ciaor16 scusami se non ho osservato la sequenza delle tue informazioni descritte nella mail precedente, ma il PC a volte non collabora.
Asd ogni buon conto, questo è il LOG di COMBOFIX
ComboFix 10-01-21.08 - admin 23/01/2010 21.44.45.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1101 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((( Files Creati Da 2009-12-23 al 2010-01-23 )))))))))))))))))))))))))))))))))))
.
2010-01-23 16:34 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-23 16:34 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-23 16:34 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-23 16:34 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-23 16:34 . 2010-01-23 16:34 -------- d-----w- c:\programmi\Avira
2010-01-23 16:34 . 2010-01-23 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-01-22 02:09 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-21 21:27 . 2010-01-21 21:27 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2010-01-21 18:52 . 2010-01-21 19:23 -------- dc----w- C:\$AVG
2010-01-21 18:50 . 2010-01-23 15:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-01-21 16:52 . 2010-01-21 16:52 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\Malwarebytes
2010-01-21 16:52 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-21 16:52 . 2010-01-21 16:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-21 16:52 . 2010-01-21 17:07 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-21 16:52 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-21 12:46 . 2010-01-23 15:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-01-21 12:46 . 2010-01-23 15:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-20 21:47 . 2010-01-20 21:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-20 17:23 . 2010-01-20 17:23 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\.clamwin
2010-01-20 17:23 . 2010-01-20 17:23 -------- d-----w- c:\programmi\ClamWin
2010-01-20 17:23 . 2010-01-20 17:23 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-01-20 15:38 . 2010-01-20 15:38 -------- d-----w- c:\programmi\Trend Micro
2010-01-19 11:37 . 2010-01-19 11:37 417792 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\dbsqgfet.exe
2010-01-13 06:54 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 07:15 . 2010-01-12 07:15 -------- d-----w- c:\programmi\Uniblue
2009-12-27 07:48 . 2009-12-27 07:48 -------- d-----w- c:\programmi\Enigma Software Group
2009-12-27 07:22 . 2009-12-27 07:22 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\Uniblue
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 19:17 . 2005-09-06 06:14 -------- d-----w- c:\programmi\TopText
2010-01-22 17:28 . 2005-09-13 17:06 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\Skype
2010-01-22 16:35 . 2007-12-24 21:55 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\skypePM
2010-01-22 14:29 . 2005-03-11 22:16 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\AdobeUM
2010-01-22 06:51 . 2008-09-14 12:23 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-21 21:30 . 2007-03-10 20:47 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-01-21 18:50 . 2008-06-07 07:51 -------- d-----w- c:\programmi\AVG
2010-01-21 13:20 . 2006-04-29 07:11 -------- d-----w- c:\programmi\RegistryFix
2010-01-20 22:40 . 2007-05-15 05:54 -------- d-----w- c:\programmi\eMule
2010-01-12 19:23 . 2009-12-11 20:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ascentive
2009-12-29 10:49 . 2005-03-07 00:51 -------- d-----w- c:\programmi\EPSON Print CD
2009-12-23 07:13 . 2009-12-14 10:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RegCure
2009-12-23 06:58 . 2009-12-14 10:12 -------- d-----w- c:\programmi\RegCure
2009-12-22 05:08 . 2004-08-19 12:00 669696 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:08 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-14 11:11 . 2009-12-14 11:11 -------- dc----w- c:\documents and settings\admin\Dati applicazioni\Ascentive
2009-12-11 21:01 . 2009-11-02 16:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-09 11:07 . 2004-08-19 12:00 48308 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 11:07 . 2004-08-19 12:00 346260 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 18:28 . 2009-12-08 18:28 351744 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\thgaanti.exe
