Non riesco ad accedere ai siti degli antivirus

[Luke57]

oops

Ciao, sembra a posto, hai ancora problemi?

[sofy]

Guarda, non so come ringraziarti, mi hai risolto tutto, almeno per adess e tutto ok! GRAZIE DI CUORE!!!!!!!!!!

[best5]

ciao anche io ho lo stesso problema..
riuscite ad aiutarmi?
non riesco ad allegare il file mi dice che il limite massimo è stato raggiungo ma mi sono iscritto oggi...

lo copio qui di seguito sperando non sia un problema nel caso cancellatelo voi:

ComboFix 09-06-11.06 - Luca 12/06/2009 17:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.198 [GMT 2:00]
Eseguito da: c:\documents and settings\Luca\desktop\abc.exe
Opzioni usate :: /killall
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\gxvxcaqfoqbryhjxrfilrenwniqylugpjanal.dll
c:\windows\system32\gxvxccounter
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2009-05-12 al 2009-06-12 )))))))))))))))))))))))))))))))))))
.

2009-06-11 10:08 . 2009-06-11 10:08 -------- d-----w- c:\programmi\AMR to MP3 Converter
2009-06-11 10:02 . 2009-06-11 10:07 -------- d-----w- c:\programmi\AMR_MP3
2009-06-09 18:06 . 2009-06-09 18:06 494600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-09 17:50 . 2009-06-09 17:50 -------- d-----w- c:\programmi\Safari
2009-06-05 15:43 . 2009-06-05 15:43 69632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-04 11:39 . 2009-06-04 11:39 6144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdel.exe
2009-06-04 11:39 . 2009-06-04 11:39 5632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator\fileobjinfo.sys
2009-06-04 11:39 . 2009-06-04 11:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-04 11:39 . 2009-06-11 09:09 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Spyware Terminator
2009-06-04 11:38 . 2009-06-11 09:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-06-04 11:38 . 2009-06-11 09:16 -------- d-----w- c:\programmi\Spyware Terminator
2009-06-03 16:18 . 2009-06-03 16:18 -------- d-----w- c:\programmi\iPod
2009-06-03 16:10 . 2009-06-03 16:12 -------- d-----w- c:\programmi\QuickTime
2009-06-03 15:59 . 2009-06-03 15:59 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-24 17:38 . 2009-06-10 11:51 -------- d---a-w- c:\programmi\amplcml
2009-05-24 17:31 . 2009-05-24 17:40 -------- d-----w- c:\programmi\AMPLWIN
2009-05-24 17:31 . 2009-05-24 17:31 286720 ------w- c:\windows\Setup1.exe
2009-05-24 17:31 . 2009-05-24 17:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-20 15:56 . 2009-05-20 15:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-17 21:00 . 2009-05-17 21:00 -------- d-----w- c:\programmi\Sophos
2009-05-17 18:07 . 2009-05-17 18:07 -------- d-----w- c:\windows\BDOSCAN8
2009-05-17 18:00 . 2009-05-17 18:03 -------- d-----w- c:\documents and settings\Luca\Pavark
2009-05-17 17:25 . 2009-05-17 17:30 -------- d-----w- c:\documents and settings\Luca\.housecall6.6
2009-05-17 17:11 . 2009-05-17 17:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-05-17 17:11 . 2009-05-17 17:11 -------- d-----w- c:\programmi\AVG
2009-05-17 17:02 . 2009-05-17 17:02 796 ----a-w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI\remcsi.bat
2009-05-17 16:18 . 2009-05-17 16:18 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-05-17 16:18 . 2009-05-17 16:18 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-05-17 16:18 . 2009-05-17 16:18 795704 ----a-w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI\~PrevxCSIUpdate.exe
2009-05-17 16:15 . 2009-05-17 16:15 -------- d-----w- c:\programmi\PrevxCSI
2009-05-17 16:15 . 2009-05-17 17:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-05-17 10:04 . 2009-05-17 10:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 10:00 . 2009-05-17 10:00 -------- d-----w- c:\programmi\MSSOAP
2009-05-17 09:59 . 2009-05-17 09:59 -------- d-----w- c:\programmi\Webroot
2009-05-16 16:50 . 2009-05-16 18:36 -------- d-----w- c:\programmi\Holdem Indicator
2009-05-16 16:46 . 2009-05-16 16:54 -------- d-----w- c:\programmi\Holdem Spy
2009-05-16 15:25 . 2009-06-04 12:53 -------- d-----w- c:\programmi\Tournament Indicator
2009-05-14 08:25 . 2009-05-14 08:25 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Windows Search
2009-05-14 08:18 . 2009-05-14 08:22 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Windows Desktop Search
2009-05-14 08:17 . 2009-05-14 20:15 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-05-14 08:16 . 2009-05-14 08:22 -------- d-----w- c:\programmi\Windows Desktop Search
2009-05-14 08:16 . 2009-05-14 08:16 -------- d-----w- c:\windows\system32\GroupPolicy
2009-05-14 08:14 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-05-14 08:14 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-05-14 08:14 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 16:02 . 2009-03-28 16:46 38832160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-12 15:58 . 2009-03-28 16:46 460196 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-12 14:49 . 2007-11-20 19:29 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-06-10 17:09 . 2009-02-15 12:37 -------- d-----w- c:\programmi\PokerStars.IT
2009-06-03 21:10 . 2009-06-04 09:52 2748928 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-06-03 16:18 . 2008-01-19 17:31 -------- d-----w- c:\programmi\iTunes
