Niente da fare, continuano ad aprirsi queste dannate finestre
allego il log di combofix
ComboFix 09-08-10.06 - Nuti 16/08/2009 22.44.04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.524 [GMT 2:00]
Eseguito da: c:\documents and settings\Nuti\Desktop\ComboFix.exe
AV: Internet Security 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Internet Security 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nuti\file.exe
c:\programmi\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\lo2.txtt
.
((((((((((((((((((((((((( Files Creati Da 2009-07-16 al 2009-08-16 )))))))))))))))))))))))))))))))))))
.
2009-08-16 16:01 . 2009-08-16 16:01 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-16 15:50 . 2009-08-16 15:50 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\F-Secure
2009-08-16 15:46 . 2009-08-16 15:46 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\F-Secure
2009-08-16 15:46 . 2008-09-23 13:35 79904 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-08-16 15:44 . 2009-08-16 15:44 -------- d-----w- c:\programmi\Infostrada Security
2009-08-16 15:35 . 2009-08-16 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\fssg
2009-08-16 15:33 . 2009-08-16 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\f-secure
2009-08-16 15:32 . 2009-08-16 15:35 -------- d-----w- c:\programmi\Microsoft Windows OneCare Live
2009-08-16 15:32 . 2009-08-16 15:32 -------- d-----w- C:\10e66dd32eaeefecc8
2009-08-16 14:52 . 2009-08-16 15:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-08-16 12:57 . 2009-08-16 12:57 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-16 12:57 . 2009-08-16 12:56 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-16 12:57 . 2009-08-16 12:57 314712 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-08-16 12:57 . 2009-08-16 12:57 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-08-16 12:57 . 2009-08-16 12:57 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-08-16 12:57 . 2009-08-16 12:57 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-08-16 12:57 . 2009-08-16 12:57 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-08-16 12:57 . 2009-08-16 12:57 298336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-08-16 12:57 . 2009-08-16 12:57 84832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-08-16 12:57 . 2009-08-16 12:57 1630560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-08-16 12:56 . 2009-08-16 12:56 40288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-08-16 12:56 . 2009-08-16 12:56 246128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-08-16 12:56 . 2009-08-16 12:56 64160 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-08-16 12:56 . 2009-08-16 12:56 85352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-08-16 12:56 . 2009-08-16 12:56 664424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-08-16 12:56 . 2009-08-16 12:56 566632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-08-16 12:56 . 2009-08-16 12:56 563064 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-08-16 12:56 . 2009-08-16 12:56 2353480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-08-16 12:56 . 2009-08-16 12:56 629072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-08-16 12:56 . 2009-08-16 12:56 520024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-08-16 12:56 . 2009-08-16 12:56 1029456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-08-16 12:51 . 2009-08-16 12:51 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-16 12:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-08-16 12:51 . 2009-08-16 12:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-08-16 12:51 . 2009-08-16 12:51 -------- d-----w- c:\programmi\Lavasoft
2009-08-16 11:29 . 2009-08-16 11:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Adobe
2009-08-16 10:47 . 2009-08-16 10:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Spyware Terminator
2009-08-16 10:30 . 2009-08-16 10:30 102 ----a-w- c:\windows\system32\clear.reg
2009-08-16 10:30 . 2006-05-12 18:26 8039 ----a-w- c:\windows\system32\second.bat
2009-08-16 10:29 . 2005-01-20 11:47 175616 ----a-w- c:\windows\system32\strings.exe
2009-08-16 10:29 . 2005-01-13 19:41 39184 ----a-w- c:\windows\system32\Ntrights.exe
2009-08-16 10:29 . 2005-01-13 19:41 11254 ----a-w- c:\windows\system32\locate.com
2009-08-16 09:40 . 2009-08-16 09:40 -------- d-----w- c:\programmi\CCleaner
2009-08-16 09:28 . 2009-08-16 09:28 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\.clamwin
2009-08-16 08:05 . 2009-08-16 08:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\.clamwin
