Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

log combo amico Opzioni
fdaccc
Inviato: Saturday, April 10, 2010 3:05:32 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
salve, questo log di combofix non mi convince molto.
R16, che ne dici, ci vuole uno script?

ComboFix 10-04-09.06 - Metallo 10/04/2010 13.56.50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1129 [GMT 2:00]
Eseguito da: c:\documents and settings\Metallo\Documenti\Download\ComboFix.exe
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-10 al 2010-04-10 )))))))))))))))))))))))))))))))))))
.

2010-04-09 18:59 . 2010-04-09 18:59 -------- d-----w- c:\programmi\Sophos
2010-04-09 17:42 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-09 17:41 . 2010-04-09 17:41 -------- d-----w- c:\programmi\Panda Security
2010-04-09 11:55 . 2010-04-09 11:55 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity
2010-04-09 10:40 . 2010-04-09 10:40 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Nero
2010-04-09 10:38 . 2010-04-09 10:39 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Nero
2010-04-08 19:44 . 2010-04-08 19:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 11:20 . 2010-04-08 11:20 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 11:19 . 2010-04-08 11:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-08 11:19 . 2010-04-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:03 . 2010-04-08 11:03 -------- d-----w- c:\programmi\MSXML 4.0
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\programmi\Cakewalk
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-04-07 23:43 . 2010-04-07 23:43 -------- d-----w- c:\programmi\ASIO4ALL v2
2010-04-07 23:42 . 2010-04-08 00:37 -------- d-----w- c:\programmi\VstPlugins
2010-04-07 23:42 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-07 23:42 . 2010-04-07 23:42 -------- d-----w- c:\programmi\Outsim
2010-04-07 23:40 . 2010-04-07 23:43 -------- d-----w- c:\programmi\Image-Line
2010-04-07 23:06 . 2010-04-08 11:15 -------- d-----w- c:\documents and settings\Metallo\Tracing
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Microsoft
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-07 23:02 . 2010-04-07 23:03 -------- d-----w- c:\programmi\Windows Live
2010-04-07 22:44 . 2010-04-07 22:44 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-07 22:08 . 2010-04-07 22:19 -------- d-----w- c:\programmi\Nero
2010-04-07 22:08 . 2010-04-07 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-04-07 22:08 . 2010-04-07 22:16 -------- d-----w- c:\programmi\File comuni\Nero
2010-04-07 15:09 . 2010-04-07 15:09 52224 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 15:09 . 2010-04-07 15:09 117760 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-06 20:54 . 2010-02-25 10:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-06 20:54 . 2010-02-25 09:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-06 20:54 . 2010-04-06 20:54 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\TuneUp Software
2010-04-06 20:53 . 2010-04-06 20:54 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-04-06 20:53 . 2010-04-06 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-04-06 20:51 . 2010-04-06 20:51 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-06 10:47 . 2010-04-06 10:47 -------- d-----w- c:\programmi\SEGA
2010-04-05 22:26 . 2010-04-05 22:26 -------- d-----w- c:\windows\Sun
2010-04-05 11:54 . 2008-04-13 09:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-04 19:50 . 2010-04-04 19:50 50354 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\uninstall.exe
2010-04-04 19:50 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Facebook
2010-04-04 17:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-04 17:03 . 2010-04-05 22:45 138880 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-04 16:20 . 2010-04-04 16:20 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-04 15:41 . 2010-04-04 17:45 -------- d-----w- c:\programmi\Thief - Deadly Shadows
2010-04-03 23:32 . 2010-04-03 23:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-04-03 23:00 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 22:50 . 2010-04-03 22:50 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 15:54 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 14:17 . 2010-04-03 14:17 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Activision
2010-04-03 13:32 . 2010-04-03 13:32 -------- d-----w- c:\programmi\Activision
2010-04-03 13:30 . 2010-04-03 13:30 -------- d-sh--w- c:\windows\ftpcache
2010-04-03 13:18 . 2010-04-03 13:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 13:18 . 2010-04-03 13:18 -------- d-----w- c:\programmi\OpenAL
2010-04-03 13:18 . 2010-04-03 13:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 13:00 . 2010-04-04 19:46 -------- d-----w- c:\programmi\I'm Not Alone
2010-04-03 12:13 . 2010-04-03 12:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-04-03 12:11 . 2010-04-03 12:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 12:09 . 2010-04-03 13:30 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\DAEMON Tools Lite
2010-04-03 12:09 . 2010-04-03 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-04-03 11:11 . 2010-04-03 11:11 -------- d-sh--w- c:\documents and settings\Metallo\PrivacIE
2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\programmi\CCleaner
2010-04-03 11:05 . 2010-04-03 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\windows\system32\Lang
2010-04-03 04:37 . 2010-04-03 04:37 -------- d-sh--w- c:\documents and settings\Metallo\IETldCache
2010-04-03 04:27 . 2010-04-03 04:27 -------- d-----w- c:\windows\system32\RTCOM
2010-04-03 04:01 . 2010-04-08 03:32 -------- d-----w- c:\programmi\JDownloader
2010-04-03 04:01 . 2010-04-03 04:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 04:00 . 2010-04-03 04:00 -------- d-----w- c:\programmi\Java
2010-04-03 04:00 . 2010-04-03 04:00 152576 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2010-04-03 03:24 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 03:24 . 2010-02-25 06:16 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 03:24 . 2010-02-25 06:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 03:24 . 2010-02-25 09:46 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-03 03:24 . 2010-02-25 06:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 03:24 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 03:24 . 2010-04-04 01:02 -------- d-----w- c:\windows\ie8updates
2010-04-03 03:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 03:22 . 2010-04-03 03:24 -------- dc-h--w- c:\windows\ie8
2010-04-03 03:21 . 2010-04-03 03:21 0 ----a-w- c:\windows\nsreg.dat
2010-04-03 03:21 . 2010-04-03 03:21 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-03 03:17 . 2010-04-03 03:17 -------- d-----w- c:\windows\Logs
2010-04-03 03:08 . 2010-04-03 03:08 -------- d-----w- c:\programmi\ATI
2010-04-03 03:07 . 2010-04-03 03:07 -------- d-----w- C:\ATI
2010-04-03 02:52 . 2010-04-03 02:52 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\KRX
2010-04-03 02:52 . 2010-04-08 10:58 13304 ----a-w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 02:44 . 2010-04-03 02:45 -------- d-----w- C:\32cd1ce6810e9b04986218
2010-04-03 02:44 . 2010-04-03 02:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\MSBuild
