Questo è il log, pero' non mi sembra che abbia scansionato anche "G":
ComboFix 09-01-08.05 - Alessandro 2009-01-09 21:20:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1536.1152 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-12-09 al 2009-01-09 )))))))))))))))))))))))))))))))))))
.
2009-01-03 19:56 . 2009-01-03 19:56 <DIR> d-------- c:\programmi\Bit Che
2009-01-03 19:56 . 2009-01-03 19:56 <DIR> d-------- c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Convivea
2009-01-03 19:56 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
2008-12-30 16:39 . 2008-12-30 16:39 0 --ah----- c:\windows\SwSys2.bmp
2008-12-30 16:39 . 2008-12-30 16:39 0 --ah----- c:\windows\SwSys1.bmp
2008-12-30 16:36 . 2009-01-05 13:13 <DIR> d-------- c:\programmi\Midway Home Entertainment
2008-12-24 14:17 . 2008-12-26 16:21 <DIR> d-------- c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Software Informer
2008-12-12 09:26 . 2008-10-03 11:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 12:50 . 2008-12-09 12:51 <DIR> d-------- c:\programmi\KeyScrambler
2008-12-09 12:50 . 2008-03-22 22:37 113,896 --a------ c:\windows\system32\drivers\keyscrambler.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 20:18 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TEMP
2009-01-06 08:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-01-06 08:31 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-05 11:09 --------- d-----w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\uTorrent
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-27 10:26 --------- d-----w c:\programmi\Trend Micro
2008-12-24 12:40 --------- d-----w c:\programmi\IObit
2008-12-24 12:40 --------- d-----w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\IObit
2008-11-27 09:55 --------- d-----w c:\programmi\CCleaner
2008-11-18 12:24 --------- d-----w c:\programmi\IncrediMail
2008-11-17 16:16 --------- d-----w c:\programmi\Java
2008-11-11 08:23 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 668,672 ----a-w c:\windows\system32\wininet.dll
2008-08-15 09:04 560 ----a-w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\ViewerApp.dat
2008-03-06 14:09 47,360 ----a-w c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2008-11-09 243072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\programmi\KeyScrambler\getting_started.html" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HDDlife HDD Access service"=3 (0x3)
"aawservice"=2 (0x2)
"a2free"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15836:TCP"= 15836:TCP:BitComet 15836 TCP
"15836:UDP"= 15836:UDP:BitComet 15836 UDP
"9258:TCP"= 9258:TCP:BitComet 9258 TCP
"9258:UDP"= 9258:UDP:BitComet 9258 UDP
"15113:TCP"= 15113:TCP:BitComet 15113 TCP
"15113:UDP"= 15113:UDP:BitComet 15113 UDP
"20852:TCP"= 20852:TCP:BitComet 20852 TCP
"20852:UDP"= 20852:UDP:BitComet 20852 UDP
"9450:TCP"= 9450:TCP:BitComet 9450 TCP
"9450:UDP"= 9450:UDP:BitComet 9450 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 111184]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-08-17 160792]
R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-08-17 58136]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-09 113896]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-01 20560]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S4 HDDlife HDD Access service;HDDlife HDD Access service;c:\programmi\File comuni\BinarySense\hldasvc.exe [2007-08-09 816376]
.
- - - - ORFÃOS REMOVIDOS - - - -
Notify-WgaLogon - (no file)
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://mystart.incredimail.com/italian
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\programmi\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programmi\BinarySense\HDDlife 3\hlAPP.dll
FF - ProfilePath - c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Mozilla\Firefox\Profiles\3al5ku7g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT556636&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Italiano)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=HWFSSep08FFAB&search=
FF - component: c:\documents and settings\Alessandro.CASA-VCDQL29AJ7\Dati applicazioni\Mozilla\Firefox\Profiles\3al5ku7g.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-09 21:21:37
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-602162358-920026266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODI02.01.01.01PRO"="1C94F5825323B75A5184B728A923954CCB49E8D5BB056B1DA588B49F85AFE68478337A516A2580A6A4C38F201E432914DB0B56FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC79338EDD5E5BE2F6E6672DD92010476E2A60D28526D3A6C85545A466662A99CBE5ADE17AC6CD36F89D07A72D2B89A79AAE8026463DEAAA570819E29BC4379892388A09200A400219D9FBCFB64E7BD7280E84E95ED36EA735937F882770ED63985D3670003929BE7345CD154B350619F8480F564524CCF6FAD77AB9C456A80C4936ADC03A136D5765E3964A0E0DBB4E81A0F607466EE6944FF83C7A036635472367A18AC1576ADA637A2328788A2600499C477E7FF611A270602DB2C696D47137D976BEE0CD6CFBF314F6C8DAE341D96C893E1E640595E4AF3868B2475EBE072EBBC3B434BEB81333FD452BD5527CAB9CF4CDAFBA642FC5F0F1BC2A113B9C2ABF7ED6A5ACF70698CE4BF8355E953D691CB21DE09DE41150AFC0AF2F042D8CA1BB55B0B10F4C7E2C0BD2AF2B3FEFD92BC45A07407C596036F89DF53AD239A05504BB85D9F210C192BFAC3A3B95A89EAC824698431A9AB3CD6C45FDA985E8DDD30FEC3E05C79DE130D7381EF154094B4E541696418C049A0DC036653EF747BFCFE5EA76FE4BD1E791529716C53F619592512C75783E741693BDB4809DDAE5349FA97BFEF2928FCB6543B08E0C710324A29EAFE087EFD098A1434AD55231D89BBB89275CF5093B007D50ADA800D9C692CA7A0E37F332FE8D1BBFC22247D1B9CD434DB9C7FC6A3F65D1B5FC3BC2B704F27AB4F38AA46D6C51883AADD44FEA2415764FC62DE34589537D43D0CDD6A11B47C332D4A1E75A0735984B5F1121F9B9AC3D7C22AC67018A95BEDB1F212303EF08616968F66D0A44FD9B21F0AD53D39EC9A059E41CAB55B9EA78F622A3F397E6A22EE7AAB9C8DD1AE306FA3D38E5A07B91CD7A6D82354F8E06B19E577CF7F1EB75A8CD594BF40E8594F030E3ED395AFB1C180BDB1D704E888D95F20284C3F86E54F6CFF6C3CA248632992ACAC3915353F974C8155D2A0A281DF2A7274ACCE35F08DF36CD6B8CFD1FCFDF6499E01A2D33ABFC854266940973C33C04128D6F4335CDCFDC66C35E505878CA703C21DFE057A86F29D0904828F48489635045EA766C53D533107CC921BC270175E213533AF9582E2CF2E8BD9939D614B3341B64B5823F26BEDEFDB8CBDC4FCF2B017ACAD7DB9C3E1E1C31D3DF5124BBF9D2EA60887A271997A8E17EFD4BD2A9DECFCF7FAF43C3CA2107DBCC5654CC044C08C7CCCDDA182BE90AF5CC3A218D2172CABD0E07F716A1EA2F93CFA7DBA4125671F776362E91F976623F3E59784B71DAB225F8FAC5CCB2C5D6B3E5D5847033"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-09 21:23:10
ComboFix-quarantined-files.txt 2009-01-09 20:23:08
Pre-Run: 38,190,358,528 byte disponibili
Post-Run: 38,235,762,688 byte disponibili
158 --- E O F --- 2008-12-18 15:43:09