2009-08-16 08:05 . 2009-08-16 08:05 -------- d-----w- c:\programmi\ClamWin
2009-08-16 08:05 . 2009-08-16 08:05 -------- d-----w- c:\documents and settings\All Users\.clamwin
2009-08-16 07:02 . 2009-08-16 07:16 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-16 07:02 . 2009-08-16 07:05 -------- d-----w- c:\programmi\SpywareBlaster
2009-08-16 06:40 . 2009-08-16 06:40 -------- d-----w- c:\programmi\Sophos
2009-08-16 06:38 . 2009-08-16 06:38 -------- d-----w- c:\programmi\Trend Micro
2009-08-15 20:19 . 2009-08-16 12:47 -------- d-----w- c:\programmi\File comuni\Agnitum Shared
2009-08-15 20:19 . 2009-08-15 20:19 -------- d-----w- c:\programmi\Agnitum
2009-08-15 19:29 . 2009-08-15 19:29 -------- d-----w- c:\documents and settings\Nuti\DoctorWeb
2009-08-15 19:01 . 2009-08-15 19:01 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\Malwarebytes
2009-08-15 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 19:01 . 2009-08-15 19:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-15 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 19:01 . 2009-08-15 19:01 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-15 17:19 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-08-15 17:19 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-08-15 17:18 . 2009-08-15 17:18 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-08-15 16:52 . 2009-08-15 16:52 133 ----a-w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-08-15 16:51 . 2009-08-15 16:54 -------- d-----w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-08-15 16:48 . 2009-08-15 16:48 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-15 14:28 . 2009-08-16 10:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-15 14:28 . 2009-08-15 14:34 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-15 13:46 . 2009-08-15 13:46 17920 ----a-w- c:\windows\system32\mslsgw.exe
2009-08-15 13:46 . 2009-08-15 13:46 17920 ----a-w- c:\windows\msgrd.exe
2009-08-15 12:06 . 2009-08-15 12:06 -------- d-----w- c:\programmi\PowerQuest
2009-08-14 15:59 . 2009-08-14 15:59 -------- d-----w- c:\documents and settings\Lello\Impostazioni locali\Dati applicazioni\Google
2009-08-14 14:32 . 2009-08-14 14:32 -------- d-s---w- c:\documents and settings\Lello\UserData
2009-08-14 10:26 . 2009-08-14 10:26 -------- d-----w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-08-13 18:26 . 2009-08-13 18:26 -------- d-----w- c:\documents and settings\Lello\Dati applicazioni\pdfforge
2009-08-13 18:26 . 2009-08-13 18:26 -------- d-----w- c:\documents and settings\Lello\Dati applicazioni\Search Settings
2009-07-30 18:01 . 2009-08-03 18:59 -------- d-----w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\Temp
2009-07-21 15:59 . 2009-07-21 15:59 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-07-21 15:49 . 2009-07-21 15:49 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-07-21 15:48 . 2009-08-15 17:19 -------- d-----w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\Google
2009-07-21 15:47 . 2009-07-30 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-07-21 15:47 . 2009-08-15 17:18 -------- d-----w- c:\programmi\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 20:47 . 2009-06-21 15:40 -------- d-----w- c:\programmi\pdfforge Toolbar
2009-08-16 15:46 . 2002-10-15 22:11 77540 ----a-w- c:\windows\system32\perfc010.dat
2009-08-16 15:46 . 2002-10-15 22:11 454174 ----a-w- c:\windows\system32\perfh010.dat
2009-08-16 15:20 . 2009-05-13 17:32 71952 ----a-w- c:\documents and settings\Nuti\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-16 13:23 . 2009-05-13 17:43 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-08-15 22:00 . 2009-06-07 20:29 -------- d-----w- c:\programmi\LogMeIn
2009-08-15 16:55 . 2009-05-18 14:53 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbz.DAT
2009-08-15 16:51 . 2009-05-16 19:29 -------- d-----w- c:\programmi\File comuni\Nikon
2009-08-15 14:14 . 2009-06-13 11:44 -------- d-----w- c:\programmi\Yuza
2009-08-15 12:06 . 2009-05-13 15:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-13 18:22 . 2009-06-05 15:28 71952 ----a-w- c:\documents and settings\Lello\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-23 17:41 . 2009-05-15 16:27 -------- d-----w- c:\programmi\File comuni\Adobe
2009-07-07 17:41 . 2009-07-07 17:41 1 ----a-w- c:\documents and settings\Nuti\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-07 17:36 . 2009-07-07 17:36 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\OpenOffice.org
2009-07-07 17:33 . 2009-07-07 17:33 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-07-02 19:08 . 2009-07-02 18:15 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\IObit
