07-09 08:56 . 2009-07-09 08:56 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-07-09 08:56 . 2009-07-09 08:56 -------- d-----w- c:\programmi\File comuni\Nokia
2009-07-09 08:56 . 2009-01-16 19:32 -------- d-----w- c:\programmi\Nokia
2009-07-09 08:55 . 2009-01-16 19:33 -------- d-----w- c:\programmi\DIFX
2009-07-09 08:55 . 2009-07-09 08:55 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-07-09 08:54 . 2009-07-09 08:54 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-09 08:54 . 2009-07-09 08:54 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-09 08:54 . 2009-07-09 08:54 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-09 08:54 . 2009-07-09 08:54 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-09 08:51 . 2009-07-09 08:54 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita.exe
2009-07-08 17:14 . 2009-01-16 19:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-07-07 19:11 . 2006-01-01 02:08 26152 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-05 16:39 . 2009-07-05 16:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Innovative Solutions
2009-07-03 17:23 . 2009-07-03 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PassMark
2009-07-03 16:55 . 2004-08-19 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 16:18 . 2009-07-01 15:56 -------- d-----w- c:\programmi\Lavasoft
2009-07-01 15:56 . 2009-07-01 15:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-06-30 17:59 . 2009-06-30 17:59 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-30 17:59 . 2009-06-30 17:59 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-26 17:24 . 2009-06-26 17:10 123143 ----a-w- c:\windows\hpoins11.dat
2009-06-25 08:25 . 2004-08-19 11:00 735744 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-19 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-19 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-19 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-19 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-19 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-19 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-19 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 13:24 . 2009-06-15 13:24 64072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\Italian\setup.exe
2009-06-15 10:43 . 2004-08-19 11:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-19 11:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2006-01-01 01:14 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-19 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-19 11:00 1296384 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"L09IXLRD_3606125"="c:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" [2009-03-02 351000]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-11 15961088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20.41.32 33808]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20/02/2009 19.47.14 55152]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [27/01/2009 21.44.17 46080]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20.59.44 19472]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [27/01/2009 21.44.03 56960]
S2 gupdate1c98f9ee3c86c5c;Servizio di Google Update (gupdate1c98f9ee3c86c5c);c:\programmi\Google\Update\GoogleUpdate.exe [15/02/2009 20.54.53 133104]
S3 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-30 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-05-04 19:44]

2009-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 18:53]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-15 18:54]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-15 18:54]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\hghox8ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2207609&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\hghox8ke.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1220945662-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1F14D1D7-B391-AC45-918D-4B980785CB51}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abemkbiibhifolnloeeggflcmhnoipebce"=hex:61,61,00,00
"bbemkbiibhifolnloehgnbgicldckcklelkn"=hex:61,61,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-30 17.33.49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-30 15:33

Pre-Run: 203.230.048.256 byte disponibili
Post-Run: 203.132.002.304 byte disponibili

615


dopo questa scansione il pc è molto più veloce,prima era molto più lentoThink
Torna in alto
 
Sponsor
Inviato: Sunday, August 30, 2009 5:44:05 PM

 
Torna in alto
 
r16
Inviato: Sunday, August 30, 2009 10:23:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
tamagon ha scritto:

dopo questa scansione il pc è molto più veloce,prima era molto più lentoThink

Ti credo.
Ho perso il conto di quanti file infetti ha eliminato.
E ti garantisco, che se dai una "sfoltita" a tutti quei giochi che hai installato, migliorerebbe di più.
Tu non hai un computer, ma una sala giochi.

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

Per sicurezza fai una scansione con Mbam:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.
Torna in alto
 
tamagon
Inviato: Monday, August 31, 2009 6:23:49 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ciao e grazie ancora una volta,ecco il log
Malwarebytes' Anti-Malware 1.40
Versione del database: 2721
Windows 5.1.2600 Service Pack 3

31/08/2009 18.21.38
mbam-log-2009-08-31 (18-21-38).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 174840
Tempo trascorso: 1 hour(s), 3 minute(s), 40 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

quello di hjt l'ho controllato sul sito e risulta ok,comunque lo posto lo stesso
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.24.26, on 31/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [L09IXLRD_3606125] "C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Servizio di Google Update (gupdate1c98f9ee3c86c5c) (gupdate1c98f9ee3c86c5c) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programmi\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7850 bytes


Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
r16
Inviato: Monday, August 31, 2009 7:06:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Fai queste pulizie:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected Poi esegui una deframmentazione del HD.
Ciao.
Torna in alto
 
tamagon
Inviato: Monday, August 31, 2009 7:29:02 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ok, ciao e grazie ora problemi non ne hoPray Pray
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » combofix


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.