Pensavi peggio perchè forse non mi sono ben spiegato: ho effettuato un ripristino di una copia del sistema salvata in precedenza con true image. Tuttavia il fatto di trovare qualcosa mi inquieta: o la copia salvata aveva qualche file infetto o non tutto viene cancellato con il ripristino.
Comunque ecco il log:
ComboFix 09-07-07.A5 - Administrator 08/07/2009 13.26.33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1536.1159 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Ati2evxx.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-06-08 al 2009-07-08 )))))))))))))))))))))))))))))))))))
.
2009-07-07 12:07 . 2009-07-07 12:07 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-07 12:05 . 2009-07-07 12:05 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-07 12:05 . 2009-07-07 12:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-07 12:03 . 2009-07-07 12:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-07 11:47 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-07 11:46 . 2009-07-07 11:47 -------- d-----w- c:\windows\ie8updates
2009-07-07 11:46 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-07 11:46 . 2009-04-30 21:13 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-07 11:46 . 2009-04-30 21:13 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-07 11:46 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-07 11:43 . 2009-07-07 11:46 -------- dc-h--w- c:\windows\ie8
2009-07-07 06:12 . 2009-03-07 10:53 41728 ----a-w- c:\windows\system32\drivers\VIRAGTLT.SYS
2009-07-06 15:26 . 2009-07-06 15:26 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-07-06 15:26 . 2009-07-06 15:26 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-07-06 15:26 . 2009-07-06 15:26 213888 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-07-06 15:26 . 2009-07-06 15:26 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-07-06 15:26 . 2009-07-06 15:26 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-07-06 15:26 . 2009-07-06 15:26 -------- d-----w- c:\programmi\File comuni\Acronis
2009-07-06 15:26 . 2009-07-06 15:26 -------- d-----w- c:\programmi\Acronis
2009-07-06 15:03 . 2009-07-06 15:03 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Canneverbe_Limited
2009-07-06 14:53 . 2009-07-06 14:53 -------- d-----w- c:\programmi\Ashampoo Burning Studio 6 FREE
2009-07-06 14:52 . 2009-07-06 14:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Ashampoo
2009-07-06 14:51 . 2009-07-06 14:51 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2009-07-06 14:50 . 2009-07-06 14:50 -------- d-----w- c:\programmi\VideoLAN
2009-07-06 14:47 . 2009-07-06 14:48 -------- d-----w- C:\Stradario
2009-07-06 14:23 . 2008-04-13 17:14 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-07-06 14:23 . 2008-04-13 17:14 152576 ----a-w- c:\windows\system32\irftp.exe
2009-07-06 14:23 . 2008-04-13 17:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-06 14:23 . 2008-04-13 17:13 8192 ----a-w- c:\windows\system32\wshirda.dll
2009-07-06 14:23 . 2008-04-13 17:13 29696 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-07-06 14:23 . 2008-04-13 17:13 29696 ----a-w- c:\windows\system32\irmon.dll
2009-07-05 18:13 . 2009-07-05 18:13 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-05 18:13 . 2009-07-05 18:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2009-07-05 18:09 . 2009-07-05 18:14 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2009-07-05 18:07 . 2009-07-05 18:07 -------- d-----w- c:\windows\Sun
2009-07-05 18:06 . 2009-07-05 18:06 -------- d-----w- c:\programmi\File comuni\Skype
2009-07-05 18:06 . 2009-07-05 18:07 -------- d-----r- c:\programmi\Skype
2009-07-05 18:06 . 2009-07-05 18:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-07-05 18:05 . 2009-07-05 18:15 -------- d-----w- c:\programmi\uTorrent
2009-07-05 18:04 . 2009-07-07 15:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2009-07-05 17:59 . 2009-07-05 17:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CanonIJPLM
2009-07-05 17:54 . 2009-07-06 13:50 -------- d-----w- c:\programmi\Canon
2009-07-05 17:51 . 2009-07-05 17:51 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-07-05 17:51 . 2008-02-26 03:00 230912 ----a-w- c:\windows\system32\CNMLM9I.DLL
2009-07-05 17:51 . 2009-07-05 17:51 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-07-05 17:51 . 2008-02-08 06:38 200704 ----a-w- c:\windows\system32\CNC190L.DLL
2009-07-05 17:51 . 2007-11-09 02:59 1323008 ----a-w- c:\windows\system32\CNC190C.DLL
2009-07-05 17:51 . 2007-11-09 02:58 98304 ----a-w- c:\windows\system32\CNC190I.DLL
2009-07-05 17:51 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC190O.DLL
2009-07-05 17:50 . 2009-07-05 17:50 -------- d--h--w- c:\programmi\CanonBJ