2009-06-03 16:18 . 2007-11-20 20:32 -------- d-----w- c:\programmi\File comuni\Apple
2009-05-18 15:46 . 2009-05-18 15:47 1634816 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-05-18 15:46 . 2009-05-18 15:47 24064 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-05-17 22:39 . 2009-05-18 11:26 1452544 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-05-17 16:02 . 2007-11-20 18:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-05-16 19:18 . 2009-05-16 19:56 3026432 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-05-16 19:18 . 2009-05-16 19:56 1590272 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-05-16 18:23 . 2007-12-01 15:26 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Azureus
2009-05-14 18:02 . 2007-11-20 19:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-05-14 08:16 . 2001-08-31 11:00 91384 ----a-w- c:\windows\system32\perfc010.dat
2009-05-14 08:16 . 2001-08-31 11:00 510642 ----a-w- c:\windows\system32\perfh010.dat
2009-05-08 12:27 . 2009-05-08 12:27 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-05-07 20:47 . 2009-05-07 20:47 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\4h soft
2009-05-06 18:57 . 2009-05-06 18:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\4h soft
2009-05-06 18:53 . 2009-05-06 18:50 -------- d-----w- c:\programmi\Poker Pal Pro Edition
2009-05-06 18:11 . 2008-12-08 21:46 802464 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-06 16:43 . 2009-05-06 16:43 -------- d-----w- c:\programmi\CID Engineering
2009-05-06 16:10 . 2009-01-21 16:36 -------- d-----w- c:\documents and settings\Luca\Dati applicazioni\Skype
2009-05-03 13:28 . 2009-05-03 16:57 2934272 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-04-27 18:17 . 2007-12-01 15:17 -------- d-----w- c:\programmi\Azureus
2009-04-25 10:30 . 2008-06-04 11:30 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-04-21 17:26 . 2009-03-28 16:28 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-04-15 18:56 . 2009-04-15 18:25 -------- d-----w- c:\programmi\VirtualDJ
2009-04-15 16:07 . 2009-04-15 16:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 12:10 . 2009-04-12 14:19 90112 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-04-10 12:11 . 2009-04-11 10:03 173568 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-04-07 20:32 . 2009-04-08 09:41 1776128 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-04-04 09:53 . 2009-04-04 11:14 138240 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-04-01 12:31 . 2009-04-01 19:58 67584 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-03-30 21:42 . 2009-03-31 07:33 53248 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-03-29 20:57 . 2009-03-30 06:37 351744 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-04-23 08:59 . 2008-04-23 08:59 2766 ----a-w- c:\programmi\krnkcptp.txt
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-04-24 921600]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Luca^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\eMule\\emule.exe"=
"c:\\Programmi\\Azureus\\Azureus.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\B2BPOKER\\Pokerdassi\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [17/05/2009 18:18 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [17/05/2009 18:18 27656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [04/06/2009 13:39 142592]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\20A.tmp --> c:\windows\system32\20A.tmp [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{3E8B6A21-0FB4-4BFE-969D-705008ADB693}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://news.google.it/nwshp?hl=it&tab=wn
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi a PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05}
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\windows\system32\imon.dll
DPF: {20DA7177-A7B6-48E6-9270-FDBC67B49175} - hxxps://fieldsrv.skytv.it/ecommunicatio ... urator.cab
DPF: {4FE7BF79-03CD-4CE2-9451-3788C468BC92} - hxxps://fieldsrv.skytv.it/ecommunicatio ... cation.cab
DPF: {76B341CF-A03A-4D10-88E1-71DBBB5075D5} - hxxps://fieldsrv.skytv.it/ecommunicatio ... ection.cab
DPF: {83AA6A38-E444-4E0B-9BA7-53A5DE6B7972} - hxxps://fieldsrv.skytv.it/ecommunicatio ... lendar.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxps://fieldsrv.skytv.it/ecommunicatio ... ration.cab
DPF: {AEC5658A-AC73-40F8-8910-3003105A6710} - hxxps://fieldsrv.skytv.it/ecommunicatio ... _iHelp.cab
DPF: {C684E71E-3EEE-4A9B-A3B5-60C41F8E3CC1} - hxxps://fieldsrv.skytv.it/ecommunicatio ... igator.cab
DPF: {CD9C0F1B-D8F9-4229-B76C-5EF6B14372E4} - hxxps://fieldsrv.skytv.it/ecommunicatio ... Client.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 18:01
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\20A.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2720)
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\CF28777.exe
c:\programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-12 18:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-12 16:15
ComboFix2.txt 2009-01-20 20:16

Pre-Run: 29,254,258,688 byte disponibili
Post-Run: 29,302,362,112 byte disponibili

263 --- E O F --- 2009-05-14 18:02

[Luke57]

Ciao, anche dopo l'uso di combofix?

