ciao a tutti ,ultimanente navigando su internet mi si aprivano all'improvviso pagine intere di ogni tipo....così ho provato combofix ,visto che sia l'antivirus che l'antispyware non avevano rivelato niente ...ora allego il report proprio di combifix ,per qualcuno sicuramente + esperto di me ,che possa aiutarmi ad interpretare meglio il lavoro fatto dal programma stesso .Saluti, Loafel.
ComboFix 08-05-01.3 - loafel 2008-05-06 18.38.08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.437 [GMT 2:00]
Eseguito da: C:\Documents and Settings\loafel\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
C:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
C:\Documents and Settings\loafel\Dati applicazioni\inst.exe
c:\Documents and Settings\loafel\Impostazioni locali\Dati applicazioni\wihwxrg.dat
C:\Documents and Settings\loafel\Impostazioni locali\Dati applicazioni\wihwxrg.exe
c:\Documents and Settings\loafel\Impostazioni locali\Dati applicazioni\wihwxrg_nav.dat
c:\Documents and Settings\loafel\Impostazioni locali\Dati applicazioni\wihwxrg_navps.dat
C:\Programmi\webmediaplayer
C:\Programmi\webmediaplayer\resources\languages_v2.xml
C:\Programmi\webmediaplayer\resources\webmedias
C:\Programmi\webmediaplayer\skins\classic.skn
C:\Programmi\webmediaplayer\sqlite3.dll
C:\Programmi\webmediaplayer\uninst.exe
C:\WINDOWS\system32\EgPYaccf.ini
C:\WINDOWS\system32\EgPYaccf.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\systeminfo3.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-04-06 al 2008-05-06 )))))))))))))))))))))))))))))))))))
.
2008-05-05 19:02 . 2008-05-05 19:02 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-05 19:02 . 2008-05-05 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-01 18:05 . 2008-05-05 10:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 18:05 . 2008-05-01 18:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-01 12:46 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-01 12:46 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-01 12:46 . 2007-03-08 07:11 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-01 12:46 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-01 12:46 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-01 12:46 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-01 12:46 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-01 12:46 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-01 12:46 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-01 00:26 . 2008-05-01 00:26 <DIR> d-------- C:\Programmi\Active CPU
2008-05-01 00:26 . 1999-12-17 10:13 49,664 --a------ C:\WINDOWS\unvise32.exe
2008-04-29 20:47 . 2008-04-29 20:59 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-28 22:05 . 2008-04-28 22:05 <DIR> d-------- C:\Programmi\IObit
2008-04-27 10:42 . 2008-04-27 10:42 <DIR> d-------- C:\CloneDVDTemp
2008-04-25 13:04 . 2008-05-04 11:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-25 10:21 . 2008-04-25 10:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-25 10:21 . 2008-04-25 10:21 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-25 10:21 . 2008-04-25 10:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-25 10:20 . 2008-05-06 13:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-25 10:20 . 2008-04-25 10:20 <DIR> d-------- C:\Programmi\AVG
2008-04-25 10:20 . 2008-04-25 22:17 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\AVGTOOLBAR
2008-04-25 10:20 . 2008-04-25 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-04-24 23:25 . 2008-04-24 23:25 20 --a------ C:\WINDOWS\Epscan2.INI
2008-04-24 23:16 . 2008-04-24 23:16 <DIR> d-------- C:\Programmi\XPC Tools
2008-04-24 23:04 . 2008-04-24 23:04 <DIR> d-------- C:\EPSON
2008-04-24 16:53 . 2008-04-24 16:53 268 --ah----- C:\sqmdata00.sqm
2008-04-24 16:53 . 2008-04-24 16:53 244 --ah----- C:\sqmnoopt00.sqm
2008-04-23 18:58 . 2008-05-06 17:48 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\SiteAdvisor
2008-04-23 18:58 . 2008-04-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SiteAdvisor
2008-04-23 18:58 . 2008-04-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-04-22 13:38 . 2008-04-23 14:27 23 --a------ C:\WINDOWS\VI20.set
2008-04-22 13:37 . 2008-04-23 14:24 7,458 --a------ C:\1.bmp
2008-04-22 13:08 . 2008-04-22 13:08 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\ArcSoft
2008-04-22 13:07 . 2008-04-22 13:07 <DIR> d-------- C:\Programmi\File comuni\ArcSoft
2008-04-22 13:07 . 2008-04-22 13:07 <DIR> d-------- C:\Programmi\ArcSoft
2008-04-22 13:07 . 2005-04-27 16:36 245,408 -ra------ C:\WINDOWS\system32\unicows.dll
2008-04-22 13:07 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-22 13:07 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-22 11:49 . 2008-04-28 16:50 40,000 --a------ C:\WINDOWS\system32\muzika.xm
2008-04-21 22:45 . 2008-04-21 22:45 <DIR> d-------- C:\Programmi\Windows Defender
2008-04-21 21:16 . 2008-04-21 21:16 <DIR> d-------- C:\WINDOWS\EPSON PhotoStarter Essential
2008-04-21 21:16 . 2008-04-21 21:16 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2008-04-21 21:05 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-04-21 21:05 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll
2008-04-21 21:05 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-04-21 14:07 . 2008-04-21 14:07 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 14:07 . 2008-04-21 14:07 <DIR> d-------- C:\TEMP\berDrv11
