r16 ha scritto:Non penso che il problema sia risolto. L'operazione ha bloccato le chiavi infette, non le ha eliminate.
Apri un file di testo sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
killall::
file::
c:\windows\system32\drivers\b5c64706.sys
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\Remove.exe
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk]
"imagepath"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706]
e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Prima di fare questo procedimento avevo fatto una scansione con avira, il quale ha trovato delle cose sospette 
, gli puoi dare un occhiata al log che è questo:Avira AntiVir Personal
Report file date: giovedì 9 aprile 2009 12:01
Scanning for 1344408 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : G-2BD1F07886EB4
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 11:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 18:46:13
ANTIVIR3.VDF : 7.1.3.34 132608 Bytes 08/04/2009 18:46:07
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 03/04/2009 18:46:57
AESCN.DLL : 8.1.1.10 127348 Bytes 03/04/2009 18:46:51
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 03/04/2009 18:46:50
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 03/04/2009 18:46:48
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.33 340340 Bytes 03/04/2009 18:46:32
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.7 176502 Bytes 03/04/2009 18:46:26
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 06:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 14:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: giovedì 9 aprile 2009 12:01
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\errorcontrol
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\extparamd
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b5c64706\f96zk6npb
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbfrqaimpmujnalxbiutuocbpprmoewpk\imagepath
[INFO] The registry entry is invisible.
'24549' objects were checked, '11' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'pg2.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TUProgSt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'rmctrl.exe' - '1' Module(s) have been scanned
Scan process 'Startup Launcher.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'vVX6000.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\ComboFix\psexec.cfexe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a42caff.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00FA89.dat.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] A backup was created as '4a40cc02.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\___c00FA89_.dat.zip
[0] Archive type: ZIP
--> __c00FA89.dat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '4a3ccc02.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57DC819D-6F94-4AF0-BC48-91DF108686E0}\RP1\A0000088.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a0dcbd7.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\PSEXESVC.EXE
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] A backup was created as '4a22cbfd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\ftp_non_crp.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] A backup was created as '4a4dcc8b.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\ovfsthkjbenhyidomyvkayvakdyejjlxupmkcl.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '4a43cc9e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\ovfsthmdcvftrpdlwyblcvyrhrpsrhbrndvquj.dll
[DETECTION] Is the TR/Tibs.ZB Trojan
[NOTE] A backup was created as '496f306f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\ovfsthuqgvgsmeroropgpmlmhnqtesfogddjlx.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] A backup was created as '4a43cc80.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\winsetupgl.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '4a4bcca3.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\b5c64706.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file could not be opened!
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] A backup was created as '4a40cc7e.qua' ( QUARANTINE )
C:\WINDOWS\system32\drivers\ovfsth.sys
[DETECTION] Is the TR/PCK.Tibs.ZC Trojan
[NOTE] A backup was created as '4a43ccc4.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Dati>
D:\Programmi\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1040-7B44-A90000000001}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> HLS.ITA
[WARNING] The file could not be written!
--> CP1258.TXT
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: giovedì 9 aprile 2009 12:43
Used time: 41:34 Minute(s)
The scan has been done completely.
4690 Scanned directories
215356 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
11 files were deleted
0 Viruses and unwanted programs were repaired
12 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
215341 Files not concerned
1162 Archives were scanned
6 Warnings
13 Notes
24549 Objects were scanned with rootkit scan
11 Hidden objects were found
invece quello che ti posto adesso è il log di ComboFix[/color]
ComboFix 09-04-04.01 - G & S 2009-04-09 13.09.16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1507 [GMT 2:00]
Eseguito da: c:\documents and settings\G & S\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\G & S\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
FILE ::
c:\windows\system32\drivers\b5c64706.sys
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\Remove.exe
.
Error: Cfolders.dat
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\b5c64706.sys
c:\windows\system32\Remove.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_b5c64706
((((((((((((((((((((((((( Files Creati Da 2009-03-09 al 2009-04-09 )))))))))))))))))))))))))))))))))))
.
