Ciao oh rifatto la scanzione.
la cartella in rosso: C:\Programmi\Avira\AntiVir Desktop ( non lo trovata )
ComboFix 10-03-19.08 - Juri 21/03/2010 15.38.58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1791.1234 [GMT 1:00]
Eseguito da: c:\documents and settings\Juri\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Juri\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE1C-EE8C-0012-58EF-120000000000}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\Alwil Software
c:\documents and settings\Juri\Dati applicazioni\Search Settings
c:\documents and settings\Juri\Dati applicazioni\Search Settings\kb130\temp\ws-14685.log
c:\documents and settings\Juri\Dati applicazioni\Search Settings\kb130\temp\ws-14686.log
c:\documents and settings\Juri\Dati applicazioni\Search Settings\kb130\temp\ws-14687.log
c:\documents and settings\Juri\Dati applicazioni\Search Settings\kb130\temp\ws-14688.log
c:\programmi\Alwil Software
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ivazbm
-------\Service_mmug
-------\Service_pnvfej
((((((((((((((((((((((((( Files Creati Da 2010-02-21 al 2010-03-21 )))))))))))))))))))))))))))))))))))
.
2010-03-20 22:24 . 2010-03-20 22:24 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-20 22:24 . 2010-03-20 22:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-20 22:24 . 2010-03-20 22:24 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-20 22:24 . 2010-03-20 22:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-20 22:24 . 2010-03-20 22:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-20 22:24 . 2010-03-20 22:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-03-19 22:30 . 2010-03-19 22:30 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\Application Updater
2010-03-13 23:33 . 2010-03-13 23:33 -------- d--h--w- c:\windows\PIF
2010-03-12 13:08 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-25 18:52 . 2010-02-25 18:52 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-02-25 18:52 . 2010-02-25 18:52 -------- d-----w- c:\programmi\Application Updater
2010-02-22 01:29 . 2009-12-24 18:57 73728 ----a-w- c:\windows\system\vdremote.dll
2010-02-22 01:29 . 2009-12-24 18:56 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 14:44 . 2008-11-29 18:57 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-21 13:25 . 2008-11-13 14:36 1 ----a-w- c:\documents and settings\Juri\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-20 22:19 . 2008-11-16 14:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-20 20:42 . 2009-06-28 23:09 -------- d-----w- c:\programmi\SpywareBlaster
2010-03-20 14:57 . 2008-11-21 20:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\eBay
2010-03-20 14:57 . 2008-11-21 13:53 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\eBay
2010-03-20 14:57 . 2008-11-21 13:52 -------- d-----w- c:\programmi\eBay
2010-03-20 14:57 . 2008-11-13 14:17 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-20 01:36 . 2010-02-08 23:29 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\uTorrent
2010-03-14 01:34 . 2008-11-23 15:38 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\VSO
2010-03-12 20:32 . 2010-02-08 23:30 -------- d-----w- c:\programmi\uTorrent
2010-03-06 14:07 . 2008-11-26 13:53 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\dvdcss
2010-02-22 01:26 . 2009-11-01 20:48 -------- d-----w- c:\programmi\JLC's Software
2010-02-22 01:26 . 2009-06-21 13:00 -------- d-----w- c:\documents and settings\Juri\Dati applicazioni\JLC's Software
2010-02-04 19:27 . 2008-11-13 14:21 -------- d-----w- c:\programmi\Google
2010-02-02 15:13 . 2010-02-02 15:13 -------- d-----w- c:\programmi\AVG
2010-02-02 14:21 . 2009-10-16 09:45 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-01-21 13:10 . 2009-09-08 14:22 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-19 13:29 . 2009-10-16 09:45 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-01-19 13:29 . 2009-10-16 09:45 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-01-19 13:29 . 2009-10-16 09:45 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-01-19 13:29 . 2009-10-16 09:46 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-19 13:29 . 2009-10-16 09:45 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-01-19 13:29 . 2009-10-16 09:46 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-08 19:18 . 2009-12-07 12:15 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-11-20 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-20 22:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:53 . 2008-04-13 17:13 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2008-04-13 17:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2008-04-13 17:13 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.
------- Sigcheck -------
[-] 2008-06-24 . 671FFF7D9EB2E7CE43A44AF96480EEA0 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((
SnapShot@2010-03-20_23.41.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-21 14:43 . 2010-03-21 14:43 16384 c:\windows\temp\Perflib_Perfdata_3c0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-19 3168216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Juri\Menu Avvio\Programmi\Esecuzione automatica\
hott notes 4.lnk - c:\programmi\hott notes 4\hottnotes.exe [2007-5-16 1249280]
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NETGEAR WG111v3 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
Sitecom Wireless Utility.lnk - c:\programmi\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe [2009-3-6 909312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-20 22:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DWSHIELD00002070.SYS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Juri\\desktop\\utorrent.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/03/2010 23.24.52 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/03/2010 23.24.57 242696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [16/10/2009 10.46.12 233136]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [08/01/2010 0.51.02 380928]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [20/03/2010 23.24.35 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [20/03/2010 23.24.34 308064]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [16/10/2009 10.46.14 88040]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [16/11/2008 12.20.32 100728]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [16/10/2009 10.45.39 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [16/10/2009 10.45.39 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [16/10/2009 10.45.37 115216]
S2 gupdate1c99e8227483330;Servizio di Google Update (gupdate1c99e8227483330);c:\programmi\Google\Update\GoogleUpdate.exe [06/03/2009 18.36.31 133104]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [16/10/2009 10.45.39 32680]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14.11.54 224896]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [13/11/2008 14.08.29 18048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-06 17:35]
2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-06 17:35]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.tele2.it/redirect/startpage/adsl/ita
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {3B42B8C2-241E-47FB-ACDB-834108C4E9EC} = 193.12.150.2
FF - ProfilePath - c:\documents and settings\Juri\Dati applicazioni\Mozilla\Firefox\Profiles\cv7bjz2r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.wikipedia.org/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Juri\Dati applicazioni\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\bgsvcgen.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\programmi\Photodex\ProShowProducer\ScsiAccess.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\cryptainersrv.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-21 15:47:01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-21 14:46
ComboFix2.txt 2010-03-20 23:42
Pre-Run: 66.013.229.056 byte disponibili
Post-Run: 65.904.181.248 byte disponibili
- - End Of File - - 3BD7934761647F03689A648D3A16E315
