Grazie per le rassicurazioni =)
Questo è il log di combofix:
ComboFix 10-02-25.02 - Salvo 26/02/2010 21.34.39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1040.18.3070.2610 [GMT 1:00]
Eseguito da: f:\documents and settings\Salvo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100226-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2010-01-26 al 2010-02-26 )))))))))))))))))))))))))))))))))))
.
2010-02-26 17:17 . 2009-10-21 07:27 77312 ----a-w- F:\mbr.exe
2010-02-26 16:26 . 2010-01-07 15:07 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 16:26 . 2010-02-26 16:26 -------- d-----w- f:\programmi\Malwarebytes' Anti-Malware
2010-02-26 16:26 . 2010-01-07 15:07 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-02-26 16:20 . 2010-02-26 16:20 -------- d-----w- f:\programmi\File comuni\Java
2010-02-26 16:20 . 2010-02-26 16:20 503808 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cae24b8-n\msvcp71.dll
2010-02-26 16:20 . 2010-02-26 16:20 499712 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cae24b8-n\jmc.dll
2010-02-26 16:20 . 2010-02-26 16:20 348160 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4cae24b8-n\msvcr71.dll
2010-02-26 16:20 . 2010-02-26 16:20 61440 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3664a2d2-n\decora-sse.dll
2010-02-26 16:20 . 2010-02-26 16:20 12800 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3664a2d2-n\decora-d3d.dll
2010-02-26 16:20 . 2010-02-26 16:20 -------- d-----w- f:\programmi\Java
2010-02-26 16:20 . 2010-02-26 16:20 79488 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\jre1.6.0_18\gtapi.dll
2010-02-26 16:20 . 2010-02-26 16:20 152576 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Sun\Java\jre1.6.0_18\lzma.dll
2010-02-26 13:34 . 2010-02-26 13:39 -------- d-----w- F:\msdownld.tmp
2010-02-26 11:40 . 2008-04-13 17:45 10368 -c--a-w- f:\windows\system32\dllcache\hidusb.sys
2010-02-26 11:40 . 2008-04-13 17:45 10368 ----a-w- f:\windows\system32\drivers\hidusb.sys
2010-02-25 17:46 . 2010-02-25 17:46 -------- d-----w- f:\programmi\KONAMI
2010-02-25 17:46 . 2010-02-25 17:46 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\KONAMI
2010-02-25 13:13 . 2010-02-25 13:13 38976 ----a-w- f:\windows\system32\drivers\pssdk42.sys
2010-02-25 13:12 . 2010-02-25 13:25 -------- d-----w- f:\programmi\Tenable
2010-02-20 18:02 . 2010-02-20 18:02 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\java
2010-02-20 18:02 . 2010-02-20 18:02 45056 ---ha-w- f:\documents and settings\Salvo\Dati applicazioni\java\msnmsgs.exe
2010-02-20 18:02 . 2010-02-20 18:05 45056 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\msnmsgs.exe
2010-02-11 12:51 . 2010-02-11 12:51 -------- d-----w- f:\programmi\JRE
2010-02-08 14:32 . 2010-02-08 14:36 -------- d-----w- f:\windows\tessdata
2010-02-08 14:32 . 2010-02-08 14:32 -------- d-----w- f:\programmi\Softi Software
2010-02-08 14:32 . 2010-02-08 14:32 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\Softi Software