2009-04-09 13:06 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-08 22:01 . 2009-04-09 09:36 <DIR> d-------- c:\programmi\VEXPLITE
2009-04-08 22:01 . 2008-03-17 19:23 39,808 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2009-04-08 17:19 . 2009-04-08 17:19 <DIR> d-------- c:\windows\system32\xircom
2009-04-08 17:19 . 2009-04-08 17:19 <DIR> d-------- c:\programmi\microsoft frontpage
2009-04-08 15:19 . 2009-04-08 15:19 155 --a------ c:\windows\system32\SelfDel.bat
2009-04-08 15:04 . 2009-04-08 17:04 <DIR> d--hs---- c:\windows\system32\lowsec
2009-04-08 15:03 . 2009-04-08 15:03 89,088 --a------ c:\windows\system32\fyd.exe
2009-04-07 22:36 . 2009-04-08 11:17 <DIR> d-------- c:\windows\BDOSCAN8
2009-04-07 21:41 . 2009-04-07 21:41 81,984 --a------ c:\windows\system32\bdod.bin
2009-04-07 21:41 . 2009-04-07 21:41 121 --a------ c:\windows\bdagent.INI
2009-04-07 21:34 . 2009-04-07 21:34 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-04-07 21:34 . 2009-04-07 21:34 385 --a------ c:\windows\system32\user_gensett.xml
2009-04-07 21:31 . 2009-04-07 21:32 <DIR> d-------- c:\programmi\File comuni\BitDefender
2009-04-07 21:31 . 2009-04-07 21:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\BitDefender
2009-04-07 21:02 . 2009-04-07 21:50 842 --a------ c:\windows\system32\ovfsthlog.dat
2009-04-07 19:39 . 2009-04-07 19:39 <DIR> d-------- c:\programmi\Trend Micro
2009-04-07 19:23 . 2009-04-07 19:23 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-04-05 18:17 . 2009-04-05 18:17 <DIR> d-------- C:\OUT_MEDIA_FILES
2009-04-05 18:17 . 2002-07-17 09:05 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-04-03 22:20 . 2009-04-03 22:20 0 --a------ c:\windows\system32\drivers\ovfsthnkoavacrunxeqnwqbvexvmknwmovwbkb.sys
2009-04-03 20:49 . 2009-04-09 09:37 43 --a------ c:\windows\system32\ovfsthvshisuqpfukxsjufdrcjlffsjwvqqyqj.dat
2009-04-03 20:48 . 2009-04-09 09:37 100,935 --a------ c:\windows\system32\ovfsthssrxqpdmslhmbhvthteovorhdbvbwhml.dat
2009-04-02 11:29 . 2009-04-02 11:51 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\mIRC
2009-04-01 22:25 . 2009-04-01 22:25 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\Wireshark
2009-04-01 22:05 . 2009-04-01 22:28 3,284 --a------ c:\windows\system32\ANIWZCS{F6FF7E7F-25B5-4C20-B883-F8FBF4B60EB4}
2009-04-01 22:04 . 2009-04-01 22:05 6 --a------ c:\windows\system32\ANIWZCSUSERNAME{F6FF7E7F-25B5-4C20-B883-F8FBF4B60EB4}
2009-04-01 21:37 . 2009-04-01 21:37 <DIR> d-------- C:\cygwin
2009-04-01 18:55 . 2009-04-01 18:55 <DIR> d-------- c:\programmi\File comuni\PAC207
2009-04-01 18:55 . 2009-04-01 18:55 <DIR> d-------- c:\programmi\Aecotech
2009-04-01 18:55 . 2008-02-13 13:17 618,112 --a------ c:\windows\system32\drivers\PFC027.SYS
2009-04-01 18:55 . 2008-02-18 09:15 129,024 --------- c:\windows\system32\SP207.ax
2009-04-01 18:55 . 2006-10-12 11:57 14,336 --------- c:\windows\system32\P207USD.dll
2009-04-01 18:55 . 2007-10-25 19:02 566 --------- c:\windows\system32\SP207.ini
2009-04-01 18:55 . 2007-10-05 15:40 399 --------- c:\windows\system32\Remover.ini
2009-04-01 18:54 . 2009-04-01 18:54 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\InstallShield
2009-04-01 11:59 . 2009-04-01 11:59 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-04-01 11:59 . 2009-04-01 11:59 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-01 11:58 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-01 11:57 . 2009-04-01 12:00 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\PC Suite
2009-04-01 11:57 . 2009-04-01 12:00 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\Nokia
2009-04-01 11:57 . 2009-04-01 11:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-04-01 11:53 . 2009-04-01 11:53 <DIR> d-------- c:\programmi\File comuni\PCSuite
2009-04-01 11:52 . 2009-04-01 11:53 <DIR> d-------- c:\programmi\File comuni\Nokia
2009-04-01 11:52 . 2009-04-01 11:52 <DIR> d-------- c:\programmi\DIFX
2009-04-01 11:52 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-04-01 11:50 . 2009-04-01 11:50 <DIR> d-------- c:\programmi\PC Connectivity Solution
2009-04-01 11:50 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-04-01 11:50 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\usbser_lowerfltj.sys
2009-04-01 11:50 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\usbser_lowerflt.sys
