Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log, per favore?

Mi controllate il log, per favore? Opzioni
Topic Precedente · Topic Sucessivo
bastille49
Inviato: Friday, February 04, 2011 12:29:22 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
Amici ciao, uso XP pro (versione 2002) service pack 3. Utilizzo AVG 2011, Outpost firewall, Spybot, Malwarebytes' Anti-Malware. Da poco tempo oltre alla lentezza abituale si aprono finestre, soprattutto proponenti giochi on line o di belle fanciulle che poco mi interessano perchè già femmina, e rumori di ogni tipo. In questi casi seguo sempre tutti i passaggi che consigliate di fare: mai rilevato virus o altro, nè in mod. provvisoria nè in mod. normale. Vi chiederei, perciò di contollare il log. Grazie


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.17.33, on 04/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C007966E-8393-4D29-86FE-87E9407C75CC}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6270 bytesLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.17.33, on 04/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C007966E-8393-4D29-86FE-87E9407C75CC}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6270 bytesLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.17.33, on 04/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C007966E-8393-4D29-86FE-87E9407C75CC}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6270 bytes
Torna in alto
 
Sponsor
Inviato: Friday, February 04, 2011 12:29:22 PM

 
Torna in alto
 
r16
Inviato: Friday, February 04, 2011 10:17:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Installa Internet Explorer 8
http://www.microsoft.com/downloads/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b&displaylang=it
Poi posta un nuovo log di HijackThis
Torna in alto
 
bastille49
Inviato: Saturday, February 05, 2011 10:36:25 AM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
Perdonami r16, ma.....io uso abitualmente mozilla e per quanto riguarda internet sono ancora alla versione 6, posso passare direttamente alla 8? Grazie, ciao d'oh!
Torna in alto
 
davix
Inviato: Saturday, February 05, 2011 1:11:48 PM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
La risposta è molto semplice: SI.

Te lo dico perchè formattando XP, in passato, mi son ritrovato con IE6. Poi, come ti ha detto R16, ho scaricato ed installato direttamente IE8.

Ciao
Torna in alto
 
r16
Inviato: Saturday, February 05, 2011 2:03:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bastille49 ha scritto:
Perdonami r16, ma.....io uso abitualmente mozilla e per quanto riguarda internet sono ancora alla versione 6, posso passare direttamente alla 8? Grazie, ciao d'oh!

Ciao bastille49 .
Anche se non usi IE, è sempre meglio tenere aggiornato il S.O.
Aggiornarlo, di sicuro non fai danni.
Poi, alcuni programmi, funzionano solo con IE, per cui, è consigliabile se si deve usarlo, che sia almeno aggiornato.
Torna in alto
 
bastille49
Inviato: Sunday, February 06, 2011 2:56:35 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
r16 ha scritto:
Installa Internet Explorer 8
http://www.microsoft.com/downloads/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b&displaylang=it
Poi posta un nuovo log di HijackThis


caro r16, ho fatto ciò che mi hai consigliato, ed ecco il nuovo log, dopo aver scaricato IE8:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.51.46, on 06/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programmi\AVG\AVG10\avgnsx.exe
C:\Programmi\AVG\AVG10\avgemcx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG10\avgtray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\eMule\emule.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmi\AVG\AVG10\avgcsrvx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmi\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmi\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C007966E-8393-4D29-86FE-87E9407C75CC}: NameServer = 213.205.36.70 213.205.32.70
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6783 bytes
Torna in alto
 
r16
Inviato: Sunday, February 06, 2011 3:33:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok, il log è a posto.
Fai queste pulizie:
Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Poi:
Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO.

Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):

clicca sulla voce Open the misc tool section .
clicca su Open ads spy.
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected .

Fai uno ScanDisk, e una deframmentazione del HD.

Riattiva il ripristino configurazione di sistema .

Vediamo se riscontri ancora problemi.
Torna in alto
 
bastille49
Inviato: Monday, February 07, 2011 4:31:51 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
r16, ho hatto ciò che mi hai indicato. Non so bene cosa siano gli ADS, ma ho controllato tutte le voci e nessuna era ADS.
Ti ringrazio per l'aiuto, se dovessi avere problemi, ti (vi) seccherò ancora. Ciao Speak to the hand Speak to the hand
Torna in alto
 
r16
Inviato: Monday, February 07, 2011 6:11:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
bastille49 ha scritto:
Non so bene cosa siano gli ADS, ma ho controllato tutte le voci e nessuna era ADS.