2008-04-21 14:05 . 2008-05-01 22:28 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-21 14:03 . 2008-04-21 14:03 <DIR> d-------- C:\Programmi\Online_TV
2008-04-21 13:13 . 2008-04-21 13:13 <DIR> d-------- C:\Programmi\MultiMedia Italy Toolbar
2008-04-21 13:13 . 2008-04-21 15:10 <DIR> d-------- C:\Programmi\Multi_Media_Italy
2008-04-19 16:01 . 2008-04-19 16:01 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-04-19 15:57 . 2008-04-19 15:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-19 15:57 . 2008-04-19 15:58 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-18 13:16 . 2008-04-18 13:16 <DIR> d-------- C:\WINDOWS\Sun
2008-04-17 23:11 . 2008-04-17 23:11 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-04-16 22:07 . 2008-04-16 22:07 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\CDBurnerXP_Soft
2008-04-16 22:01 . 2008-05-01 12:46 <DIR> d-------- C:\WINDOWS\system32\it-IT
2008-04-16 22:00 . 2008-04-16 22:00 <DIR> d-------- C:\Programmi\MSBuild
2008-04-16 21:56 . 2008-04-17 23:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-16 21:55 . 2008-04-16 21:55 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-04-16 21:55 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-16 20:42 . 2008-04-22 20:49 4,363 --a------ C:\WINDOWS\system32\EPPICResdb0000
2008-04-16 20:42 . 2008-04-22 20:49 115 --a------ C:\WINDOWS\system32\EPPICResdb
2008-04-15 13:55 . 2008-04-15 13:55 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-14 22:24 . 2008-04-14 22:24 13,758 --a------ C:\WINDOWS\EPISMI00.SWB
2008-04-14 19:36 . 2008-04-14 19:43 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\MailWasherPro
2008-04-13 22:44 . 2008-04-19 14:04 81,920 --a------ C:\Documents and Settings\loafel\Dati applicazioni\ezpinst.exe
2008-04-13 22:04 . 2008-04-21 14:07 <DIR> d-------- C:\TEMP
2008-04-13 22:04 . 2008-04-13 22:04 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-04-13 22:04 . 2008-04-13 22:04 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-04-13 22:04 . 2008-04-13 22:04 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2008-04-13 22:04 . 2008-04-13 22:04 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2008-04-13 17:20 . 2008-04-13 17:20 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-04-13 16:33 . 2008-04-13 16:33 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\Thunderbird
2008-04-13 14:41 . 2008-04-13 14:41 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\Template
2008-04-13 14:35 . 2008-04-28 21:14 310 --a------ C:\Documents and Settings\loafel\Dati applicazioni\wklnhst.dat
2008-04-12 16:12 . 2008-04-12 16:12 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\Ahead
2008-04-12 16:09 . 2008-04-27 13:00 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\Cyberlink
2008-04-12 16:06 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-12 16:06 . 2008-04-12 16:06 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-12 16:05 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-12 16:05 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-12 16:05 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-12 16:05 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-12 16:05 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-12 16:04 . 2008-04-12 16:04 <DIR> d-------- C:\WINDOWS\InCD
2008-04-12 16:04 . 2008-04-12 16:05 <DIR> d-------- C:\Programmi\File comuni\Ahead
2008-04-12 16:04 . 2008-04-12 16:06 <DIR> d-------- C:\Programmi\Ahead
2008-04-12 16:04 . 2004-04-06 17:36 1,798,144 --------- C:\WINDOWS\NuNinst.exe
2008-04-12 16:04 . 2004-04-06 19:39 89,472 --a------ C:\WINDOWS\system32\drivers\incdfs.sys
2008-04-12 16:04 . 2004-04-29 10:54 47,603 --------- C:\WINDOWS\NuNinst.cfg
2008-04-12 16:04 . 2004-04-06 19:40 25,600 --a------ C:\WINDOWS\system32\drivers\incdpass.sys
2008-04-12 16:04 . 2004-04-06 19:43 5,504 --a------ C:\WINDOWS\system32\drivers\incdrec.sys
2008-04-12 16:03 . 2003-12-05 11:46 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-04-12 16:01 . 2008-04-12 16:01 <DIR> d-------- C:\Programmi\CyberLink
2008-04-12 16:01 . 2008-04-12 20:06 <DIR> d-------- C:\ppwork
2008-04-12 16:01 . 2008-04-12 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2008-04-12 16:00 . 2008-04-12 16:02 <DIR> d-------- C:\Programmi\CyberLink DVD Solution
2008-04-12 16:00 . 2004-03-11 13:27 40,960 --a------ C:\Programmi\Uninstall_CDS.exe
2008-04-12 15:48 . 2008-04-12 15:51 <DIR> d-------- C:\Programmi\Microsoft Works
2008-04-12 14:59 . 2008-04-12 14:59 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\FinalBurner Video DVD
2008-04-12 14:56 . 2008-04-12 14:56 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\FinalBurner DATA
2008-04-12 14:45 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-04-12 14:44 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-04-12 14:44 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-04-12 14:43 . 2000-05-22 05:00 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-04-12 14:43 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-04-12 14:43 . 2000-05-22 16:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-04-12 14:43 . 2002-01-05 17:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-04-12 14:43 . 1999-05-06 23:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-04-12 14:43 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-04-12 14:06 . 2008-04-12 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\UDL