2009-07-05 17:17 . 2009-07-05 17:17 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\PC_Drivers_Headquarters
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\programmi\PC Drivers HeadQuarters
2009-07-05 16:53 . 2009-07-05 18:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ZipGenius
2009-07-05 16:53 . 2009-07-05 16:53 -------- d-----w- c:\programmi\ZipGenius 6
2009-07-05 13:42 . 2009-07-05 13:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-07-05 12:59 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-07-05 12:59 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-07-05 12:57 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-07-05 12:57 . 2009-07-05 12:57 -------- d-----w- c:\programmi\Agnitum
2009-07-05 12:57 . 2009-07-05 12:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-07-05 12:35 . 2009-07-05 12:55 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-07-05 11:37 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-05 11:37 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-05 08:46 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-05 08:46 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-07-05 08:46 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-07-05 08:43 . 2009-07-05 08:43 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Foxit
2009-07-05 08:43 . 2009-07-05 08:43 -------- d-----w- c:\programmi\Foxit Software
2009-07-05 08:41 . 2009-07-05 08:42 -------- d-----w- c:\programmi\Disk Cleaner
2009-06-27 15:14 . 2008-04-13 09:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-27 15:14 . 2008-04-13 09:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-27 15:14 . 2008-04-13 09:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-06-27 15:14 . 2008-04-13 09:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-27 15:13 . 2008-04-13 09:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-06-27 15:13 . 2008-04-13 09:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-27 15:13 . 2008-04-13 09:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-06-27 15:13 . 2008-04-13 09:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-27 15:13 . 2008-04-13 09:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-06-27 15:13 . 2008-04-13 09:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-27 15:12 . 2008-04-13 17:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-27 15:12 . 2008-04-13 17:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-27 15:11 . 2009-03-17 12:24 1964432 ----a-w- c:\windows\system32\drivers\VX1000.sys
2009-06-27 15:11 . 2009-03-17 12:24 115728 ----a-w- c:\windows\VX1000.dll
2009-06-27 15:11 . 2009-03-17 12:24 721936 ----a-w- c:\windows\vVX1000.exe
2009-06-27 15:11 . 2009-03-17 12:24 218128 ----a-w- c:\windows\vVX1000.dll
2009-06-27 15:11 . 2009-03-17 12:24 189456 ----a-w- c:\windows\system32\cVX1000.dll
2009-06-27 15:11 . 2009-03-17 12:24 185360 ----a-w- c:\windows\system32\LCCoin20.dll
2009-06-27 15:11 . 2009-06-27 15:11 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-27 15:11 . 2009-07-06 14:36 -------- d-----w- c:\programmi\Microsoft LifeCam
2009-06-27 14:14 . 2009-07-05 09:51 -------- d-----w- C:\3ccbf02d9f393c32efc06aa730
2009-06-27 14:13 . 2009-06-27 14:13 -------- d-----w- c:\windows\system32\drivers\umdf
2009-06-27 14:11 . 2009-06-27 14:17 -------- d-----w- C:\6977ae9247df7baad9b0
2009-06-27 14:11 . 2009-06-27 14:11 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-06-27 14:11 . 2009-06-27 14:11 142 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-06-24 10:38 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-24 10:38 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-24 10:37 . 2009-06-24 10:37 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-06-24 10:37 . 2009-06-24 10:37 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-06-24 10:35 . 2009-06-24 10:46 -------- d-----w- c:\programmi\Google
2009-06-24 10:22 . 2009-06-24 10:44 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2009-06-24 10:22 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-24 10:22 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-24 10:22 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-24 10:22 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-24 10:22 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-24 10:22 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-24 09:12 . 2009-06-24 09:12 -------- d--h--w- c:\windows\PIF
2009-06-24 08:58 . 2009-06-24 08:58 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-24 08:28 . 2008-03-22 21:37 113896 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-06-24 08:28 . 2009-06-24 08:31 -------- d-----w- c:\programmi\KeyScrambler