2009-12-08 14:22 . 2009-12-08 14:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\GoldWaveCDDB
2009-11-30 18:27 . 2009-11-30 18:27 293376 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\fmuldl.exe
2009-11-28 18:27 . 2009-11-28 18:27 434176 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\czwlaxmd.exe
2009-11-26 18:26 . 2009-11-26 18:26 319488 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\tiere.exe
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 18:22 . 2009-11-12 18:22 327680 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\amyeqeh.exe
2009-11-10 18:21 . 2009-11-10 18:21 434176 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\kwtyvamj.exe
2009-11-04 09:29 . 2009-11-04 09:29 152576 -c--a-w- c:\documents and settings\admin\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 16:31 . 2009-11-02 16:31 74 ---ha-w- c:\windows\UBURN.DAT
2009-10-27 09:32 . 2009-10-27 09:32 405504 ----a-w- c:\documents and settings\admin\Impostazioni locali\Dati applicazioni\ukkahw.exe
2006-11-30 17:51 . 2006-11-30 17:48 14879120 -c--a-w- c:\programmi\GoogleEarthWin.exe
2006-10-23 08:08 . 2006-10-23 08:08 17207032 -c--a-w- c:\programmi\avg75free_428a818.exe
2006-09-25 21:12 . 2006-09-25 21:12 7908566 -c--a-w- c:\programmi\nero66012_ita.exe
2006-09-25 13:19 . 2006-09-25 13:18 2405604 -c--a-w- c:\programmi\123dvdclone.exe
2006-09-18 17:08 . 2006-09-18 17:08 2072690 -c--a-w- c:\programmi\wfaxaut.exe
2006-09-15 13:42 . 2006-09-15 13:42 1159680 -c--a-w- c:\programmi\USR2884C-Win2000-XP-V177.exe
2006-09-15 13:34 . 2006-09-15 13:35 1225728 -c--a-w- c:\programmi\2884_XP_199_v92upgrade.exe
2006-09-01 12:37 . 2006-09-01 12:37 806483 ----a-w- c:\programmi\dvddecripter.zip
2006-02-21 14:32 . 2005-11-04 10:08 2020491 -c--a-w- c:\programmi\privacy-eraser-pro-setup.exe
2006-01-17 08:53 . 2006-01-17 08:47 24436627 -c--a-w- c:\programmi\pex85trial_eng.exe
2005-11-04 17:46 . 2005-11-04 17:46 522682 -c--a-w- c:\programmi\aspi_471a2.exe
2005-11-04 14:56 . 2005-11-04 14:56 11284970 ----a-w- c:\programmi\cdbxp_setup_3.0.116.zip
2005-11-04 14:55 . 2005-11-04 14:52 4826302 -c--a-w- c:\programmi\cdbxp_runtimes.exe
2005-11-04 14:20 . 2005-11-04 14:20 987213 -c--a-w- c:\programmi\BurnXFree.dmg
2005-11-01 14:31 . 2005-11-01 14:15 21647192 -c--a-w- c:\programmi\NVIDIA_PureVideo_Decoder_Trial_1.02-177.exe
2005-10-19 16:09 . 2005-10-19 16:09 1310720 -c--a-w- c:\programmi\isfw.exe
2005-09-29 18:51 . 2005-09-29 18:51 700416 -c--a-w- c:\programmi\StubInstaller.exe
2005-08-07 09:02 . 2005-08-07 09:01 7741336 ----a-w- c:\programmi\DivX521XP2K.exe
2005-08-07 08:52 . 2005-08-07 08:52 899414 -c--a-w- c:\programmi\SetupDVDDecrypter_3.5.4.0.exe
2005-06-08 20:56 . 2005-06-08 20:56 2000324 -c--a-w- c:\programmi\cdex_151.exe
2005-05-11 22:17 . 2005-06-11 12:40 5100032 -c--a-w- c:\programmi\Firefox Setup 1.0.4.exe
2005-03-31 20:17 . 2006-09-26 14:07 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
2005-02-26 15:20 . 2005-03-19 09:19 5086216 -c--a-w- c:\programmi\Firefox Setup 1.0.1.exe
2009-02-02 20:09 . 2009-02-02 20:08 24 --sh--w- c:\windows\SCA3C8896.tmp
2005-08-07 09:04 . 2005-08-07 09:04 56 -csha-r- c:\windows\system32\D1DEACDDC9.sys
2006-06-17 07:42 . 2006-06-17 07:42 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((
SnapShot@2010-01-23_16.14.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-01-23 19:23 . 2010-01-23 19:23 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
+ 2010-01-23 16:34 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2010-01-23 16:32 . 2010-01-23 16:32 228352 c:\windows\Installer\35fdec.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2005-03-07 01:26 . 2010-01-23 12:19 3817984 c:\windows\Installer\13890c.msi
+ 2005-03-07 01:26 . 2010-01-23 16:30 3817984 c:\windows\Installer\13890c.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PHOTOfunSTUDIO -viewer-.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
backupExtension=Common Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 06:45 31232 ----a-w- c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-11-03 20:49 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