2010-02-08 14:00 . 2010-02-08 14:00 686080 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\F9.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-02-08 14:00 . 2010-02-08 14:00 655872 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\F9.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-02-08 14:00 . 2010-02-08 14:00 583168 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\F9.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-02-08 14:00 . 2010-02-08 14:00 568832 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\F9.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-02-08 14:00 . 2010-02-08 14:00 224768 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\F9.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-02-08 13:25 . 2010-02-04 09:01 74072 ----a-w- f:\windows\system32\XAPOFX1_4.dll
2010-02-08 13:25 . 2010-02-04 09:01 528216 ----a-w- f:\windows\system32\XAudio2_6.dll
2010-02-08 13:25 . 2010-02-04 09:01 238936 ----a-w- f:\windows\system32\xactengine3_6.dll
2010-02-08 13:25 . 2010-02-04 09:01 22360 ----a-w- f:\windows\system32\X3DAudio1_7.dll
2010-02-04 10:55 . 2010-02-04 10:55 -------- d-----w- f:\programmi\Freeware PDF Unlocker
2010-02-01 15:27 . 2010-02-01 15:27 -------- d-----w- f:\programmi\Widget vodafone.it
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 16:20 . 2009-11-24 17:54 411368 ----a-w- f:\windows\system32\deploytk.dll
2010-02-20 18:22 . 2009-11-24 17:56 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\uTorrent
2010-02-19 23:12 . 2009-12-29 16:57 -------- d-----w- f:\programmi\ATI
2010-02-19 21:23 . 2010-01-05 14:01 -------- d-----w- f:\programmi\Driver Magician
2010-02-19 21:21 . 2009-11-25 20:37 -------- d-----w- f:\programmi\SysResources Manager
2010-02-17 22:53 . 2009-11-24 18:10 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-02-16 22:08 . 2009-11-24 20:23 1 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-15 10:18 . 2009-11-24 17:57 -------- d-----w- f:\programmi\uTorrent
2010-02-12 14:38 . 2009-11-29 21:00 -------- d-----w- f:\programmi\NoAdware
2010-02-11 13:43 . 2009-11-24 10:54 26680 ----a-w- f:\documents and settings\Salvo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-11 12:51 . 2009-11-24 17:54 -------- d-----w- f:\programmi\OpenOffice.org 3
2010-02-01 23:11 . 2009-11-26 17:08 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\DriverScanner
2010-01-21 13:58 . 2009-11-24 21:40 -------- d-----w- f:\programmi\Messenger Plus! Live
2010-01-20 13:43 . 2009-11-24 21:38 -------- d-----w- f:\programmi\Microsoft Silverlight
2010-01-18 13:39 . 2009-11-24 17:50 -------- d-----w- f:\programmi\File comuni\Adobe
2010-01-12 00:17 . 2010-01-12 00:17 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Nokia
2010-01-12 00:17 . 2010-01-11 23:43 -------- d-----w- f:\programmi\File comuni\Nokia
2010-01-12 00:17 . 2010-01-11 23:43 -------- d-----w- f:\programmi\Nokia
2010-01-12 00:15 . 2010-01-12 00:15 3351812 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-12 00:15 . 2010-01-12 00:15 36864 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-12 00:15 . 2010-01-12 00:15 3203453 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-12 00:15 . 2010-01-11 23:42 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\Installations
2010-01-11 23:52 . 2010-01-11 23:44 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\Nokia
2010-01-11 23:50 . 2010-01-11 23:50 0 ---ha-w- f:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-11 23:50 . 2010-01-11 23:50 0 ---ha-w- f:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-11 23:50 . 2010-01-11 23:44 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\PC Suite