2009-04-01 11:49 . 2009-04-01 11:56 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-04-01 11:49 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-04-01 11:49 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-04-01 11:49 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2009-04-01 11:49 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-04-01 11:45 . 2009-04-01 11:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-03-25 14:40 . 1998-10-06 19:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-03-25 12:37 . 2009-03-25 12:37 7 --a------ c:\windows\system32\ANIWZCSUSERNAME{299450D7-2341-46EB-8A81-2EAF63CCBDD4}
2009-03-24 18:40 . 2009-03-25 12:56 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\PoivY
2009-03-23 23:56 . 2008-04-13 19:13 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-23 23:48 . 2008-12-12 19:01 3,088,896 --------- c:\windows\system32\dllcache\mshtml.dll
2009-03-23 23:48 . 2008-10-16 03:00 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-03-23 23:48 . 2008-10-16 03:00 668,672 --------- c:\windows\system32\dllcache\wininet.dll
2009-03-23 23:48 . 2008-10-16 03:00 619,520 --------- c:\windows\system32\dllcache\urlmon.dll
2009-03-23 23:19 . 2009-03-23 23:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-03-23 21:44 . 2009-03-23 21:44 <DIR> d-------- c:\programmi\Avira
2009-03-23 21:44 . 2009-03-23 21:44 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-03-23 15:33 . 2009-02-13 12:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-21 17:26 . 2009-03-21 17:26 74,752 --a------ c:\windows\cadkasdeinst01e.exe
2009-03-21 17:25 . 2009-03-21 17:25 73,216 --a------ c:\windows\cadkasdeinst01s.exe
2009-03-20 15:05 . 2009-03-20 15:05 <DIR> d-------- c:\programmi\Codice Fiscale
2009-03-20 15:05 . 2009-03-20 15:05 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\Palmlex
2009-03-17 22:03 . 2009-03-17 22:03 <DIR> d-------- c:\programmi\Microsoft Silverlight
2009-03-17 21:24 . 2007-11-02 12:07 6,656 --a------ c:\windows\system32\CoInst_080213.dll
2009-03-17 16:43 . 2009-03-17 16:43 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2009-03-17 16:36 . 2009-03-17 16:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\MakeMusic
2009-03-17 16:31 . 2009-03-17 16:31 <DIR> d-------- c:\windows\Cache
2009-03-17 16:30 . 2009-03-18 18:10 <DIR> d-------- C:\Psfonts
2009-03-17 16:30 . 2001-08-17 22:02 8,576 --a------ c:\windows\system32\drivers\hidgame.sys
2009-03-17 16:27 . 2009-03-17 16:39 308 --a------ c:\windows\winiini.fin
2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\documents and settings\G & S\Bluetooth Software
2009-03-17 16:24 . 2003-06-25 17:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-03-17 16:24 . 2002-06-21 16:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-03-17 16:18 . 2008-04-13 11:51 101,120 --a------ c:\windows\system32\drivers\bthpan.sys
2009-03-17 16:17 . 2008-04-13 19:14 152,576 --a------ c:\windows\system32\irftp.exe
2009-03-17 16:17 . 2008-04-13 11:46 59,136 --a------ c:\windows\system32\drivers\rfcomm.sys
2009-03-17 16:17 . 2008-04-13 19:13 29,696 --a------ c:\windows\system32\irmon.dll
2009-03-17 16:17 . 2008-04-13 11:46 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2009-03-17 16:17 . 2008-04-13 11:46 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2009-03-17 16:17 . 2008-04-13 19:13 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-17 16:13 . 2009-03-17 16:13 <DIR> d-------- c:\programmi\File comuni\EPSON
2009-03-17 16:13 . 2001-08-23 02:04 139,264 --a------ c:\windows\system32\EBAPI2.dll
2009-03-17 16:12 . 2009-03-17 16:13 <DIR> d-------- c:\programmi\EPSON
2009-03-17 16:12 . 2009-03-17 16:13 13,046 --a------ c:\windows\EPSTPLOG.BAK
2009-03-17 16:11 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-17 15:38 . 2009-03-21 16:28 1,440,024 --a------ C:\DC6810xp-001.raw
2009-03-17 15:35 . 2009-03-17 15:35 <DIR> d-------- c:\programmi\Microsoft LifeCam
2009-03-17 14:49 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-17 14:47 . 2005-05-26 16:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-17 14:32 . 2009-03-17 14:32 <DIR> d-------- c:\programmi\MSBuild
2009-03-17 14:27 . 2009-03-17 14:34 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-17 14:26 . 2009-03-17 14:26 <DIR> d-------- c:\programmi\Reference Assemblies
