mi controllate questi lo per favore?


ComboFix 09-11-11.02 - Maupilio 05/03/2010 18.05.31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.533 [GMT 1:00]
Eseguito da: c:\documents and settings\Maupilio\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\QUAD Utilities
c:\programmi\webserver

.
((((((((((((((((((((((((( Files Creati Da 2010-02-05 al 2010-03-05 )))))))))))))))))))))))))))))))))))
.

2010-03-05 15:57 . 2010-03-05 15:57 -------- d-----w- c:\programmi\Trend Micro
2010-03-05 05:07 . 2010-03-05 05:07 1187 ----a-w- C:\FindyKill_Upload_Me_PACKARD-963D634.zip
2010-03-05 04:32 . 2010-03-05 05:07 -------- d-----w- C:\FyK
2010-03-05 00:00 . 2010-03-05 00:00 -------- d-----w- c:\programmi\ClearApps
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-04 23:28 . 2010-03-05 05:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-04 23:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 19:30 . 2010-03-04 19:30 -------- d-----w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Threat Expert
2010-03-04 16:58 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-04 16:58 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-04 16:58 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-04 16:58 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-04 16:58 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-04 16:58 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-04 16:58 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-04 16:58 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-04 16:58 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\programmi\Alwil Software
2010-03-04 16:58 . 2010-03-04 16:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-04 16:48 . 2010-03-05 15:33 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-04 15:56 . 2010-03-04 15:56 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267718132.exe
2010-03-04 13:50 . 2010-03-04 13:50 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267710620.exe
2010-03-04 03:19 . 2010-03-04 03:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267672752.exe
2010-03-04 03:07 . 2009-11-20 21:19 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-03-04 03:07 . 2009-11-20 21:18 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-03-04 03:07 . 2009-11-20 21:18 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-03-04 03:07 . 2010-03-04 16:34 -------- d-----w- c:\windows\rnapxs
2010-03-04 02:38 . 2010-03-04 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-04 02:30 . 2010-03-04 02:30 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267669816.exe
2010-03-04 02:14 . 2010-03-04 02:14 125952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic\UUS2\Temp\Update.exe
2010-03-04 02:10 . 2010-03-04 02:28 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-04 02:10 . 2010-03-04 02:28 215072 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 02:23 -------- d-----w- c:\programmi\File comuni\ParetoLogic
2010-03-04 01:53 . 2010-03-04 01:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ParetoLogic Anti-Virus PLUS
2010-03-04 01:36 . 2010-03-04 01:36 -------- d-----w- c:\programmi\CCleaner
2010-03-04 01:19 . 2010-03-04 01:19 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267665564.exe
2010-03-03 22:52 . 2010-03-03 22:52 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656758.exe
2010-03-03 22:42 . 2010-03-03 22:42 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267656129.exe
2010-03-03 22:33 . 2010-03-03 22:33 206848 ----a-w- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\rdr_1267655620.exe
2010-03-03 20:44 . 2010-03-03 20:44 67072 ---h--w- c:\windows\bill103.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 17:03 . 2008-11-10 17:54 94550 ----a-w- c:\windows\system32\perfc010.dat
2010-03-05 17:03 . 2008-11-10 17:54 517008 ----a-w- c:\windows\system32\perfh010.dat
2010-03-05 00:14 . 2009-03-06 17:05 93808 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-04 16:33 . 2010-03-04 12:30 62668 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-03-04 16:26 . 2008-11-10 10:35 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-04 02:29 . 2009-06-07 17:31 -------- d-----w- c:\programmi\File comuni\Panda Security
2010-03-04 02:28 . 2010-03-04 02:10 5000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-04 02:28 . 2010-03-04 02:10 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-04 02:26 . 2009-06-07 17:33 -------- d-----w- c:\documents and settings\Maupilio\Dati applicazioni\Panda Security
2010-03-01 08:13 . 2008-11-10 10:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-19 17:47 . 2009-04-27 16:51 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-31 16:50 . 2008-11-10 17:54 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2008-11-10 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-11-10 10:10 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-10 17:53 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-13 18:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 11:49 . 2009-12-08 07:54 52224 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-12-06 11:49 . 2009-12-08 07:54 114688 ----a-w- c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-08-18 817672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:GateOKO
"53:TCP"= 53:TCP:webserver