2010-01-11 23:49 . 2010-01-11 23:44 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-01-11 23:49 . 2010-01-11 23:49 0 ---ha-w- f:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-11 23:49 . 2010-01-11 23:49 0 ---ha-w- f:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-11 23:43 . 2010-01-11 23:43 -------- d-----w- f:\programmi\File comuni\PCSuite
2010-01-11 23:43 . 2009-11-24 22:57 -------- d-----w- f:\programmi\DIFX
2010-01-11 23:43 . 2010-01-11 23:43 -------- d-----w- f:\programmi\PC Connectivity Solution
2010-01-11 23:42 . 2010-01-11 23:42 95232 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-11 23:42 . 2010-01-11 23:42 8192 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-11 23:42 . 2010-01-11 23:42 61440 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-11 23:42 . 2010-01-11 23:42 10240 ----a-w- f:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-10 17:29 . 2010-01-10 17:29 -------- d-----w- f:\programmi\LizardTech
2010-01-10 17:29 . 2009-11-23 20:58 -------- d--h--w- f:\programmi\InstallShield Installation Information
2010-01-04 14:10 . 2010-01-04 14:00 -------- d-----w- f:\programmi\IncrediMail
2010-01-04 14:01 . 2010-01-04 14:01 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\IM
2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\IncrediMail
2010-01-03 23:52 . 2009-11-29 19:18 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\Free Download Manager
2010-01-03 23:37 . 2010-01-03 23:37 -------- d-----w- f:\programmi\Alwil Software
2010-01-03 17:11 . 2001-09-01 14:00 82848 ----a-w- f:\windows\system32\perfc010.dat
2010-01-03 17:11 . 2001-09-01 14:00 486700 ----a-w- f:\windows\system32\perfh010.dat
2010-01-03 16:09 . 2010-01-03 16:02 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\WebcamMax
2010-01-03 13:53 . 2009-11-30 17:41 -------- d-----w- f:\documents and settings\Salvo\Dati applicazioni\ArcSoft
2009-12-31 10:49 . 2009-11-23 15:00 -------- d-----w- f:\programmi\Intel
2009-12-31 10:37 . 2009-12-31 10:37 -------- d-----w- f:\programmi\ma-config.com
2009-12-31 10:37 . 2009-12-31 10:37 -------- d-----w- f:\documents and settings\All Users\Dati applicazioni\ma-config.com
2009-12-30 13:14 . 2009-12-30 13:14 -------- d-----w- f:\programmi\iTopsoft PC Speeduper
2009-12-30 00:52 . 2009-11-26 14:27 -------- d-----w- f:\programmi\Innovative Solutions
2009-12-30 00:51 . 2009-11-24 10:54 -------- d-----w- f:\programmi\NeoSmart Technologies
2009-12-29 16:13 . 2009-11-29 19:18 -------- d-----w- f:\programmi\Free Download Manager
2009-12-29 00:25 . 2009-12-28 22:57 56992 ----a-w- f:\windows\system32\drivers\btwhid.sys
2009-12-29 00:25 . 2009-12-28 22:57 37160 ----a-w- f:\windows\system32\drivers\btport.sys
2009-12-29 00:25 . 2009-12-28 22:57 37032 ----a-w- f:\windows\system32\drivers\btwmodem.sys
2009-12-29 00:25 . 2009-12-28 22:57 156816 ----a-w- f:\windows\system32\drivers\btwdndis.sys
2009-12-29 00:25 . 2009-12-28 22:57 533024 ----a-w- f:\windows\system32\drivers\btaudio.sys
2009-12-29 00:25 . 2009-12-28 14:39 991264 ----a-w- f:\windows\system32\drivers\btkrnl.sys
2009-12-29 00:25 . 2009-12-28 14:39 45984 ----a-w- f:\windows\system32\drivers\btwusb.sys
2009-12-29 00:25 . 2009-11-24 23:03 91176 ----a-w- f:\windows\system32\drivers\btwsecfl.sys
