Ecco qui il log (ma ti sto scrivendo dalla partizione di sicurezza, la primaria che stavamo pulendo si è impallata dopo il primo riavvio fatto dopo la scansione di combofix)
Avevo chiuso NOD32, poi quando ho lanciato combofix mi ha detto che era ancora attivo, allora l'ho disinstallato prima di premere il taso ok di combofix....
HELP !!!
ComboFix 09-11-20.02 - Roberto 21/11/2009 9.24.54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1982.1482 [GMT 1:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk
c:\windows\system32\1.tmp
c:\windows\system32\drivers\pciide.sys
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Files Creati Da 2009-10-21 al 2009-11-21 )))))))))))))))))))))))))))))))))))
.
2009-11-21 08:30 . 2001-08-30 20:54 3328 -c--a-w- c:\windows\system32\dllcache\pciide.sys
2009-11-21 08:24 . 2008-04-13 10:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-21 08:24 . 2008-04-13 10:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-19 18:25 . 1993-07-23 18:31 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-11-19 18:25 . 2009-11-19 18:25 -------- d-----w- c:\windows\system32\Color
2009-11-19 18:25 . 1998-05-06 17:19 58368 ----a-w- c:\windows\pfpick.dll
2009-11-19 18:25 . 1998-05-06 17:19 40129 ----a-w- c:\windows\iccsigs.dat
2009-11-19 18:25 . 1998-05-06 17:19 20992 ----a-w- c:\windows\icccodes.dll
2009-11-19 18:25 . 1998-01-20 09:12 133120 ----a-w- c:\windows\sprof32.dll
2009-11-19 18:25 . 1995-06-06 14:15 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-11-19 18:25 . 1998-06-05 11:42 197120 ----a-w- c:\windows\kpcp32.dll
2009-11-19 18:25 . 1997-10-13 08:26 37376 ----a-w- c:\windows\KPSYS32.DLL
2009-11-19 18:24 . 1998-09-17 02:41 298496 ----a-w- c:\windows\uninst.exe
2009-11-19 18:23 . 2009-11-19 18:23 -------- d-----w- c:\documents and settings\Roberto\WINDOWS
2009-11-18 22:21 . 2009-11-18 22:21 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Malwarebytes
2009-11-18 22:21 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 22:21 . 2009-11-18 22:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-18 22:21 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 22:21 . 2009-11-18 22:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-15 23:31 . 2009-11-18 22:06 77312 ----a-w- C:\mbr.exe
2009-11-15 22:56 . 2009-11-15 22:56 -------- d-----w- c:\programmi\Sophos
2009-11-15 22:03 . 2009-11-15 22:03 -------- d-----w- c:\programmi\AVG
2009-11-15 21:20 . 2009-11-15 21:20 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Apple Computer
2009-11-15 09:50 . 2009-11-15 09:50 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{430399DC-98BC-4A7F-8F8E-77981CABAE05}\ARPPRODUCTICON.exe
2009-11-15 09:49 . 2009-11-15 09:49 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}\ARPPRODUCTICON.exe
2009-11-15 09:47 . 2009-11-15 09:47 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{82DF9225-13EC-41BD-BE31-AAB121B38166}\ARPPRODUCTICON.exe
2009-11-15 09:45 . 2009-11-15 09:45 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe
2009-11-15 09:42 . 2009-11-15 09:42 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}\ARPPRODUCTICON.exe
2009-11-15 09:37 . 2009-11-15 09:37 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2009-11-15 09:37 . 2009-11-15 09:37 -------- d-----w- c:\programmi\File comuni\DigiDesign
2009-11-15 09:36 . 2009-11-15 09:36 3128 ----a-r- c:\documents and settings\Roberto\Dati applicazioni\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe
2009-11-15 09:34 . 2009-11-15 09:37 -------- d-----w- c:\programmi\VstPlugins
2009-11-15 09:34 . 2009-11-15 09:34 -------- d-----w- c:\programmi\Toontrack
2009-11-15 09:30 . 2009-11-15 09:30 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Steinberg
2009-11-15 09:26 . 2005-06-04 08:09 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2009-11-15 09:26 . 2005-06-04 08:09 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2009-11-15 09:26 . 2005-06-04 08:09 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2009-11-15 09:26 . 2005-06-04 08:08 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2009-11-15 09:26 . 2005-06-04 08:08 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2009-11-15 09:26 . 2005-06-04 08:11 85504 ----a-w- c:\windows\system32\encdnet.dll
2009-11-15 09:26 . 2005-06-04 08:09 61952 ----a-w- c:\windows\system32\decdnet.dll
2009-11-15 09:26 . 2005-06-04 08:09 130560 ----a-w- c:\windows\system32\pnc3250.dll
2009-11-15 09:26 . 2005-06-04 08:09 131072 ----a-w- c:\windows\system32\pneng50.dll
2009-11-15 09:26 . 2005-06-04 08:09 352768 ----a-w- c:\windows\system32\pngu3263.dll
2009-11-15 09:25 . 2009-11-15 09:26 -------- d-----w- c:\programmi\Steinberg
2009-11-15 09:24 . 2005-05-09 19:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-11-15 09:23 . 2002-11-25 04:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-11-15 09:23 . 2002-11-25 07:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2009-11-15 09:23 . 2009-11-15 09:23 -------- d-----w- c:\programmi\Syncrosoft