2009-03-17 14:25 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-17 14:20 . 2007-07-19 19:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-03-14 17:34 . 2009-03-14 17:34 <DIR> d-------- c:\windows\usbbin
2009-03-14 17:34 . 2009-03-14 17:34 <DIR> d-------- c:\windows\system32\color
2009-03-14 17:34 . 2002-04-06 11:52 172,032 -r------- c:\windows\ESUSDX.DLL
2009-03-14 17:34 . 2002-04-06 11:51 77,824 -r------- c:\windows\ESUSD.DLL
2009-03-14 17:34 . 2002-04-06 11:53 66,560 -r------- c:\windows\system32\WNASPI32.DLL
2009-03-14 17:34 . 2002-04-06 11:52 24,576 --------- c:\windows\system32\RSRC32.dll
2009-03-14 17:34 . 2002-04-06 11:52 5,741 -r------- c:\windows\GULP.VXD
2009-03-14 17:34 . 2002-04-06 11:52 1,312 --------- c:\windows\system32\RSRC16.dll
2009-03-14 17:33 . 2009-03-14 17:33 <DIR> d-------- c:\programmi\Escntl
2009-03-14 17:33 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-13 00:03 . 2009-03-13 00:03 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-03-11 12:25 . 2009-03-11 12:25 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\ArcSoft
2009-03-11 12:19 . 1995-07-31 14:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-03-11 12:19 . 2001-11-02 18:06 163,840 --a------ c:\windows\system32\PhotoImpression Screen Saver.scr
2009-03-10 21:53 . 2009-03-10 21:55 <DIR> d-------- c:\programmi\File comuni\uusee
2009-03-10 14:03 . 2009-04-05 21:49 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\dvdcss
2009-03-10 14:00 . 2009-04-04 13:24 116 --a------ c:\windows\NeroDigital.ini
2009-03-09 17:12 . 2009-03-09 17:12 <DIR> d-------- c:\documents and settings\G & S\Dati applicazioni\Malwarebytes
2009-03-09 17:12 . 2009-03-09 17:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-03-09 17:12 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 17:12 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 08:42 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\uTorrent
2009-04-01 20:31 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-30 12:38 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Ahead
2009-03-29 22:00 --------- d-----w c:\programmi\TuneUp Utilities 2009
2009-03-23 16:36 25,088 ----a-w c:\windows\system32\ctfmon.exe
2009-03-16 19:16 --------- d-----w c:\programmi\File comuni\InstallShield
2009-03-11 16:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 20:56 --------- d-----w c:\programmi\Borland
2009-03-07 20:49 --------- d-----w c:\programmi\WinRicette
2009-03-07 20:10 478 ---ha-w C:\os678647.bin
2009-03-07 19:49 --------- d-----w c:\programmi\Ulead Systems
2009-03-07 13:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-03-07 12:39 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Ulead Systems
2009-03-06 16:09 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\FileMaker
2009-03-05 21:53 --------- d-----w c:\programmi\Windows Sidebar
2009-03-05 16:58 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Broad Intelligence
2009-03-04 19:10 --------- d-----w c:\programmi\Google
2009-03-04 16:45 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\vlc
2009-03-04 10:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\comodo
2009-03-03 15:24 --------- d-----w c:\programmi\Microsoft.NET
2009-03-03 12:52 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Windows Sidebar Styler
2009-03-03 12:12 --------- d-----w c:\programmi\Thoosje Sidebar V2.3
2009-03-03 12:06 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Convivea
2009-03-03 09:56 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Desktopicon
2009-03-03 09:05 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-03-03 09:05 155,384 ----a-w c:\windows\system32\guard32.dll
2009-03-03 09:05 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-03-02 21:19 --------- d-----w c:\programmi\Messenger Plus! Live
2009-03-02 19:37 --------- d-----w c:\programmi\Windows Live
2009-03-02 19:37 --------- d-----w c:\programmi\Microsoft
2009-03-02 19:36 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-02 19:33 --------- d-----w c:\programmi\File comuni\Windows Live
2009-03-02 18:53 --------- d-----w c:\programmi\r2 Studios
2009-03-02 17:03 --------- d-----w c:\programmi\eMule