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/03/2010 17.58.29 162512]
R1 o6ko;ML Display Class Docfile Intel;c:\windows\system32\drivers\o6ko.sys [22/05/2007 9.53.35 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/03/2010 17.58.30 19024]
R2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [06/03/2009 17.49.06 24576]
R2 srvoko6;Security List Class Service Secondary OpcEnum Fonts Control;c:\windows\system32\svchost.exe -k netsvc6 [10/11/2008 18.54.01 14336]
R3 M3000Srv;WebCam;c:\windows\system32\drivers\M3000KNT.sys [06/03/2009 17.44.25 151936]
S2 gupdate1c9b33ed0c5fbb0;Servizio di Google Update (gupdate1c9b33ed0c5fbb0);c:\programmi\Google\Update\GoogleUpdate.exe [02/04/2009 3.57.50 133104]
S2 piaservice;Network Inventory Advisor Service by ClearApps Software;c:\programmi\ClearApps\Network Inventory Advisor\piaservice.exe [09/02/2010 20.09.38 617472]
S2 SSPORT;SSPORT; [x]
S2 webserver;webserver;c:\programmi\webserver\webserver.exe --> c:\programmi\webserver\webserver.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [10/11/2008 11.40.00 94608]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/03/2010 0.28.45 38224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/05/2009 8.15.40 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/05/2009 8.15.41 8320]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [28/05/2009 11.20.49 127656]
S4 SBAMSvc;SBAMSvc;"c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe" --> c:\programmi\QUAD Utilities\QUAD AntiSpyware\SBAMSvc.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvc6 REG_MULTI_SZ srvoko6

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fce33b3-0fed-11de-9bc1-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14582e27-5f6b-11de-9d82-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f08-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17c32f0b-0fea-11de-9bbe-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7efce8-7d3f-11de-9dc2-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b37c306-4aed-11de-9d1d-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a80-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67046a81-57ea-11de-9d61-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dfbb18-4aef-11de-9d1e-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d6-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cd321d9-5b2c-11de-9d71-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b4-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8209b5-24d2-11de-9c4f-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91125da8-620f-11de-9d8f-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fde-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95de5fdf-23e0-11de-9c44-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a72886-61a3-11de-9d8d-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9121836-4a26-11de-9d14-00234e154f00}]
\Shell\AutoRun\command - F:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c322-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d959c325-4a2b-11de-9d16-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f2-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d902f3-633c-11de-9d92-00234e154f00}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f237f8cf-0da1-11de-9b9a-00234e154f00}]
\Shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe92da94-4a2a-11de-9d15-00234e154f00}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-02 02:57]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006Core.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3095290957-3615762775-570238229-1006UA.job
- c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-01 12:44]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{EBA7AF35-4781-4E0E-92E0-6E4104639CA0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1701838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_Italia Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1701838&SearchSource=13
FF - component: c:\documents and settings\Maupilio\Dati applicazioni\Mozilla\Firefox\Profiles\fwvku1b2.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Maupilio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{4edd5c14-2d22-4d7a-9748-c975a7fd933b} - (no file)
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
Notify-avldr - avldr.dll
SafeBoot-PskSvcRetail



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-03-05 18.10.10
ComboFix-quarantined-files.txt 2010-03-05 17:10

Pre-Run: 53.592.195.072 byte disponibili
Post-Run: 54.204.788.736 byte disponibili

- - End Of File - - 11533E9CD8E4BA1A9B0202EA44535DCA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.13.33, on 05/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238722706296
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9b33ed0c5fbb0) (gupdate1c9b33ed0c5fbb0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Network Inventory Advisor Service by ClearApps Software (piaservice) - Unknown owner - C:\Programmi\ClearApps\Network Inventory Advisor\piaservice.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: webserver - Unknown owner - C:\Programmi\webserver\webserver.exe (file missing)

--
End of file - 8146 bytes