2009-07-02 18:44 . 2009-07-02 18:44 4096 ----a-w- c:\windows\d3dx.dat
2009-07-02 18:32 . 2009-07-02 18:32 -------- d-----w- c:\programmi\PC Wizard 2008
2009-07-02 18:15 . 2009-07-02 18:15 -------- d-----w- c:\programmi\IObit
2009-06-25 19:44 . 2009-06-25 18:37 13566 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml2.tmp
2009-06-25 18:37 . 2009-05-27 19:06 1621 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xmlA0.tmp
2009-06-25 18:37 . 2009-05-27 19:06 8858 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9E.tmp
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\Search Settings
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\documents and settings\Nuti\Dati applicazioni\pdfforge
2009-06-21 15:40 . 2009-06-21 15:37 -------- d-----w- c:\programmi\PDFCreator
2009-05-27 19:06 . 2009-05-27 19:06 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml9F.tmp
2009-05-26 19:38 . 2009-05-26 19:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 13:28 . 2009-05-22 12:56 57 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-22 13:00 . 2009-05-22 13:00 50 ----a-w- c:\windows\system32\bridf05a.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-21 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-10 57393]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"Security Gateway"="c:\windows\system32\mslsgw.exe" [2009-08-15 17920]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-16 520024]
"F-Secure Manager"="c:\programmi\Infostrada Security\F-Secure Internet Security\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\programmi\Infostrada Security\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Nuti\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-1-27 384512]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di Album.lnk - c:\programmi\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE [2009-5-23 36864]
Controllo dello stato.lnk - c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe [2009-5-22 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [16/08/2009 18.01.09 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [16/08/2009 17.46.09 79904]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16/08/2009 14.57.17 64160]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmi\Infostrada Security\F-Secure Internet Security\HIPS\drivers\fshs.sys [16/08/2009 17.45.30 66720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [24/07/2008 18.46.12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [07/06/2009 22.29.48 47640]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmi\Infostrada Security\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [16/08/2009 17.44.51 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmi\Infostrada Security\F-Secure Internet Security\ORSP Client\fsorsp.exe [16/08/2009 17.45.31 55904]
S2 gupdate1ca0a1acc065538;Servizio di Google Update (gupdate1ca0a1acc065538);c:\programmi\Google\Update\GoogleUpdate.exe [21/07/2009 17.49.08 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Lite 2009.SP3a\RpcAgentSrv.exe [27/05/2009 21.01.21 98488]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmi\Infostrada Security\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [16/08/2009 17.44.51 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmi\Infostrada Security\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [16/08/2009 17.44.51 25184]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:56]
2009-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-16 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 15:47]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-21 15:48]
2009-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-07-21 15:48]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programmi\Infostrada Security\F-Secure Internet Security\FSPS\program\fslsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-16 22:48
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(816)
c:\programmi\Infostrada Security\F-Secure Internet Security\FSPS\program\fslsp.dll
.
Ora fine scansione: 2009-08-16 22.49.42
ComboFix-quarantined-files.txt 2009-08-16 20:49
Pre-Run: 115.399.352.320 byte disponibili
Post-Run: 115.541.159.936 byte disponibili
246
e il log di malware
Malwarebytes' Anti-Malware 1.40
Versione del database: 2635
Windows 5.1.2600 Service Pack 3
16/08/2009 17.14.22
mbam-log-2009-08-16 (17-14-22).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 218984
Tempo trascorso: 1 hour(s), 13 minute(s), 0 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
