Fatto tutto questo è il report:
ComboFix 09-10-18.06 - Iracondo 19/10/2009 21.10.59.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1279.801 [GMT 2:00]
Eseguito da: c:\documents and settings\Iracondo\Documenti\Programmi\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\CmdLineExt.dll
c:\windows\system32\config\46503984.Evt
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
((((((((((((((((((((((((( Files Creati Da 2009-09-19 al 2009-10-19 )))))))))))))))))))))))))))))))))))
.
2009-10-19 19:18 . 2009-10-19 19:18 -------- d-----w- c:\windows\system32\xircom
2009-10-19 19:18 . 2009-10-19 19:18 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-19 19:18 . 2009-10-19 19:18 -------- d-----w- c:\windows\srchasst
2009-10-19 19:18 . 2009-10-19 19:18 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-19 17:57 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 17:57 . 2009-10-19 17:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-19 17:57 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 13:38 . 2009-10-19 13:38 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2009-10-19 13:38 . 2009-10-19 13:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-19 10:15 . 2009-10-19 12:00 -------- d-----w- C:\Program files
2009-10-19 10:05 . 2009-10-19 12:00 -------- d-----w- c:\documents and settings\Iracondo\Impostazioni locali\Dati applicazioni\ArmA
2009-10-18 22:15 . 2009-10-18 22:15 -------- d-----w- c:\programmi\Electronic Arts
2009-10-16 15:36 . 2009-10-16 15:36 -------- d-----w- c:\documents and settings\Iracondo\Impostazioni locali\Dati applicazioni\Ahead
2009-10-16 15:32 . 2009-10-16 15:32 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Ahead
2009-10-16 15:30 . 2009-10-16 15:30 -------- d-----w- c:\programmi\Nero
2009-10-16 15:30 . 2009-10-16 15:30 -------- d-----w- c:\programmi\File comuni\Ahead
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-10-16 15:24 . 2009-10-16 15:24 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-10-16 15:18 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-10-16 15:18 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-10-16 15:16 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-10-16 15:16 . 2009-10-16 15:16 -------- d-----w- c:\programmi\Agnitum
2009-10-16 15:16 . 2009-10-16 15:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2009-10-16 14:18 . 2009-10-16 14:18 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-16 14:18 . 2009-10-18 22:12 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\DAEMON Tools Lite
2009-10-14 08:21 . 2009-10-14 08:21 -------- d-----w- c:\windows\Sun
2009-10-13 16:11 . 2009-10-13 16:11 -------- d-----w- c:\documents and settings\Iracondo\Impostazioni locali\Dati applicazioni\Identities
2009-10-11 14:36 . 2009-10-11 14:36 -------- d-----w- c:\programmi\Extension Changer
2009-10-10 09:44 . 2009-10-10 09:44 -------- d-----w- c:\programmi\SIW
2009-10-09 16:35 . 2009-10-09 16:35 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Malwarebytes
2009-10-09 16:35 . 2009-10-09 16:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-09 15:11 . 2009-10-09 15:11 -------- d--h--w- c:\windows\PIF
2009-10-09 14:09 . 2009-10-19 10:08 1 ----a-w- c:\documents and settings\Iracondo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-09 14:08 . 2009-10-09 14:08 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\OpenOffice.org
2009-10-09 12:07 . 2009-10-17 17:28 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\vlc
2009-10-09 12:06 . 2009-10-09 12:06 -------- d-----w- c:\programmi\VideoLAN
2009-10-08 23:58 . 2009-10-08 23:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-08 23:58 . 2009-10-08 23:58 -------- d-----w- c:\programmi\MSBuild
2009-10-08 23:57 . 2009-10-08 23:57 -------- d-----w- c:\programmi\Reference Assemblies
2009-10-08 23:57 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-08 23:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-08 23:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-08 23:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-08 23:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-08 23:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-08 23:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-08 19:41 . 2009-10-08 19:41 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\DisplayTune