[best5]

ah in relatà non ho provata, pensavo ci fosse un altro passaggio da fare..
ora provo e ti dico!

[best5]

fantastico funziona tutto!
grande grazie mille
per curiosità nella pratica combofix cosa fa?

[best5]

in relatà è rimasto un piccolo problema ma non so se è legato al problema degli antivirus, praticamente firefox alla prima apertura ci impiega un sacco a caricarsi tipo 2 min..
può centrare qualcosa?
il virus non è del tutto debellato?
grazie
ciaoo

[Luke57]

Ciao, firefox non è un fulmine ad avviarsi e più sono i componenti aggiuntivi più tempo ci vuole ad avviarsi.

[Cr__i]

non riesco neanche io ad accedere ai siti dei vari antivirus - ho eseguito una pulizia con windows washer, con cc cleaner e una scansione con combofix, vi copio il log di seguito perchè non mi permette di allegare il file. Grazie in anticipo



ComboFix 09-06-15.01 - Principale 15/06/2009 20.51.12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1982.1313 [GMT 2:00]
Eseguito da: c:\documents and settings\Principale\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Creati Da 2009-05-15 al 2009-06-15 )))))))))))))))))))))))))))))))))))
.

2009-06-15 03:17 . 2009-06-15 03:17 141 ----a-w- C:\fix.reg
2009-06-03 19:21 . 2009-06-03 19:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-06-03 19:09 . 2009-06-03 19:09 -------- d-----w- c:\programmi\Adobe Media Player
2009-06-03 17:43 . 2009-05-28 13:16 89600 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
2009-06-03 17:43 . 2009-05-28 13:16 89088 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.3.1.dll
2009-06-03 17:43 . 2009-06-01 20:36 3184128 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-06-03 17:43 . 2009-03-19 21:57 40960 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-06-03 17:43 . 2009-03-19 21:46 102400 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-06-03 17:43 . 2009-04-23 10:47 28672 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-06-02 08:48 . 2004-08-19 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-19 12:11 . 2009-06-03 18:32 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 18:40 . 2008-07-06 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Soulseek
2009-06-15 18:28 . 2008-02-19 12:34 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-06-15 13:59 . 2007-06-18 12:38 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\OpenOffice.org2
2009-06-15 09:57 . 2007-05-10 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2009-06-15 07:15 . 2008-12-04 12:43 179924 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-15 07:15 . 2008-12-04 12:43 15083552 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-15 07:15 . 2009-06-15 08:03 412160 ----a-w- c:\windows\Internet Logs\xDB226.tmp
2009-06-15 02:58 . 2007-07-22 19:21 27064242 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-15 02:57 . 2009-06-15 02:58 2431488 ----a-w- c:\windows\Internet Logs\xDB225.tmp
2009-06-14 11:48 . 2009-03-16 09:01 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\uTorrent
2009-06-14 07:13 . 2009-06-14 07:14 2738176 ----a-w- c:\windows\Internet Logs\xDB224.tmp
2009-06-14 07:13 . 2009-06-14 07:14 2744832 ----a-w- c:\windows\Internet Logs\xDB223.tmp
2009-06-12 22:18 . 2006-09-21 18:54 -------- d-----w- c:\programmi\Soulseek
2009-06-12 07:35 . 2009-06-12 08:53 1284608 ----a-w- c:\windows\Internet Logs\xDB222.tmp
2009-06-11 16:25 . 2009-06-11 16:26 3812352 ----a-w- c:\windows\Internet Logs\xDB221.tmp
2009-06-07 08:55 . 2009-06-07 10:48 739840 ----a-w- c:\windows\Internet Logs\xDB220.tmp
2009-06-06 17:14 . 2009-06-07 05:23 311808 ----a-w- c:\windows\Internet Logs\xDB21F.tmp
2009-06-06 14:28 . 2009-06-06 14:54 2607104 ----a-w- c:\windows\Internet Logs\xDB21E.tmp
2009-06-05 12:42 . 2009-06-05 18:01 3326976 ----a-w- c:\windows\Internet Logs\xDB21D.tmp
2009-06-04 07:32 . 2009-03-27 09:21 11036 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-03 19:55 . 2006-09-15 13:51 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-03 19:31 . 2007-01-17 21:05 -------- d-----w- c:\programmi\CCleaner