2009-11-15 09:23 . 2005-10-17 08:35 704512 ----a-w- c:\windows\system32\SYNSOACC.dll
2009-11-15 09:23 . 2004-05-10 14:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2009-11-15 08:36 . 2009-11-15 09:19 -------- d-----w- c:\programmi\Power Email Recovery for Outlook Express
2009-11-15 08:28 . 2009-11-15 08:28 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-11-15 08:16 . 2008-04-13 18:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-15 08:12 . 2009-11-15 08:12 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-11-15 08:12 . 2009-11-15 08:12 -------- d-----w- C:\66df6aab58ce7bcbeb875318819378
2009-11-15 08:11 . 2009-11-15 08:12 -------- d-----w- C:\f6782808db92bd5340c8abe6abd097
2009-11-15 08:11 . 2009-11-15 08:11 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-15 08:11 . 2009-11-15 08:11 -------- d-----w- c:\windows\system32\LogFiles
2009-11-15 07:55 . 2009-11-15 07:55 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\DivX
2009-11-15 07:54 . 2008-11-06 16:37 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-15 07:54 . 2008-11-06 16:37 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-15 07:54 . 2008-11-06 16:37 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-15 07:54 . 2008-11-06 16:37 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-15 07:54 . 2008-11-06 16:37 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-15 07:54 . 2009-11-15 08:29 -------- d-----w- c:\programmi\DivX
2009-11-15 07:52 . 2008-04-13 18:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-11-14 22:26 . 2009-11-14 22:27 1962544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-14 22:26 . 2009-11-14 22:27 -------- d-----w- c:\windows\system32\Adobe
2009-11-14 22:26 . 2009-11-15 08:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-11-14 22:12 . 2009-11-14 22:12 -------- d-----w- c:\programmi\File comuni\Lame
2009-11-14 22:10 . 2001-11-30 18:05 131072 ----a-w- c:\windows\system32\dzip32.dll
2009-11-14 22:10 . 2001-11-30 18:05 110592 ----a-w- c:\windows\system32\dunzip32.dll
2009-11-14 22:10 . 2009-11-14 22:10 -------- d-----w- c:\programmi\Windows Media Bonus Pack for Windows XP
2009-11-14 22:04 . 2009-11-14 22:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-14 22:04 . 2009-11-14 22:04 152576 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-14 22:02 . 2009-11-14 22:02 79488 ----a-w- c:\documents and settings\Roberto\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-14 21:50 . 2007-05-22 09:00 516096 ----a-w- c:\windows\system32\WibuXpm4J32.dll
2009-11-14 21:50 . 2007-05-22 09:00 348160 ----a-w- c:\windows\system32\WkExt32.dll
2009-11-14 21:50 . 2007-05-22 09:00 57552 ----a-w- c:\windows\system32\WkDos.exe
2009-11-14 21:50 . 2007-05-22 09:00 479232 ----a-w- c:\windows\system32\wibuKJni.dll
2009-11-14 21:50 . 2007-05-22 09:00 16384 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2009-11-14 21:50 . 2007-05-22 09:00 72704 ----a-w- c:\windows\system32\drivers\WibuKey.sys
2009-11-14 21:50 . 2007-05-22 09:00 159744 ----a-w- c:\windows\system32\WkWin32.dll
2009-11-14 21:50 . 2009-11-14 21:50 -------- d-----w- c:\programmi\WIBUKEY
2009-11-14 21:50 . 2009-11-14 21:50 -------- d-----w- c:\programmi\WIBU-SYSTEMS
2009-11-14 21:49 . 2009-11-14 21:49 -------- d-----w- c:\programmi\QuickTime
2009-11-14 21:48 . 2009-11-14 21:48 -------- d-----w- c:\programmi\Apple Software Update
2009-11-14 21:48 . 2009-11-14 21:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-11-14 21:46 . 2009-11-14 21:46 -------- d-----w- c:\programmi\Graphisoft
2009-11-14 21:45 . 2009-11-14 22:04 -------- d-----w- c:\programmi\Java
2009-11-14 21:45 . 2009-11-14 21:45 -------- d-----w- c:\programmi\File comuni\Java
2009-11-14 21:43 . 2009-11-14 21:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-14 21:43 . 2009-11-14 21:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Socusoft
2009-11-14 21:42 . 2009-11-14 21:43 -------- d-----w- c:\programmi\DVD Photo Slideshow Professional
2009-11-14 21:39 . 2009-11-14 21:39 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-14 21:39 . 2009-11-14 21:39 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-11-14 21:31 . 2009-11-14 21:31 -------- d-----w- c:\programmi\File comuni\Skype
2009-11-14 09:58 . 2009-11-14 09:58 -------- d-----w- c:\programmi\Windows Sidebar
2009-11-14 09:58 . 2009-11-14 21:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-11-14 09:57 . 2009-11-14 09:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-11-14 09:42 . 2009-11-14 09:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-11-14 08:51 . 2009-11-14 08:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-13 17:24 . 2009-11-14 21:31 -------- d-----w- c:\programmi\Skype