2009-10-08 19:20 . 2009-10-08 19:20 -------- d-----w- c:\programmi\JRE
2009-10-08 19:20 . 2009-10-08 19:20 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-10-08 16:22 . 2009-10-08 16:22 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Logitech
2009-10-08 16:22 . 2009-10-08 16:22 10134 ----a-r- c:\documents and settings\Iracondo\Dati applicazioni\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-10-08 16:22 . 2007-01-23 13:45 78864 ----a-w- c:\windows\system32\drivers\LMouKE.Sys
2009-10-08 16:22 . 2007-01-23 13:44 62992 ----a-w- c:\windows\system32\drivers\L8042mou.Sys
2009-10-08 16:22 . 2007-01-23 13:44 20496 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-10-08 16:22 . 2007-01-23 13:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
2009-10-08 16:21 . 2007-01-29 23:46 69632 ----a-w- c:\windows\system32\KemXML.dll
2009-10-08 16:21 . 2007-01-29 23:46 163840 ----a-w- c:\windows\system32\kemutb.dll
2009-10-08 16:21 . 2007-01-29 23:46 110592 ----a-w- c:\windows\system32\KemWnd.dll
2009-10-08 16:21 . 2007-01-29 23:46 135168 ----a-w- c:\windows\system32\KemUtil.dll
2009-10-08 16:21 . 2009-10-08 16:21 10134 ----a-r- c:\documents and settings\Iracondo\Dati applicazioni\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe
2009-10-08 16:21 . 2009-10-08 16:21 -------- d-----w- c:\programmi\File comuni\Logitech
2009-10-08 16:21 . 2009-10-08 16:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2009-10-08 16:21 . 2009-10-08 16:21 -------- d-----w- c:\programmi\Logitech
2009-10-08 15:56 . 2009-10-08 15:56 -------- d-----w- c:\windows\system32\LogFiles
2009-10-08 15:50 . 2008-04-13 08:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-10-08 15:50 . 2008-04-13 08:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-10-08 15:49 . 2008-04-13 08:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-10-08 15:47 . 2009-10-08 15:47 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\InstallShield
2009-10-08 15:43 . 2006-05-11 04:14 73728 ----a-w- c:\windows\system32\lxdapwr.dll
2009-10-08 15:43 . 2006-04-17 17:42 198144 ----a-w- c:\windows\system32\LEX2KUSB.DLL
2009-10-08 15:43 . 2006-04-17 17:42 311296 ----a-w- c:\windows\system32\LEXBCES.EXE
2009-10-08 15:43 . 2006-04-17 17:41 147456 ----a-w- c:\windows\system32\LEXBCE.DLL
2009-10-08 15:43 . 2006-04-17 17:41 174592 ----a-w- c:\windows\system32\LEXPPS.EXE
2009-10-08 15:43 . 2006-04-17 17:41 201216 ----a-w- c:\windows\system32\LEXP2P32.DLL
2009-10-08 15:43 . 2009-10-08 15:43 -------- d-----w- c:\programmi\Lexmark 640 Series
2009-10-08 15:43 . 2006-04-17 17:48 200704 ----a-w- c:\windows\system32\lexlmpm.dll
2009-10-08 15:43 . 1997-04-18 09:51 298496 ----a-w- c:\windows\unin0410.exe
2009-10-08 15:43 . 2009-10-08 15:43 -------- d-----w- c:\documents and settings\Iracondo\WINDOWS
2009-10-08 15:40 . 2009-10-09 00:06 19360 ----a-w- c:\documents and settings\Iracondo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-08 15:40 . 2009-10-08 15:40 -------- d-----w- c:\documents and settings\Iracondo\Impostazioni locali\Dati applicazioni\ATI
2009-10-08 15:40 . 2009-10-08 15:40 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\ATI
2009-10-08 15:40 . 2009-10-08 15:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ATI
2009-10-08 15:37 . 2009-10-08 15:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 15:37 . 2009-10-08 15:37 -------- d-----w- c:\programmi\Java
2009-10-08 15:36 . 2009-10-08 15:36 152576 ----a-w- c:\documents and settings\Iracondo\Dati applicazioni\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-08 15:20 . 2009-10-08 15:20 -------- d-sh--w- c:\documents and settings\Iracondo\PrivacIE
2009-10-08 15:19 . 2009-10-08 15:19 -------- d-sh--w- c:\documents and settings\Iracondo\IETldCache
2009-10-08 15:13 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-08 15:13 . 2009-10-08 15:13 -------- d-----w- c:\windows\ie8updates
2009-10-08 15:13 . 2009-08-29 07:56 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-08 15:13 . 2009-08-29 07:56 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-08 15:10 . 2009-10-08 15:12 -------- dc-h--w- c:\windows\ie8