2009-06-03 19:22 . 2006-09-21 21:35 14888 ----a-w- c:\documents and settings\Principale\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-03 16:33 . 2009-06-03 17:38 2791424 ----a-w- c:\windows\Internet Logs\xDB21C.tmp
2009-06-02 08:47 . 2006-09-21 19:59 -------- d-----w- c:\programmi\eMule
2009-06-01 18:02 . 2009-06-01 23:00 1988608 ----a-w- c:\windows\Internet Logs\xDB21B.tmp
2009-05-31 21:39 . 2009-06-01 07:04 954880 ----a-w- c:\windows\Internet Logs\xDB21A.tmp
2009-05-31 06:29 . 2009-05-31 10:59 2733568 ----a-w- c:\windows\Internet Logs\xDB219.tmp
2009-05-28 23:29 . 2009-05-29 00:05 698368 ----a-w- c:\windows\Internet Logs\xDB218.tmp
2009-05-28 17:07 . 2009-05-28 17:40 1539072 ----a-w- c:\windows\Internet Logs\xDB217.tmp
2009-05-28 07:11 . 2009-05-28 08:47 2068480 ----a-w- c:\windows\Internet Logs\xDB216.tmp
2009-05-27 14:51 . 2007-05-10 19:20 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-27 08:09 . 2009-05-27 08:31 2704384 ----a-w- c:\windows\Internet Logs\xDB215.tmp
2009-05-27 08:09 . 2009-05-27 08:31 1712128 ----a-w- c:\windows\Internet Logs\xDB214.tmp
2009-05-25 23:18 . 2009-05-26 06:40 898560 ----a-w- c:\windows\Internet Logs\xDB213.tmp
2009-05-25 04:10 . 2009-05-25 06:56 646144 ----a-w- c:\windows\Internet Logs\xDB212.tmp
2009-05-24 22:43 . 2009-05-24 23:30 2647552 ----a-w- c:\windows\Internet Logs\xDB211.tmp
2009-05-24 10:19 . 2009-05-24 10:50 2397184 ----a-w- c:\windows\Internet Logs\xDB20F.tmp
2009-05-24 10:19 . 2009-05-24 10:50 2700288 ----a-w- c:\windows\Internet Logs\xDB210.tmp
2009-05-23 22:59 . 2009-05-24 04:16 2796544 ----a-w- c:\windows\Internet Logs\xDB20E.tmp
2009-05-23 01:02 . 2009-05-23 07:35 2757120 ----a-w- c:\windows\Internet Logs\xDB20D.tmp
2009-05-21 19:31 . 2009-05-21 19:40 2747904 ----a-w- c:\windows\Internet Logs\xDB20C.tmp
2009-05-20 17:33 . 2009-05-20 23:32 2931200 ----a-w- c:\windows\Internet Logs\xDB20B.tmp
2009-05-18 07:31 . 2009-05-18 10:35 1097728 ----a-w- c:\windows\Internet Logs\xDB20A.tmp
2009-05-17 23:38 . 2009-05-18 00:14 2718208 ----a-w- c:\windows\Internet Logs\xDB209.tmp
2009-05-13 17:56 . 2009-05-13 21:15 1095680 ----a-w- c:\windows\Internet Logs\xDB208.tmp
2009-05-13 08:35 . 2009-05-13 08:52 3138560 ----a-w- c:\windows\Internet Logs\xDB207.tmp
2009-05-13 04:10 . 2009-05-08 13:13 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Skype
2009-05-12 22:07 . 2009-05-08 13:27 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\skypePM
2009-05-12 16:54 . 2009-05-12 16:15 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Desktopicon
2009-05-12 16:49 . 2009-05-12 16:15 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\AccurateRip
2009-05-12 16:30 . 2006-09-22 07:41 -------- d-----w- c:\programmi\Exact Audio Copy
2009-05-12 16:15 . 2009-05-12 16:16 432128 ----a-w- c:\windows\Internet Logs\xDB206.tmp
2009-05-12 13:00 . 2009-05-12 13:21 2804224 ----a-w- c:\windows\Internet Logs\xDB205.tmp
2009-05-09 13:49 . 2009-05-10 12:11 602112 ----a-w- c:\windows\Internet Logs\xDB204.tmp
2009-05-09 11:40 . 2009-05-09 11:41 2908160 ----a-w- c:\windows\Internet Logs\xDB203.tmp
2009-05-08 13:27 . 2009-05-08 13:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-08 13:13 . 2009-05-08 13:13 -------- d-----r- c:\programmi\Skype
2009-05-08 13:13 . 2009-05-08 13:13 -------- d-----w- c:\programmi\File comuni\Skype
2009-05-08 13:13 . 2009-05-08 09:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-05-07 03:56 . 2009-05-07 07:38 1116160 ----a-w- c:\windows\Internet Logs\xDB202.tmp
2009-05-04 22:13 . 2009-05-05 10:08 2660864 ----a-w- c:\windows\Internet Logs\xDB201.tmp
2009-05-04 22:13 . 2009-05-05 10:08 2630656 ----a-w- c:\windows\Internet Logs\xDB200.tmp
2009-05-04 12:52 . 2009-05-04 12:58 2652672 ----a-w- c:\windows\Internet Logs\xDB1FF.tmp
2009-05-03 10:06 . 2009-05-03 11:29 1387008 ----a-w- c:\windows\Internet Logs\xDB1FD.tmp
2009-05-03 10:06 . 2009-05-03 11:29 2658816 ----a-w- c:\windows\Internet Logs\xDB1FE.tmp