2009-06-24 08:27 . 2008-06-01 21:25 737192 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\keyscrambler@qfx.software.corporation\installer\setup.exe
2009-06-24 08:27 . 2008-06-01 21:24 808936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2009-06-24 08:26 . 2009-06-24 08:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-24 08:25 . 2009-06-24 08:25 -------- d-----w- c:\programmi\Java
2009-06-24 08:24 . 2009-06-24 08:24 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-24 08:20 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-24 08:17 . 2009-06-24 08:17 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-06-23 16:58 . 2001-08-31 10:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2009-06-23 16:58 . 2001-08-31 10:00 6144 ----a-w- c:\windows\system32\admxprox.dll
2009-06-23 16:56 . 2009-06-23 16:56 -------- d-----w- c:\windows\system32\Logfiles
2009-06-23 16:56 . 2009-06-23 16:56 -------- d-----w- C:\Inetpub
2009-06-23 13:36 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-06-23 13:15 . 2009-06-23 13:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PCToolsFirewallPlus
2009-06-23 13:13 . 2009-07-05 12:54 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 14:24 . 2001-08-31 10:00 81722 ----a-w- c:\windows\system32\perfc010.dat
2009-07-06 14:24 . 2001-08-31 10:00 482562 ----a-w- c:\windows\system32\perfh010.dat
2009-07-05 17:17 . 2009-06-22 18:58 63904 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-05 11:00 . 2009-07-05 08:46 -------- d-----w- c:\programmi\Alwil Software
2009-07-05 09:50 . 2009-07-05 09:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-07-05 09:50 . 2009-07-05 09:44 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-05 09:46 . 2009-07-05 09:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-07-05 09:36 . 2009-07-05 09:36 -------- d-----w- c:\programmi\IObit
2009-07-05 09:36 . 2009-07-05 09:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\IObit
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\programmi\VIA
2009-06-22 19:42 . 2009-06-22 19:42 -------- d-----w- c:\programmi\Microsoft.NET
2009-06-22 19:41 . 2009-06-22 19:41 -------- d-----w- c:\programmi\Microsoft Works
2009-06-22 18:38 . 2009-06-22 18:38 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MSN6
2009-06-22 18:38 . 2009-06-22 18:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSN6
2009-06-22 17:55 . 2009-06-22 17:55 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-22 17:52 . 2009-06-22 17:52 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\programmi\Servizi in linea
2009-05-13 05:02 . 2001-08-31 10:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2001-08-31 10:00 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-19 19:47 . 2001-08-31 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2001-08-31 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-06-07 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\programmi\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/07/2009 13.37.51 114768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [05/07/2009 14.59.11 704384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/07/2009 13.37.51 20560]
R2 NwSapAgent;Agente SAP;c:\windows\system32\svchost.exe -k netsvcs [31/08/2001 12.00.00 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [05/07/2009 14.57.44 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [05/07/2009 14.59.01 257432]
R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [24/06/2009 10.28.20 113896]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [05/07/2009 14.57.41 1195008]
S4 gupdate1c9f4b7cf5e6112;Servizio di Google Update (gupdate1c9f4b7cf5e6112);c:\programmi\Google\Update\GoogleUpdate.exe [24/06/2009 12.37.33 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {46557340-C727-43D5-B849-10CAB8D76D1A} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\24dstrn0.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-08 13:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-725345543-963894560-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,f2,71,b0,d9,89,57,4d,af,fe,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,f2,71,b0,d9,89,57,4d,af,fe,c8,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1212)
c:\windows\system32\WININET.dll
c:\programmi\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\msi.dll
c:\programmi\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\IncrediMail\bin\ImApp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-08 13.34.21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-08 11:34
Pre-Run: 52.674.420.736 byte disponibili
Post-Run: 52.589.469.696 byte disponibili
306 --- E O F --- 2009-07-07 11:47