Non ho capito bene quella frase......Think
Se non sai cosa sono gli ADS, come fai a dire che " nessuna era ADS".Drool
Forse perchè avevi paura di eliminare, dei programmi che ti servono?
Ti assicuro che non sarebbe successo.

Comunque se riscontrerai ancora problemi, mi puoi "seccare" ancora.Drool
Ciao!
Torna in alto
 
bastille49
Inviato: Tuesday, February 08, 2011 2:26:23 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
r16 ha scritto:
bastille49 ha scritto:
Non so bene cosa siano gli ADS, ma ho controllato tutte le voci e nessuna era ADS.

Non ho capito bene quella frase......Think
Se non sai cosa sono gli ADS, come fai a dire che " nessuna era ADS".Drool
Forse perchè avevi paura di eliminare, dei programmi che ti servono?
Ti assicuro che non sarebbe successo.

Comunque se riscontrerai ancora problemi, mi puoi "seccare" ancora.Drool
Ciao!


intendevo che in nessuna voce era riportato ADS: ho sbagliato?
Comunque continuano ad aprirsi pagine proponenti giochi on line. Ciao
Torna in alto
 
r16
Inviato: Tuesday, February 08, 2011 5:36:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Comunque continuano ad aprirsi pagine proponenti giochi on line

Mentre navighi, o mentre giochi?
Torna in alto
 
bastille49
Inviato: Wednesday, February 09, 2011 12:39:28 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
r16 ha scritto:
Commenta:

Mentre navighi, o mentre giochi?


Mentre navigo. Per la verità i giochi non mi interessano molto. Ciao r16 Speak to the hand
Torna in alto
 
r16
Inviato: Wednesday, February 09, 2011 6:31:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vediamo cosa dice Combofix:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe .
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
bastille49
Inviato: Wednesday, February 16, 2011 3:07:22 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
r16 ha scritto:
Vediamo cosa dice Combofix:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe .
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.


Ho tardato perchè ho avuto dei problemi: nonostante avessi disabilitato Outpost firewall e AVG, combofix continuava a dare avvisi per la presenza di AVG. Alla fine ho rimosso AVG (per scaricarlo nuovamente dopo l'uso di combofix). Poi riscontrava Antivir Desktop (non so neppure cosa sia), comunque dopo alcune disavventure ecco il file log:


ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34ComboFix 11-02-15.04 - gabri 16/02/2011 14.13.29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.226 [GMT 1:00]
Eseguito da: c:\documents and settings\gabri\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\documents and settings\gabri\Dati applicazioni\Auslogics
2011-02-07 14:01 . 2011-02-07 14:01 -------- d-----w- c:\programmi\Auslogics
2011-02-07 13:59 . 2011-02-07 13:59 4646264 ----a-w- c:\programmi\disk-defrag-setup.exe
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-sh--w- c:\documents and settings\gabri\IECompatCache
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\TRADUTTORI
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\AIUTAMICI.COM
2011-02-06 11:25 . 2011-02-06 11:25 -------- d-----w- C:\DIZIONARI INFORM
2011-02-06 11:23 . 2011-02-06 11:23 -------- d-sh--w- c:\documents and settings\gabri\PrivacIE
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-06 11:20 . 2011-02-06 11:20 -------- d-sh--w- c:\documents and settings\gabri\IETldCache
2011-02-06 11:12 . 2011-02-06 11:14 -------- dc-h--w- c:\windows\ie8
2011-02-06 11:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-06 11:09 . 2010-12-20 23:53 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-06 11:09 . 2010-12-20 23:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-06 11:08 . 2010-12-20 23:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-06 11:08 . 2010-12-20 23:53 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-06 11:08 . 2010-12-20 23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-06 11:08 . 2010-12-20 23:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-06 11:08 . 2010-12-21 04:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-06 11:06 . 2011-02-06 11:05 16968544 ----a-w- c:\programmi\IE8-WindowsXP-x86-ITA.exe
2011-02-04 11:15 . 2011-02-04 11:15 388608 ----a-w- c:\programmi\HijackThis.exe
2011-01-21 14:44 . 2011-01-21 14:44 440832 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2009-11-25 10:20 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-11-25 10:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2009-11-25 10:20 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-30 10:53 . 2009-11-25 10:05 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-12-22 12:34 . 2009-11-25 10:20 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2009-11-25 10:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2009-11-25 10:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2009-11-25 10:20 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2009-11-25 10:20 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2009-11-28 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-11-28 15:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2009-11-25 11:00 385024 ------w- c:\windows\system32\html.iec
2010-12-19 11:51 . 2010-12-19 11:50 2493933 ----a-w- c:\programmi\vsoDivxToDVD_setup.exe
2010-12-14 10:25 . 2010-12-14 10:25 10414088 ----a-w- c:\programmi\K-Lite_Codec_Pack_666_Standard.exe
2010-12-13 13:30 . 2010-12-13 13:17 153061304 ----a-w- c:\programmi\OOo_3.2.1_Win_x86_install-wJRE_it.exe
2010-12-13 11:10 . 2010-12-13 11:09 8399024 ----a-w- c:\programmi\Firefox Setup 3.6.13.exe
2010-12-09 15:15 . 2009-11-25 10:20 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2009-11-25 10:20 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2009-11-25 10:20 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2009-11-25 10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-19 12:43 . 2010-11-19 12:43 955272 ----a-w- c:\programmi\SkypeSetup.exe
2010-11-18 18:12 . 2009-11-25 10:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-18 13:31 . 2010-11-18 13:31 2811584 ----a-w- c:\programmi\ccsetup300.exe
2010-11-15 10:40 . 2010-11-18 13:20 19985265 ----a-w- c:\programmi\vlc-1.1.5-win32.exe
2009-11-29 15:07 . 2009-11-29 15:07 3738880 ----a-w- c:\programmi\FoxitReader30_enu_Setup.exe
2009-11-25 19:04 . 2009-11-25 19:04 4409491 ----a-w- c:\programmi\cdbxp_setup_4.2.7.1801.exe
2009-11-25 18:14 . 2009-11-25 18:14 25823304 ----a-w- c:\programmi\wmp11-windowsxp-x86-it-it.exe
2008-04-25 22:33 . 2009-11-25 11:13 323000872 ----a-w- c:\programmi\WINDOWSXP-KB936929-SP3-X86-ITA_2162c1d419d1e462a7dc34294528b2daf593302c.exe
2005-09-23 16:55 . 2009-11-25 11:10 23510720 ----a-w- c:\programmi\dotnetfx.exe
2005-05-04 23:24 . 2009-11-25 10:40 2585872 ----a-w- c:\programmi\WindowsInstaller-KB893803-v2-x86.exe
2004-08-20 02:26 . 2009-11-25 10:17 273229544 ------w- c:\programmi\WindowsXP-KB835935-SP2-ITA.exe
2003-02-21 21:37 . 2009-11-25 10:16 24265736 ------w- c:\programmi\dotnetfx_001.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"CnxDslTaskBar"="c:\programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2009-11-25 462848]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^gabri^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\gabri\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\programmi\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [25/11/2009 12.49.50 704384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [25/11/2009 12.48.20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [25/11/2009 12.49.32 257432]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [25/11/2009 13.34.53 60288]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;c:\windows\system32\drivers\CnxEtU.sys [25/11/2009 13.34.53 646400]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [25/11/2009 13.34.53 108771]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [25/11/2009 12.48.19 1195008]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [25/11/2009 11.05.39 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\gabri\Dati applicazioni\Mozilla\Firefox\Profiles\7fgwmzip.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-16 14:19:41
ComboFix-quarantined-files.txt 2011-02-16 13:19

Pre-Run: 68.519.919.616 byte disponibili
Post-Run: 68.509.491.200 byte disponibili

- - End Of File - - B21BA4516B4FCEDEBEDA259592ED1A34



Ciao, a presto Think
Torna in alto
 
r16
Inviato: Wednesday, February 16, 2011 6:37:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Secondo me, ci sono delle estensioni di Firefox, che sono il problema.
Queste:
Commenta:
Ext: Conduit Engine
Ext: uTorrentBar Community Toolbar
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13

Io direi, di tagliare la testa al toro, e provare un'ultima fatica:
Disistallare Mozilla\Firefox e poi reistallarlo.
Il resto del log di Combofix, è pulito.
Torna in alto
 
bastille49
Inviato: Sunday, February 20, 2011 5:41:24 PM

Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 1,069
Tutto fatto. E va "sicuramente meglio"!
Grazie r16 per la tua competenza e per la tua pazienza.
A presto </noscript>"/>
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log, per favore?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.