2009-05-02 22:58 . 2009-05-03 03:22 2821120 ----a-w- c:\windows\Internet Logs\xDB1FC.tmp
2009-04-30 16:34 . 2009-05-01 06:58 498688 ----a-w- c:\windows\Internet Logs\xDB1FB.tmp
2009-04-30 14:20 . 2009-04-30 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-04-30 06:58 . 2009-04-30 06:58 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-04-29 16:55 . 2009-04-29 17:09 259584 ----a-w- c:\windows\Internet Logs\xDB1FA.tmp
2009-04-28 16:59 . 2009-04-28 18:19 592896 ----a-w- c:\windows\Internet Logs\xDB1F9.tmp
2009-04-27 20:56 . 2009-04-27 20:59 35840 ----a-w- c:\windows\Internet Logs\xDB1F8.tmp
2009-04-27 20:31 . 2009-04-27 20:38 2826240 ----a-w- c:\windows\Internet Logs\xDB1F6.tmp
2009-04-27 20:31 . 2009-04-27 20:38 2651648 ----a-w- c:\windows\Internet Logs\xDB1F7.tmp
2009-04-27 05:17 . 2008-12-09 23:37 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\FireShot
2009-04-26 23:52 . 2009-04-27 01:52 1770496 ----a-w- c:\windows\Internet Logs\xDB1F5.tmp
2009-04-26 06:38 . 2009-04-26 09:56 1802240 ----a-w- c:\windows\Internet Logs\xDB1F4.tmp
2009-04-25 20:23 . 2009-04-25 20:29 401920 ----a-w- c:\windows\Internet Logs\xDB1F3.tmp
2009-04-24 16:38 . 2009-04-24 16:40 2927104 ----a-w- c:\windows\Internet Logs\xDB1F2.tmp
2009-04-23 16:37 . 2009-04-23 18:16 251904 ----a-w- c:\windows\Internet Logs\xDB1F1.tmp
2009-04-23 00:19 . 2009-04-23 08:19 1175040 ----a-w- c:\windows\Internet Logs\xDB1F0.tmp
2009-04-22 00:03 . 2009-04-22 09:09 730624 ----a-w- c:\windows\Internet Logs\xDB1EF.tmp
2009-04-21 16:30 . 2009-04-21 17:53 2744320 ----a-w- c:\windows\Internet Logs\xDB1EE.tmp
2009-04-21 00:32 . 2009-04-21 06:34 224256 ----a-w- c:\windows\Internet Logs\xDB1ED.tmp
2009-04-20 18:07 . 2009-04-20 18:46 823296 ----a-w- c:\windows\Internet Logs\xDB1EC.tmp
2009-04-19 20:57 . 2009-04-19 20:58 2638848 ----a-w- c:\windows\Internet Logs\xDB1EB.tmp
2009-04-19 20:57 . 2009-04-19 20:58 3328000 ----a-w- c:\windows\Internet Logs\xDB1EA.tmp
2009-04-17 16:30 . 2009-04-18 10:27 393216 ----a-w- c:\windows\Internet Logs\xDB1E8.tmp
2009-04-17 16:30 . 2009-04-18 10:27 2637312 ----a-w- c:\windows\Internet Logs\xDB1E9.tmp
2009-04-16 11:06 . 2009-04-16 11:53 1580544 ----a-w- c:\windows\Internet Logs\xDB1E7.tmp
2009-04-15 21:20 . 2009-04-15 21:21 141312 ----a-w- c:\windows\Internet Logs\xDB1E6.tmp
2009-04-15 16:57 . 2009-04-15 17:34 316928 ----a-w- c:\windows\Internet Logs\xDB1E5.tmp
2009-04-15 00:10 . 2009-04-15 07:11 498688 ----a-w- c:\windows\Internet Logs\xDB1E4.tmp
2009-04-14 02:20 . 2009-04-14 06:24 1710592 ----a-w- c:\windows\Internet Logs\xDB1E3.tmp
2009-04-09 11:47 . 2009-04-09 11:47 89088 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Desktopicon\eBayShortcuts.exe
2009-04-09 07:03 . 2009-04-09 08:22 2636800 ----a-w- c:\windows\Internet Logs\xDB1E1.tmp
2009-04-09 07:03 . 2009-04-09 08:22 2629632 ----a-w- c:\windows\Internet Logs\xDB1E2.tmp
2009-04-07 23:57 . 2009-04-08 05:54 2931200 ----a-w- c:\windows\Internet Logs\xDB1E0.tmp
2009-04-07 00:08 . 2009-04-07 07:28 2183168 ----a-w- c:\windows\Internet Logs\xDB1DF.tmp
2007-04-16 15:54 . 2004-08-19 12:00 3178496 --sha-r- c:\windows\system32\nqoqgd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Window Washer"="c:\programmi\Webroot\Washer\wwDisp.exe" [2005-03-08 910336]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Disk Monitor"="c:\programmi\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe" [2003-12-31 439808]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-11-01 163840]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"AdslTaskBar"="stmctrl.dll" - c:\windows\system32\stmctrl.dll [2003-01-22 151552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2006-9-13 995328]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2006-9-15 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Soulseek\\slsk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12028:TCP"= 12028:TCP:BitComet 12028 TCP
"12028:UDP"= 12028:UDP:BitComet 12028 UDP
"2093:TCP"= 2093:TCP:ssmnz