2009-10-08 14:54 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-08 14:42 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-08 14:34 . 2009-02-06 10:15 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-08 14:34 . 2009-03-06 13:49 286208 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-08 14:34 . 2009-02-09 10:55 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-08 14:34 . 2009-02-09 10:55 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-08 14:34 . 2009-02-09 11:14 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-10-08 14:34 . 2009-02-06 10:36 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-10-08 14:34 . 2009-06-26 09:41 735744 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-08 14:34 . 2009-02-09 10:55 736768 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-08 14:34 . 2009-02-09 10:55 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-08 14:34 . 2009-08-04 20:51 2069888 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-08 14:34 . 2009-08-04 17:21 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-08 14:34 . 2009-08-04 17:21 2027520 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-08 14:33 . 2008-04-21 21:14 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-08 14:17 . 2009-10-08 14:27 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\IObit
2009-10-08 14:17 . 2009-10-08 14:17 -------- d-----w- c:\programmi\IObit
2009-10-08 14:09 . 2009-10-08 14:10 -------- d-----w- c:\programmi\eMule
2009-10-08 14:05 . 2009-10-08 14:05 -------- d-----w- c:\programmi\CCleaner
2009-10-08 14:04 . 2009-10-08 14:04 -------- d-----w- c:\programmi\VS Revo Group
2009-10-08 13:43 . 2009-10-08 13:43 -------- d-----w- c:\programmi\uTorrent
2009-10-08 13:42 . 2009-10-19 17:01 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\uTorrent
2009-10-08 13:25 . 2009-10-08 13:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-08 13:24 . 2009-10-19 08:26 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\skypePM
2009-10-08 13:12 . 2009-10-19 15:54 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Skype
2009-10-08 13:11 . 2009-10-08 13:11 -------- d-----w- c:\programmi\File comuni\Skype
2009-10-08 13:11 . 2009-10-08 14:27 -------- d-----r- c:\programmi\Skype
2009-10-08 13:11 . 2009-10-08 13:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-10-08 13:09 . 2008-04-13 10:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-10-08 13:09 . 2008-04-13 10:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-08 13:09 . 2008-04-13 08:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-10-08 13:09 . 2008-04-13 10:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 19:04 . 2004-08-19 13:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2009-10-19 19:04 . 2004-08-19 13:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2009-10-19 16:36 . 2009-10-08 12:23 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\TeamViewer
2009-10-19 13:36 . 2009-10-08 12:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-19 13:36 . 2009-10-08 12:41 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-19 12:19 . 2009-10-08 12:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-10-19 12:19 . 2009-10-08 12:37 -------- d-----w- c:\programmi\Spyware Terminator
2009-10-19 12:04 . 2009-10-08 12:37 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Spyware Terminator
2009-10-08 19:40 . 2009-10-08 11:32 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-08 19:40 . 2009-10-08 19:40 -------- d-----w- c:\programmi\File comuni\Portrait Displays
2009-10-08 19:40 . 2009-10-08 19:40 -------- d-----w- c:\programmi\Philips Display
2009-10-08 15:48 . 2009-10-08 15:48 -------- d-----w- c:\programmi\Hercules
2009-10-08 12:43 . 2009-10-08 12:43 0 ----a-w- c:\windows\nsreg.dat
2009-10-08 12:37 . 2009-10-08 12:37 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-10-08 12:23 . 2009-10-08 12:23 -------- d-----w- c:\programmi\TeamViewer3
2009-10-08 12:21 . 2009-10-08 12:21 -------- d-----w- c:\programmi\Foxit Software
2009-10-08 12:21 . 2009-10-08 12:21 -------- d-----w- c:\documents and settings\Iracondo\Dati applicazioni\Foxit
2009-10-08 12:21 . 2009-10-08 11:12 -------- d-----w- c:\programmi\Windows Sidebar
2009-10-08 12:02 . 2009-10-08 12:02 -------- d-----w- c:\programmi\Avira
2009-10-08 12:02 . 2009-10-08 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-08 11:47 . 2009-03-02 00:35 549888 ----a-w- c:\windows\system32\winlogon.exe
2009-10-08 11:44 . 2009-10-08 11:44 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-08 11:41 . 2009-10-08 11:40 -------- d-----w- c:\programmi\ATI Technologies