2009-12-29 00:25 . 2009-07-29 13:09 1052716 ----a-w- f:\windows\system32\btrez.dll
2009-12-27 14:36 . 2009-12-27 14:39 38784 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-27 14:36 . 2009-12-27 14:39 38784 ----a-w- f:\documents and settings\Default User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-25 17:50 . 2009-11-24 21:34 358944 ----a-w- f:\windows\vncutil.exe
2009-12-25 17:50 . 2008-10-22 06:36 84512 ----a-w- f:\windows\SOUNDMAN.EXE
2009-12-25 17:50 . 2008-10-22 06:36 1833504 ----a-w- f:\windows\SkyTel.exe
2009-12-25 17:50 . 2008-10-22 06:36 1489440 ----a-w- f:\windows\RtlUpd.exe
2009-12-25 17:50 . 2008-10-22 06:36 9721888 ----a-w- f:\windows\RTLCPL.EXE
2009-12-25 17:50 . 2009-11-24 21:34 51232 ----a-w- f:\windows\system32\RtkCoInstXP.dll
2009-12-25 17:50 . 2009-11-24 21:34 129568 ----a-w- f:\windows\RtkAudioService.exe
2009-12-25 17:50 . 2008-10-22 06:36 18789408 ----a-w- f:\windows\RTHDCPL.EXE
2009-12-25 17:49 . 2008-10-22 06:35 2177568 ----a-w- f:\windows\MicCal.exe
2009-12-25 17:49 . 2008-10-22 06:35 2815520 ----a-w- f:\windows\ALCWZRD.EXE
2009-12-25 17:49 . 2008-10-22 06:35 64032 ----a-w- f:\windows\ALCMTR.EXE
2009-12-25 17:26 . 2008-10-22 06:36 6039584 ----a-w- f:\windows\system32\drivers\RtkHDAud.sys
2009-12-24 18:55 . 2010-01-04 16:03 606208 ----a-w- f:\documents and settings\Salvo\Dati applicazioni\Mozilla\Firefox\Profiles\l0ul3o3d.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
2009-12-21 19:06 . 2008-08-26 06:57 916480 ------w- f:\windows\system32\wininet.dll
2009-12-11 21:02 . 2009-01-14 03:44 4525056 ----a-w- f:\windows\system32\drivers\ati2mtag.sys
2009-12-11 20:45 . 2009-11-29 19:45 45056 ----a-w- f:\windows\system32\aticalrt.dll
2009-12-11 20:44 . 2009-11-29 19:45 45056 ----a-w- f:\windows\system32\aticalcl.dll
2009-12-11 20:43 . 2009-11-29 19:45 3620864 ----a-w- f:\windows\system32\aticaldd.dll
2009-12-11 20:41 . 2009-01-14 00:07 311296 ----a-w- f:\windows\system32\atiiiexx.dll
2009-12-11 20:26 . 2009-01-14 01:19 446464 ----a-w- f:\windows\system32\ATIDEMGX.dll
2009-12-11 20:25 . 2009-01-14 01:17 300544 ----a-w- f:\windows\system32\ati2dvag.dll
2009-12-11 20:25 . 2009-01-14 02:16 13434880 ----a-w- f:\windows\system32\atioglxx.dll
2009-12-11 20:23 . 2009-01-14 00:52 3521408 ----a-w- f:\windows\system32\ati3duag.dll
2009-12-11 20:09 . 2009-01-14 01:06 208896 ----a-w- f:\windows\system32\atipdlxx.dll
2009-12-11 20:09 . 2009-01-14 01:06 155648 ----a-w- f:\windows\system32\Oemdspif.dll
2009-12-11 20:09 . 2009-01-14 01:06 26112 ----a-w- f:\windows\system32\Ati2mdxx.exe
2009-12-11 20:08 . 2009-01-14 01:05 43520 ----a-w- f:\windows\system32\ati2edxx.dll
2009-12-11 20:08 . 2009-01-14 01:05 155648 ----a-w- f:\windows\system32\ati2evxx.dll
2009-12-11 20:07 . 2009-01-14 00:35 2154752 ----a-w- f:\windows\system32\ativvaxx.dll
2009-12-11 20:07 . 2009-01-14 01:04 602112 ----a-w- f:\windows\system32\ati2evxx.exe
2009-12-11 20:05 . 2009-01-14 01:02 53248 ----a-w- f:\windows\system32\ATIDDC.DLL
2009-12-11 20:01 . 2009-01-14 00:15 565248 ----a-w- f:\windows\system32\atikvmag.dll
2009-12-11 19:59 . 2009-01-14 00:14 176128 ----a-w- f:\windows\system32\atiadlxx.dll
2009-12-11 19:58 . 2009-01-14 00:14 17408 ----a-w- f:\windows\system32\atitvo32.dll
2009-12-11 19:57 . 2009-01-14 01:23 393216 ----a-w- f:\windows\system32\atiok3x2.dll
.