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [13/09/2006 17.51.22 11264]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [10/05/2008 18.44.42 120320]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [21/09/2006 20.23.51 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [21/09/2006 20.23.51 527980]
S2 ybbrknh;Monitor Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [13/09/2006 18.09.15 175872]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [13/09/2006 18.09.14 13532]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ybbrknh
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-15 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
TCP: {47E025EE-23F8-410C-8C6E-124DA11E15A5} = 85.37.17.4 85.38.28.70
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 20:56
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ybbrknh]
"ServiceDll"="c:\windows\system32\nqoqgd.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Ora fine scansione: 2009-06-15 20.59.08
ComboFix-quarantined-files.txt 2009-06-15 18:59
ComboFix2.txt 2009-06-15 03:03

Pre-Run: 42.349.641.728 byte disponibili
Post-Run: 42.316.697.600 byte disponibili

Current=2 Default=2 Failed=8 LastKnownGood=3 Sets=1,2,3,5,6,7,8
229

[Luke57]

Ciao, adesso apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Codice: Seleziona tutto

 NetSvcs::
ybbrknh

Driver::
ybbrknh

File::
c:\windows\system32\nqoqgd.dll

salva il file sul desktop (dove hai messo combofix) chimandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[Cr__i]

gentilissimo, grazie.
ti allego il risultato dello scan ma ho già provato ad aprire il sito di kasperski e non ho avuto problemi

ComboFix 09-06-15.01 - Principale 16/06/2009 19.50.02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1982.1543 [GMT 2:00]
Eseguito da: c:\documents and settings\Principale\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Principale\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\nqoqgd.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nqoqgd.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YBBRKNH
-------\Service_ybbrknh


((((((((((((((((((((((((( Files Creati Da 2009-05-16 al 2009-06-16 )))))))))))))))))))))))))))))))))))
.