2009-11-13 17:22 . 2009-11-13 17:22 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\IsolatedStorage
2009-11-13 17:22 . 2009-11-13 17:22 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\HP
2009-11-12 23:43 . 2009-11-20 19:02 -------- d-----w- c:\programmi\eMule
2009-11-12 23:37 . 2009-11-21 08:34 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2009-11-12 23:25 . 2009-11-14 08:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logishrd
2009-11-12 23:25 . 2009-11-12 23:25 -------- d-----w- c:\programmi\Logitech
2009-11-12 23:08 . 2009-11-12 23:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-12 23:08 . 2009-11-21 08:34 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2009-11-12 23:06 . 2009-11-14 21:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-11-12 22:53 . 2009-11-12 22:53 -------- d-----w- c:\programmi\File comuni\EZB Systems
2009-11-12 22:52 . 2009-11-12 22:53 -------- d-----w- c:\programmi\UltraISO
2009-11-12 22:51 . 2009-11-12 22:51 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\AdobeUM
2009-11-12 22:47 . 2009-11-12 22:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-11-12 22:47 . 2009-11-12 22:48 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Adobe
2009-11-12 22:47 . 2009-11-12 22:47 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-11-12 22:46 . 2009-11-19 20:47 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-12 22:38 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-12 22:37 . 2009-11-12 22:37 -------- d-----w- c:\programmi\Microsoft Works
2009-11-12 22:36 . 2009-11-12 22:36 -------- d-----w- c:\programmi\Microsoft.NET
2009-11-12 22:34 . 2009-11-12 22:37 -------- d-----w- c:\windows\SHELLNEW
2009-11-12 22:34 . 2009-11-12 22:34 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 08:19 . 2009-11-12 19:13 75488 ----a-w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-11-12 22:21 . 2006-03-02 12:00 63402 ----a-w- c:\windows\system32\perfc010.dat
2009-11-12 22:21 . 2006-03-02 12:00 425804 ----a-w- c:\windows\system32\perfh010.dat
2009-11-12 21:11 . 2009-11-12 18:46 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-12 21:10 . 2009-11-12 18:46 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-11-12 20:53 . 2009-11-14 18:16 182934 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1040.dat
2009-11-12 20:53 . 2009-11-12 18:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-12 19:10 . 2009-11-12 19:10 -------- d-----w- c:\programmi\Trust
2009-11-12 19:04 . 2009-11-12 19:04 -------- d-----w- c:\programmi\M-Audio
2009-11-12 19:04 . 2009-11-12 19:04 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\InstallShield
2009-11-12 19:01 . 2009-11-12 19:01 -------- d-----w- c:\programmi\Analog Devices
2009-11-12 18:58 . 2009-11-12 18:58 -------- d-----w- c:\programmi\Realtek
2009-11-12 18:52 . 2009-11-12 18:52 -------- d-----w- c:\programmi\S3
2009-11-12 18:46 . 2009-11-12 18:46 -------- d-----w- c:\programmi\Multimedia Card Reader
2009-11-12 18:34 . 2009-11-12 18:34 -------- d-----w- c:\programmi\microsoft frontpage
2009-11-12 18:32 . 2009-11-12 18:32 -------- d-----w- c:\programmi\Servizi in linea
2009-11-12 18:29 . 2009-11-12 18:29 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 05:35 . 2009-09-25 05:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:17 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-04-30 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-14 149280]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-10 176128]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-19 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54236:TCP"= 54236:TCP:Porta TPC
"21567:UDP"= 21567:UDP:Porta UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/11/2009 23.27.12 717296]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [15/11/2009 10.24.10 33792]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [12/11/2009 20.04.27 302728]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12/11/2009 19.52.45 659456]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {903CB9AF-E608-4F7B-8E3B-A4E66B9A2A05} = 151.99.125.2,151.99.125.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-Steinberg Cubase SX v3.1.1.944 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-21 09:34
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmr.sys >>UNKNOWN [0x89D94938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d05bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cf4a0d
SendHandler -> NDIS.sys @ 0xb9d08b40
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netatapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFCB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFCB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-21 09:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-21 08:38
Pre-Run: 139.844.857.856 byte disponibili
Post-Run: 140.338.618.368 byte disponibili
- - End Of File - - E85DC3AA018895C795FE19EAC225B2E3