------- Sigcheck -------
[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . f:\windows\system32\drivers\tcpip.sys
[-] 2009-08-03 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . f:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((
SnapShot@2010-02-26_17.12.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-26 17:30 . 2010-02-26 17:30 16384 f:\windows\temp\Perflib_Perfdata_6ec.dat
+ 2010-02-26 17:30 . 2010-02-26 17:30 16384 f:\windows\temp\Perflib_Perfdata_510.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="f:\documents and settings\Salvo\Dati applicazioni\java\msnmsgs.exe" [2010-02-20 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IntelZeroConfig"="f:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="f:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"Adobe Reader Speed Launcher"="f:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SunJavaUpdateSched"="f:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\F:^Documents and Settings^Salvo^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
backup=f:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\startupfolder\F:^Documents and Settings^Salvo^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]
backup=f:\windows\pss\Widget vodafone.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
f:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- f:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- f:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- f:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51 202024 ----a-w- f:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- f:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-03-02 09:19 3399727 ----a-w- f:\programmi\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Pinyin 2 Autoupdater]
2009-11-24 19:37 1009648 ----a-w- f:\programmi\Google\Google Pinyin 2\GooglePinyinDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 18:03 186904 ----a-w- f:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2010-01-04 14:09 320968 ----a-w- f:\programmi\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- f:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 ----a-w- f:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- f:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- f:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-06-25 17:05 98304 ----a-w- f:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- f:\programmi\File comuni\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysResources Manager]
2009-11-15 13:03 598016 ----a-w- f:\programmi\SysResources Manager\SysResManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programmi\\uTorrent\\uTorrent.exe"=
"f:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"f:\\Programmi\\SopCast\\SopCast.exe"=
"f:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"f:\\Programmi\\uusee\\UUSeePlayer.exe"=
"f:\\Programmi\\Free Download Manager\\fdm.exe"=
"f:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"f:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"f:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"f:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"f:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"f:\\Programmi\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:tcp
"4672:UDP"= 4672:UDP:udp
"62636:TCP"= 62636:TCP:torrent
R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [04/01/2010 0.37.33 114768]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [04/01/2010 0.37.33 20560]
R2 PD91Agent;PD91Agent;f:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [31/12/2008 13.12.40 693512]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;f:\windows\system32\drivers\ArcSoftKsUFilter.sys [02/12/2009 14.18.51 14336]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [24/11/2009 22.34.23 1691480]
S3 maconfservice;Ma-Config Service;f:\programmi\ma-config.com\maconfservice.exe [17/12/2009 19.00.28 243056]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [12/01/2010 0.43.24 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [12/01/2010 0.43.24 8320]
S3 PD91Engine;PD91Engine;f:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [31/12/2008 13.12.44 910600]
S3 PSSDK42;PSSDK42;f:\windows\system32\drivers\pssdk42.sys [25/02/2010 14.13.13 38976]
S3 uCamMonitor;CamMonitor;f:\programmi\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [02/12/2009 14.18.48 104960]
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-26 f:\windows\Tasks\Clean System Memory.job
- f:\windows\system32\CleanMem.exe [2009-11-24 21:12]
2010-02-25 f:\windows\Tasks\User_Feed_Synchronization-{EEEDF2B7-3AA6-4446-B27E-2786A4818E17}.job
- f:\windows\system32\msfeedssync.exe [2008-10-22 00:01]
.
.
------- Scansione supplementare -------
.
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = local
IE: Scarica con Free Download Manager - file://f:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://f:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://f:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://f:\programmi\Free Download Manager\dlall.htm
IE: Send to &Bluetooth Device... - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - f:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - f:\documents and settings\Salvo\Dati applicazioni\Mozilla\Firefox\Profiles\l0ul3o3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: f:\documents and settings\Salvo\Dati applicazioni\Mozilla\Firefox\Profiles\l0ul3o3d.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
FF - component: f:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: f:\documents and settings\Salvo\Dati applicazioni\Mozilla\Firefox\Profiles\l0ul3o3d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: f:\programmi\ma-config.com\nphardwaredetection.dll
FF - plugin: f:\programmi\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
f:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
f:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
f:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-26 21:37
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(832)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(3780)
f:\windows\system32\WININET.dll
f:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
f:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
f:\windows\system32\webcheck.dll
f:\windows\system32\wpdshserviceobj.dll
f:\windows\system32\portabledevicetypes.dll
f:\windows\system32\portabledeviceapi.dll
.
Ora fine scansione: 2010-02-26 21:38:17
ComboFix-quarantined-files.txt 2010-02-26 20:38
ComboFix2.txt 2010-02-26 17:15
ComboFix3.txt 2010-01-03 17:05
ComboFix4.txt 2009-12-02 10:07
ComboFix5.txt 2010-02-26 20:34
Pre-Run: 61.010.878.464 byte disponibili
Post-Run: 60.970.737.664 byte disponibili
- - End Of File - - 60B13E4506A9048BD7655D5920BC97D3