2009-06-16 11:40 . 2009-06-16 11:40 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Malwarebytes
2009-06-16 11:40 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 11:40 . 2009-06-16 11:40 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-16 11:40 . 2009-06-16 11:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-16 11:40 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 19:17 . 2009-06-15 19:17 -------- d-----w- c:\programmi\Trend Micro
2009-06-15 03:17 . 2009-06-15 03:17 141 ----a-w- C:\fix.reg
2009-06-03 19:21 . 2009-06-03 19:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-06-03 19:09 . 2009-06-03 19:09 -------- d-----w- c:\programmi\Adobe Media Player
2009-06-03 17:43 . 2009-05-28 13:16 89600 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
2009-06-03 17:43 . 2009-05-28 13:16 89088 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.3.1.dll
2009-06-03 17:43 . 2009-06-01 20:36 3184128 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-06-03 17:43 . 2009-03-19 21:57 40960 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-06-03 17:43 . 2009-03-19 21:46 102400 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-06-03 17:43 . 2009-04-23 10:47 28672 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Mozilla\Firefox\Profiles\e7qtzkeb.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-06-02 08:48 . 2004-08-19 12:00 25600 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-19 12:11 . 2009-06-03 18:32 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 17:47 . 2008-07-06 13:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Soulseek
2009-06-16 16:33 . 2008-02-19 12:34 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-06-16 16:32 . 2007-06-18 12:38 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\OpenOffice.org2
2009-06-16 12:43 . 2008-12-04 12:43 180068 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-16 12:43 . 2008-12-04 12:43 15095840 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-16 11:35 . 2007-05-10 19:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2009-06-16 06:46 . 2007-07-22 19:21 27642369 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-15 07:15 . 2009-06-15 08:03 412160 ----a-w- c:\windows\Internet Logs\xDB226.tmp
2009-06-15 02:57 . 2009-06-15 02:58 2431488 ----a-w- c:\windows\Internet Logs\xDB225.tmp
2009-06-14 11:48 . 2009-03-16 09:01 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\uTorrent
2009-06-14 07:13 . 2009-06-14 07:14 2738176 ----a-w- c:\windows\Internet Logs\xDB224.tmp
2009-06-14 07:13 . 2009-06-14 07:14 2744832 ----a-w- c:\windows\Internet Logs\xDB223.tmp
2009-06-12 22:18 . 2006-09-21 18:54 -------- d-----w- c:\programmi\Soulseek
2009-06-12 07:35 . 2009-06-12 08:53 1284608 ----a-w- c:\windows\Internet Logs\xDB222.tmp
2009-06-11 16:25 . 2009-06-11 16:26 3812352 ----a-w- c:\windows\Internet Logs\xDB221.tmp
2009-06-07 08:55 . 2009-06-07 10:48 739840 ----a-w- c:\windows\Internet Logs\xDB220.tmp
2009-06-06 17:14 . 2009-06-07 05:23 311808 ----a-w- c:\windows\Internet Logs\xDB21F.tmp
2009-06-06 14:28 . 2009-06-06 14:54 2607104 ----a-w- c:\windows\Internet Logs\xDB21E.tmp
2009-06-05 12:42 . 2009-06-05 18:01 3326976 ----a-w- c:\windows\Internet Logs\xDB21D.tmp
2009-06-04 07:32 . 2009-03-27 09:21 11036 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-03 19:55 . 2006-09-15 13:51 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-03 19:31 . 2007-01-17 21:05 -------- d-----w- c:\programmi\CCleaner
2009-06-03 19:22 . 2006-09-21 21:35 14888 ----a-w- c:\documents and settings\Principale\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-03 16:33 . 2009-06-03 17:38 2791424 ----a-w- c:\windows\Internet Logs\xDB21C.tmp
2009-06-02 08:47 . 2006-09-21 19:59 -------- d-----w- c:\programmi\eMule
2009-06-01 18:02 . 2009-06-01 23:00 1988608 ----a-w- c:\windows\Internet Logs\xDB21B.tmp
2009-05-31 21:39 . 2009-06-01 07:04 954880 ----a-w- c:\windows\Internet Logs\xDB21A.tmp
2009-05-31 06:29 . 2009-05-31 10:59 2733568 ----a-w- c:\windows\Internet Logs\xDB219.tmp
2009-05-28 23:29 . 2009-05-29 00:05 698368 ----a-w- c:\windows\Internet Logs\xDB218.tmp
2009-05-28 17:07 . 2009-05-28 17:40 1539072 ----a-w- c:\windows\Internet Logs\xDB217.tmp
2009-05-28 07:11 . 2009-05-28 08:47 2068480 ----a-w- c:\windows\Internet Logs\xDB216.tmp
2009-05-27 14:51 . 2007-05-10 19:20 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-27 08:09 . 2009-05-27 08:31 2704384 ----a-w- c:\windows\Internet Logs\xDB215.tmp
2009-05-27 08:09 . 2009-05-27 08:31 1712128 ----a-w- c:\windows\Internet Logs\xDB214.tmp
2009-05-25 23:18 . 2009-05-26 06:40 898560 ----a-w- c:\windows\Internet Logs\xDB213.tmp
2009-05-25 04:10 . 2009-05-25 06:56 646144 ----a-w- c:\windows\Internet Logs\xDB212.tmp
2009-05-24 22:43 . 2009-05-24 23:30 2647552 ----a-w- c:\windows\Internet Logs\xDB211.tmp
2009-05-24 10:19 . 2009-05-24 10:50 2397184 ----a-w- c:\windows\Internet Logs\xDB20F.tmp
2009-05-24 10:19 . 2009-05-24 10:50 2700288 ----a-w- c:\windows\Internet Logs\xDB210.tmp
2009-05-23 22:59 . 2009-05-24 04:16 2796544 ----a-w- c:\windows\Internet Logs\xDB20E.tmp
2009-05-23 01:02 . 2009-05-23 07:35 2757120 ----a-w- c:\windows\Internet Logs\xDB20D.tmp
2009-05-21 19:31 . 2009-05-21 19:40 2747904 ----a-w- c:\windows\Internet Logs\xDB20C.tmp