2009-03-02 16:57 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-02 16:57 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-02 16:57 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\TuneUp Software
2009-03-02 16:56 --------- d-sh--w c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-02 16:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-03-02 16:28 --------- d-----w c:\programmi\File comuni\Stardock
2009-03-02 16:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\LightScribe
2009-03-02 16:17 --------- d-----w c:\programmi\File comuni\LightScribe
2009-03-02 16:12 --------- d-----w c:\programmi\File comuni\Ahead
2009-03-02 15:53 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\r2 Studios
2009-03-02 15:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\r2 Studios
2009-03-02 15:52 --------- d-----w c:\programmi\File comuni\Adobe
2009-03-02 15:49 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Apple Computer
2009-03-02 15:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-03-02 15:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-02 15:36 --------- d-----w c:\programmi\uTorrent
2009-03-02 15:29 --------- d-----w c:\programmi\CyberLink
2009-03-02 15:29 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-03-02 15:25 --------- d-----w c:\programmi\xp-AntiSpy
2009-03-02 15:15 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-02 14:47 --------- d-----w c:\programmi\Windows Media Connect 2
2009-03-02 14:26 --------- d-----w c:\programmi\COMODO
2009-03-02 14:26 --------- d-----w c:\documents and settings\G & S\Dati applicazioni\Comodo
2009-03-02 14:23 155,995 ----a-w c:\windows\java\Packages\CHB5N1B1.ZIP
2009-03-02 14:23 --------- d-----w c:\programmi\Motive
2009-03-02 14:23 --------- d-----w c:\programmi\File comuni\Motive
2009-03-02 14:23 --------- d-----w c:\programmi\Common Files
2009-03-02 14:23 --------- d-----w c:\programmi\Alice ti aiuta
2009-03-02 14:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Motive
2009-03-02 14:22 --------- d-----w c:\programmi\Telecom Italia
2009-03-02 14:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SlySoft
2009-03-02 14:07 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-02 14:00 249,592 ----a-w c:\windows\system32\cssdll32.dll
2009-03-02 13:57 --------- d-----w c:\programmi\Alwil Software
2009-03-02 13:38 --------- d-----w c:\programmi\Servizi in linea
2009-03-01 13:18 81,920 ----a-w c:\windows\system32\dvdplay.exe
2009-03-01 13:18 8,192 ----a-w c:\windows\system32\tsbyuv.dll
2009-03-01 13:18 8,192 ----a-w c:\windows\system32\streamci.dll
2009-03-01 13:18 21,376 ----a-w c:\windows\system32\drivers\tsbvcap.sys
2009-03-01 13:18 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys
2009-03-01 13:18 12,288 ----a-w c:\windows\system32\drivers\fsvga.sys
2009-03-01 13:18 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-03-01 13:15 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-01 13:15 171,520 ----a-w c:\windows\system32\sfc_os.dll
2009-03-01 13:13 2,052,096 ----a-w c:\windows\system32\syssetup.dll
2009-03-01 13:12 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-03-01 13:12 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2009-03-01 13:12 286,720 ----a-w c:\windows\system32\gdi32.dll
2009-03-01 13:12 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-03-01 13:11 74,752 ----a-w c:\windows\system32\msw3prt.dll
2009-03-01 13:11 712,704 ----a-w c:\windows\system32\windowscodecs.dll
2009-03-01 13:11 347,648 ----a-w c:\windows\system32\windowscodecsext.dll
2009-03-01 13:11 2,450,176 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-01 13:11 138,496 ----a-w c:\windows\system32\drivers\afd.sys
2009-03-01 13:11 105,472 ----a-w c:\windows\system32\win32spl.dll
2009-03-01 13:11 1,148,416 ----a-w c:\windows\system32\msxml3.dll
2009-03-01 13:10 90,112 ----a-w c:\windows\system32\wshext.dll
2009-03-01 13:10 74,240 ----a-w c:\windows\system32\mscms.dll
2009-03-01 13:10 430,080 ----a-w c:\windows\system32\vbscript.dll
2009-03-01 13:10 253,952 ----a-w c:\windows\system32\es.dll
2009-03-01 13:10 247,296 ----a-w c:\windows\system32\mswsock.dll
2009-03-01 13:10 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-03-01 13:10 204,800 ----a-w c:\windows\system32\wscript.exe
2009-03-01 13:10 188,416 ----a-w c:\windows\system32\scrobj.dll
2009-03-01 13:10 172,032 ----a-w c:\windows\system32\scrrun.dll
.