2003-09-11 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-01-19 13:22 405583 ----a-w- c:\programmi\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 12:11 267048 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2005-12-07 08:26 489472 ----a-w- c:\programmi\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 15:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2005-12-07 08:33 73728 ----a-w- c:\programmi\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-12-09 13:32 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-09-15 12:27 2048000 -c----w- c:\programmi\ahead\nero\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-02-08 19:43 95800 ----a-w- c:\programmi\Olympus\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDrvCheck]
2003-11-10 15:06 406016 ------w- c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-11-14 22:43 286720 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 15:35 32768 ----a-w- c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-08 06:58 198160 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2004-02-04 21:04 45056 ----a-w- c:\programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Programmi\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Programmi\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programmi\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programmi\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programmi\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [07/11/2005 17.27.41 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [07/11/2005 17.27.41 527980]
S2 gupdate1c9ad7450a18406;Servizio di Google Update (gupdate1c9ad7450a18406);c:\programmi\Google\Update\GoogleUpdate.exe [25/03/2009 19.05.37 133104]
S2 USBBC;USB Bridge Cable (Windows 2000);c:\windows\system32\USBBC20.sys [14/03/2005 10.02.23 14228]
S3 SER120;OTI Serial port driver;c:\windows\system32\drivers\ser120.sys [09/05/2006 16.02.05 32910]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-25 18:05]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-25 18:05]
2010-01-23 c:\windows\Tasks\RegCure Program Check.job
- c:\programmi\RegCure\RegCure.exe [2009-12-11 19:00]
2010-01-23 c:\windows\Tasks\RegCure Startup.job
- c:\programmi\RegCure\RegCure.exe [2009-12-11 19:00]
2010-01-23 c:\windows\Tasks\RegCure.job
- c:\programmi\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://italian.ircfast.com/it/index.php?rvs=hompag
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\programmi\Advanced JPEG Compressor\ajcieex.htm
TCP: {A5920058-11F0-4267-A733-8F61BFC40EF5} = 193.70.152.15 193.70.152.25
FF - ProfilePath - c:\documents and settings\admin\Dati applicazioni\Mozilla\Firefox\Profiles\7e8j4dsh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/|http://www.virgilio.it/|http://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\admin\Dati applicazioni\Mozilla\Firefox\Profiles\7e8j4dsh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\admin\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\programmi\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-23 21:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(5876)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-01-23 22:00:28
ComboFix-quarantined-files.txt 2010-01-23 21:00
ComboFix2.txt 2010-01-23 16:16
ComboFix3.txt 2010-01-22 18:05
Pre-Run: 3.662.110.720 byte disponibili
Post-Run: 3.639.857.152 byte disponibili
- - End Of File - - 125FC50B73C56E79C6F855EDB78D4AFD
e questo è quello di Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.05.31, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://italian.ircfast.com/it/index.php?rvs=hompagR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Programmi\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137779450562O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264108325250O17 - HKLM\System\CCS\Services\Tcpip\..\{A5920058-11F0-4267-A733-8F61BFC40EF5}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servizio di Google Update (gupdate1c9ad7450a18406) (gupdate1c9ad7450a18406) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 6706 bytes
Ti saluto e ringrazio. Renzo