2010-04-03 02:29 . 2010-04-03 02:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 02:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 02:29 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 02:16 . 2009-03-10 20:26 1437568 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 02:16 . 2009-03-10 20:18 454016 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 12:08 . 2010-04-03 00:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-08 14:39 . 2008-04-13 09:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-08 11:45 . 2010-04-03 01:14 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\uTorrent
2010-04-06 21:05 . 2004-08-19 11:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-06 10:47 . 2010-04-03 00:51 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 22:18 . 2010-04-02 23:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 04:38 . 2004-08-19 11:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 04:38 . 2004-08-19 11:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 04:26 . 2010-04-03 04:26 -------- d-----w- c:\programmi\Realtek
2010-04-03 04:25 . 2010-04-03 00:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-03 01:36 . 2010-04-03 01:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-04-03 01:18 . 2010-04-03 01:18 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\AskToolbar
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\Ask.com
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\uTorrent
2010-04-03 00:39 . 2010-04-03 00:39 10134 ----a-r- c:\documents and settings\Metallo\Dati applicazioni\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-03 00:37 . 2010-04-03 00:36 -------- d-----w- c:\programmi\Driver Cleaner Pro
2010-04-03 00:14 . 2010-04-03 00:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-03 00:11 . 2010-04-03 00:11 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-03 00:11 . 2010-04-03 00:11 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-03 00:11 . 2010-04-03 00:11 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-03 00:11 . 2010-04-03 00:11 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-03 00:11 . 2010-04-03 00:11 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-03 00:06 . 2010-04-03 00:06 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-03 00:06 . 2010-04-03 00:06 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\File comuni\InfoWatch
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\Kaspersky Lab
2010-04-03 00:04 . 2010-04-03 00:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-04-02 23:31 . 2010-04-02 23:31 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-02 23:30 . 2010-04-02 23:30 -------- d-----w- c:\programmi\Servizi in linea
2010-04-02 23:28 . 2010-04-02 23:28 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 16:21 . 2010-04-03 04:26 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-26 16:01 . 2010-04-03 04:26 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-26 16:01 . 2010-04-03 04:26 358944 ----a-w- c:\windows\vncutil.exe
2010-03-26 16:01 . 2010-04-03 04:26 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-26 16:01 . 2010-04-03 04:26 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-26 16:01 . 2010-04-03 04:26 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-26 16:01 . 2010-04-03 04:26 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-26 16:01 . 2010-04-03 04:26 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-26 16:01 . 2010-04-03 04:26 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-22 12:22 . 2010-04-03 04:26 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-03-03 04:21 . 2010-04-03 00:14 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-04-03 00:52 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-04-03 00:14 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2010-04-03 00:14 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-04-03 00:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2010-04-03 00:14 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2010-04-03 00:14 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2007-12-21 02:59 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2010-04-03 00:14 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2007-12-21 02:59 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-04-03 00:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-04-03 00:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2007-12-21 02:59 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2007-12-21 02:59 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2010-04-03 00:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2007-12-21 02:57 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2007-12-21 02:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-03 00:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2010-04-03 00:14 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-04-03 00:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2007-12-21 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-04-03 00:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2010-04-03 00:14 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2007-12-21 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-25 19:55 . 2010-04-03 00:52 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:16 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-12 10:50 . 2010-02-12 10:50 64048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Italian\setup.exe
2010-02-04 08:01 . 2010-04-03 03:19 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-03 03:19 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-01 09:43 1197448 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"muBlinder"="c:\documents and settings\Metallo\Desktop\muBlinder.exe" [2010-03-28 1462784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [03/04/2010 2.05.47 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/04/2010 19.42.19 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/04/2010 14.11.13 691696]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [03/04/2010 2.05.49 39352]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 11.57.22 1047880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10.18.08 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/04/2010 6.26.36 1691480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\102.tmp --> c:\windows\system32\102.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-03-01 09:43]

2010-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Metallo\Dati applicazioni\Mozilla\Firefox\Profiles\bcwzse2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88C4CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7333cb8
\Driver\atapi -> atapi.sys @ 0xf72b4b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf71bdbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71aca0d
SendHandler -> NDIS.sys @ 0xf71c0b40
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\102.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\WININET.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-10 14:14:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-10 12:14

Pre-Run: 42.779.074.560 byte disponibili
Post-Run: 43.036.573.696 byte disponibili

- - End Of File - - 1E3A7AC58890F1BD7FCDE37106DDAE67
Sponsor
Inviato: Saturday, April 10, 2010 3:05:32 PM

 
r16
Inviato: Saturday, April 10, 2010 3:33:39 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\programmi\Ask.com\GenericAskToolbar.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\programmi\Ask.com\UpdateTask.exe

Folder::
c:\documents and settings\Metallo\Dati applicazioni\AskToolbar
c:\programmi\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Fai un controllo del MBR:
Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
http://www2.gmer.net/mbr/mbr.exe
Avvia il Pc in modalità provvisoria

Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.