------- Sigcheck -------
2008-04-13 19:13 588800 3dbd6dc6d74c517d55a1b3aeca88ef48 c:\windows\system32\user32.dll
2008-04-13 19:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\VistaMizer\old\user32.dll
2009-03-01 15:15 361600 1f39c7bdba4c5f3f01c4eabf7edbf4b3 c:\windows\system32\drivers\tcpip.sys
2008-04-13 19:14 549888 6dc43081c760eec1130d2c8c145df375 c:\windows\system32\winlogon.exe
2008-04-13 19:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\VistaMizer\old\winlogon.exe
2009-03-01 15:19 2327040 2d10eeb83eebdce43e9f0214057c03f2 c:\windows\system32\ntkrnlpa.exe
2009-03-01 15:19 2069760 c812d8551fd3b6acdbf7eb6b18b1b992 c:\windows\VistaMizer\old\ntkrnlpa.exe
2009-03-01 15:11 2450176 948fd43022363203761659a8b27b5e94 c:\windows\system32\ntoskrnl.exe
2009-03-01 15:11 2192896 0ee73494680235d59f4e57301d7ad580 c:\windows\VistaMizer\old\ntoskrnl.exe
2008-04-13 19:14 1554944 287b3020f1324e99f313c9e7fcfccccc c:\windows\explorer.exe
2008-04-13 19:14 1036288 70d7f99d95615c3c278367756287db71 c:\windows\VistaMizer\old\explorer.exe
2009-03-23 18:36 25088 91b6aac828f8bbe1796275424e44dfb0 c:\windows\system32\ctfmon.exe
2008-04-13 19:14 15360 f53cddef33a4c41336a782be3d170158 c:\windows\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((
SnapShot@2009-04-08_17.21.10.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-08 15:15:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-09 07:36:22 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-08 15:15:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-04-09 07:36:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-04-08 15:15:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 07:36:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 11:14:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3fc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-03-03 1851128]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-03-03 1851128]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"vx6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"sunjavaupdatesched"="d:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"startupdelayer"="c:\programmi\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-02-28 73728]
"remotecontrol"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"motive smartbridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"lifecam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"epson stylus c42 series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"bluetoothauthenticationagent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-23 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-13 c:\windows\system32\advpack.dll]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"d:\\Programmi\\PoivY.com\\PoivY\\PoivY.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-02 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-02 24336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2009-03-23 108289]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-02 603904]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-10-13 2383152]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-09-21 347648]
S3 aspi;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-04-05 16512]
S3 CrystalSysInfo;CrystalSysInfo;d:\programmi\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-04-01 618112]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-09 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 17:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/uninst_survey.html?serial=3.0.25.376_E33C8A2CD88A4ed3B2BD332E72436F25
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - d:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\G & S\Dati applicazioni\Mozilla\Firefox\Profiles\kx1lt5y4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.inter.it/aas/hp?L=it
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: d:\programmi\Mozilla Firefox\components\FFComm.dll
FF - component: d:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: d:\programmi\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programmi\QuickTime\Plugins\npqtplugin7.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-09 13:14:20
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\guard32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1364)
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\guard32.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\COMODO\Firewall\cmdagent.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
d:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
d:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-09 13:17:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-09 11:17:49
ComboFix2.txt 2009-04-09 08:51:33
ComboFix3.txt 2009-04-08 15:22:17
Pre-Run: 8.687.435.776 byte disponibili
Post-Run: 8,658,489,344 byte disponibili
433