2008-04-12 14:05 . 2003-07-02 01:00 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2008-04-12 12:54 . 2008-04-12 12:54 <DIR> d-------- C:\Converted Videos
2008-04-12 12:54 . 2005-08-27 03:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-04-12 12:16 . 2008-05-06 15:40 <DIR> d-------- C:\Programmi\eMule
2008-04-12 12:03 . 2008-04-25 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\dybyzobi
2008-04-12 11:33 . 2008-04-19 14:04 <DIR> d-------- C:\Documents and Settings\loafel\Dati applicazioni\Vso
2008-04-12 11:33 . 2008-04-12 11:33 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-12 11:33 . 2008-04-19 14:04 47,360 --a------ C:\Documents and Settings\loafel\Dati applicazioni\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 21:29 1,723,392 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-05-04 16:28 342,016 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-04 16:28 1,786,368 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-03 21:17 2,464,256 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-30 22:34 1,490,944 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-27 21:51 2,861,056 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-25 08:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-04-23 18:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-21 12:17 --------- d-----w C:\Documents and Settings\loafel\Dati applicazioni\Apple Computer
2008-04-09 20:13 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-08 21:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-04-08 19:58 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\IM
2008-04-08 19:57 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
2008-04-08 19:54 --------- d-----w C:\Programmi\File comuni\Adobe
2008-04-08 19:46 --------- d-----w C:\Programmi\QuickTime
2008-04-08 19:46 --------- d-----w C:\Programmi\Bonjour
2008-04-08 19:46 --------- d-----w C:\Programmi\Apple Software Update
2008-04-08 19:45 --------- d-----w C:\Programmi\File comuni\Apple
2008-04-08 19:45 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-04-08 19:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-08 19:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-08 18:52 155,995 ----a-w C:\WINDOWS\java\Packages\LJV5NN5R.ZIP
2008-04-08 18:52 --------- d-----w C:\Programmi\Motive
2008-04-08 18:52 --------- d-----w C:\Programmi\Common Files
2008-04-08 18:52 --------- d-----w C:\Programmi\Alice ti aiuta
2008-04-08 18:51 --------- d-----w C:\Programmi\Telecom Italia
2008-04-08 18:28 --------- d-----w C:\Programmi\CONEXANT
2008-04-08 18:05 --------- d-----w C:\Programmi\microsoft frontpage
2008-04-08 18:04 --------- d-----w C:\Programmi\Java
2008-04-08 18:04 --------- d-----w C:\Programmi\File comuni\Java
2008-04-08 18:01 --------- d-----w C:\Programmi\Servizi in linea
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-25 10:20 2050816 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-04-25 10:20 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-04-25 10:20 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"IncrediMail"="C:\Programmi\IncrediMail\bin\IncMail.exe" [2008-04-03 09:56 243072]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PowerBar"="C:\Programmi\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26 86016]
"DriverUpdaterPro"="C:\Programmi\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe" [2008-04-08 20:04 32881]
"SoundMan"="SOUNDMAN.EXE" [2004-04-28 16:19 66048 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-28 11:57 5529600]
"nwiz"="nwiz.exe" [2005-01-28 11:57 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-01-28 11:57 86016]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"EPSON Stylus CX3600 Series (Copia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"RemoteControl"="C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2004-04-06 19:36 1298542]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"EPSON Stylus CX3650"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-25 10:20 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"FyaRgHhnTc"= C:\Documents and Settings\All Users\Dati applicazioni\dybyzobi\dqjadqva.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOfcAp]
byXOfcAp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-25 10:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-25 10:20]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-25 10:20]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-25 10:21]
S3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 10:26]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-30 21:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-06 16:46:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-06 18:43:42
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
folder error: C:\DOCUME~1\loafel\IMPOST~1\Temp\
Scansione completata con successo
Files nascosti: 19
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Ahead\InCD\incdsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\IncrediMail\bin\ImApp.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-06 18:49:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 16:49:52
12 Directory 143,780,724,736 byte disponibili
16 Directory 143,781,806,080 byte disponibili
303 --- E O F --- 2008-05-03 10:39:37