2009-10-08 11:41 . 2009-10-08 11:32 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-08 11:35 . 2009-10-08 11:35 -------- d-----w- c:\programmi\Realtek Sound Manager
2009-10-08 11:35 . 2009-10-08 11:35 -------- d-----w- c:\programmi\AvRack
2009-10-08 11:32 . 2009-10-08 11:32 -------- d-----w- c:\programmi\Intel
2009-10-08 11:23 . 2009-10-08 11:23 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-08 11:23 . 2009-10-08 11:23 -------- d-----w- c:\programmi\System
2009-10-08 11:21 . 2009-10-08 11:21 -------- d-----w- c:\programmi\Alky for Applications
2009-10-08 11:21 . 2009-10-08 11:21 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-08 11:19 . 2009-10-08 11:19 -------- d-----w- c:\programmi\Servizi in linea
2009-10-08 11:17 . 2009-10-08 11:17 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 11:14 . 2009-10-08 11:14 -------- d-----w- c:\programmi\VistaExperience.org
2009-10-08 11:11 . 2009-10-08 11:11 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-09-11 14:14 . 2008-04-13 19:13 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-13 19:13 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2008-12-20 23:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-03-01 23:47 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 08:59 . 2008-04-13 19:13 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:51 . 2009-03-18 18:54 2069888 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:21 . 2009-03-01 23:46 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-07-29 04:34 . 2008-04-13 19:13 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:34 . 2008-04-13 19:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-28 14:34 . 2009-10-08 12:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
------- Sigcheck -------
[-] 2009-03-02 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-19 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2009-03-02 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-03-02 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2009-10-08 . B93931EA1B7E9ACCA65C131B5FB5E4CA . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-03-21 . 94E6AE0CA24B2D84286DDEA8666A4E40 . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2009-03-01 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2009-03-02 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\system32\wscntfy.exe ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-08 2171904]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-02-27 47104]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-02 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-10-8 688128]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Iracondo\\Desktop\\Mirc\\mirc.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [16/10/2009 17.18.40 704384]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [08/10/2009 14.37.07 142592]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\System\CPL Bonus\vcdrom.sys [08/10/2009 13.22.56 8576]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [16/10/2009 17.16.45 1195008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [16/10/2009 17.16.53 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [16/10/2009 17.18.28 257432]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [08/10/2009 17.48.52 94720]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - HELPSVC
*NewlyCreated* - VCDROM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-09 c:\windows\Tasks\User_Feed_Synchronization-{D1905C49-39B9-462D-86E9-42D1A10ADF74}.job
- c:\windows\system32\msfeedssync.exe [2009-03-01 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Iracondo\Dati applicazioni\Mozilla\Firefox\Profiles\hdk65hfn.default\
FF - prefs.js: browser.startup.homepage -
www.google.itFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-19 21:19
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\combofix\CF12558.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmi\File comuni\Logitech\khalshared\KHALMNPR.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-19 21.25.11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-19 19:25
Pre-Run: 58.224.939.008 byte disponibili
Post-Run: 58.142.273.536 byte disponibili
- - End Of File - - 6E8CB7F7398B3ED77D14C2FB50161B8C