2009-05-20 17:33 . 2009-05-20 23:32 2931200 ----a-w- c:\windows\Internet Logs\xDB20B.tmp
2009-05-18 07:31 . 2009-05-18 10:35 1097728 ----a-w- c:\windows\Internet Logs\xDB20A.tmp
2009-05-17 23:38 . 2009-05-18 00:14 2718208 ----a-w- c:\windows\Internet Logs\xDB209.tmp
2009-05-13 17:56 . 2009-05-13 21:15 1095680 ----a-w- c:\windows\Internet Logs\xDB208.tmp
2009-05-13 08:35 . 2009-05-13 08:52 3138560 ----a-w- c:\windows\Internet Logs\xDB207.tmp
2009-05-13 04:10 . 2009-05-08 13:13 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Skype
2009-05-12 22:07 . 2009-05-08 13:27 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\skypePM
2009-05-12 16:54 . 2009-05-12 16:15 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Desktopicon
2009-05-12 16:49 . 2009-05-12 16:15 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\AccurateRip
2009-05-12 16:30 . 2006-09-22 07:41 -------- d-----w- c:\programmi\Exact Audio Copy
2009-05-12 16:15 . 2009-05-12 16:16 432128 ----a-w- c:\windows\Internet Logs\xDB206.tmp
2009-05-12 13:00 . 2009-05-12 13:21 2804224 ----a-w- c:\windows\Internet Logs\xDB205.tmp
2009-05-09 13:49 . 2009-05-10 12:11 602112 ----a-w- c:\windows\Internet Logs\xDB204.tmp
2009-05-09 11:40 . 2009-05-09 11:41 2908160 ----a-w- c:\windows\Internet Logs\xDB203.tmp
2009-05-08 13:27 . 2009-05-08 13:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-08 13:13 . 2009-05-08 13:13 -------- d-----r- c:\programmi\Skype
2009-05-08 13:13 . 2009-05-08 13:13 -------- d-----w- c:\programmi\File comuni\Skype
2009-05-08 13:13 . 2009-05-08 09:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-05-07 03:56 . 2009-05-07 07:38 1116160 ----a-w- c:\windows\Internet Logs\xDB202.tmp
2009-05-04 22:13 . 2009-05-05 10:08 2660864 ----a-w- c:\windows\Internet Logs\xDB201.tmp
2009-05-04 22:13 . 2009-05-05 10:08 2630656 ----a-w- c:\windows\Internet Logs\xDB200.tmp
2009-05-04 12:52 . 2009-05-04 12:58 2652672 ----a-w- c:\windows\Internet Logs\xDB1FF.tmp
2009-05-03 10:06 . 2009-05-03 11:29 1387008 ----a-w- c:\windows\Internet Logs\xDB1FD.tmp
2009-05-03 10:06 . 2009-05-03 11:29 2658816 ----a-w- c:\windows\Internet Logs\xDB1FE.tmp
2009-05-02 22:58 . 2009-05-03 03:22 2821120 ----a-w- c:\windows\Internet Logs\xDB1FC.tmp
2009-04-30 16:34 . 2009-05-01 06:58 498688 ----a-w- c:\windows\Internet Logs\xDB1FB.tmp
2009-04-30 14:20 . 2009-04-30 08:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-04-30 06:58 . 2009-04-30 06:58 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-04-29 16:55 . 2009-04-29 17:09 259584 ----a-w- c:\windows\Internet Logs\xDB1FA.tmp
2009-04-28 16:59 . 2009-04-28 18:19 592896 ----a-w- c:\windows\Internet Logs\xDB1F9.tmp
2009-04-27 20:56 . 2009-04-27 20:59 35840 ----a-w- c:\windows\Internet Logs\xDB1F8.tmp
2009-04-27 20:31 . 2009-04-27 20:38 2826240 ----a-w- c:\windows\Internet Logs\xDB1F6.tmp
2009-04-27 20:31 . 2009-04-27 20:38 2651648 ----a-w- c:\windows\Internet Logs\xDB1F7.tmp
2009-04-27 05:17 . 2008-12-09 23:37 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\FireShot
2009-04-26 23:52 . 2009-04-27 01:52 1770496 ----a-w- c:\windows\Internet Logs\xDB1F5.tmp
2009-04-26 06:38 . 2009-04-26 09:56 1802240 ----a-w- c:\windows\Internet Logs\xDB1F4.tmp
2009-04-25 20:23 . 2009-04-25 20:29 401920 ----a-w- c:\windows\Internet Logs\xDB1F3.tmp
2009-04-24 16:38 . 2009-04-24 16:40 2927104 ----a-w- c:\windows\Internet Logs\xDB1F2.tmp
2009-04-23 16:37 . 2009-04-23 18:16 251904 ----a-w- c:\windows\Internet Logs\xDB1F1.tmp
2009-04-23 00:19 . 2009-04-23 08:19 1175040 ----a-w- c:\windows\Internet Logs\xDB1F0.tmp
2009-04-22 00:03 . 2009-04-22 09:09 730624 ----a-w- c:\windows\Internet Logs\xDB1EF.tmp
2009-04-21 16:30 . 2009-04-21 17:53 2744320 ----a-w- c:\windows\Internet Logs\xDB1EE.tmp
2009-04-21 00:32 . 2009-04-21 06:34 224256 ----a-w- c:\windows\Internet Logs\xDB1ED.tmp
2009-04-20 18:07 . 2009-04-20 18:46 823296 ----a-w- c:\windows\Internet Logs\xDB1EC.tmp
2009-04-19 20:57 . 2009-04-19 20:58 2638848 ----a-w- c:\windows\Internet Logs\xDB1EB.tmp
2009-04-19 20:57 . 2009-04-19 20:58 3328000 ----a-w- c:\windows\Internet Logs\xDB1EA.tmp
2009-04-17 16:30 . 2009-04-18 10:27 393216 ----a-w- c:\windows\Internet Logs\xDB1E8.tmp
2009-04-17 16:30 . 2009-04-18 10:27 2637312 ----a-w- c:\windows\Internet Logs\xDB1E9.tmp
2009-04-16 11:06 . 2009-04-16 11:53 1580544 ----a-w- c:\windows\Internet Logs\xDB1E7.tmp
2009-04-15 21:20 . 2009-04-15 21:21 141312 ----a-w- c:\windows\Internet Logs\xDB1E6.tmp
2009-04-15 16:57 . 2009-04-15 17:34 316928 ----a-w- c:\windows\Internet Logs\xDB1E5.tmp
2009-04-15 00:10 . 2009-04-15 07:11 498688 ----a-w- c:\windows\Internet Logs\xDB1E4.tmp
2009-04-14 02:20 . 2009-04-14 06:24 1710592 ----a-w- c:\windows\Internet Logs\xDB1E3.tmp
2009-04-09 11:47 . 2009-04-09 11:47 89088 ----a-w- c:\documents and settings\Principale\Dati applicazioni\Desktopicon\eBayShortcuts.exe
2009-04-09 07:03 . 2009-04-09 08:22 2636800 ----a-w- c:\windows\Internet Logs\xDB1E1.tmp
2009-04-09 07:03 . 2009-04-09 08:22 2629632 ----a-w- c:\windows\Internet Logs\xDB1E2.tmp
2009-04-07 23:57 . 2009-04-08 05:54 2931200 ----a-w- c:\windows\Internet Logs\xDB1E0.tmp
2009-04-07 00:08 . 2009-04-07 07:28 2183168 ----a-w- c:\windows\Internet Logs\xDB1DF.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Window Washer"="c:\programmi\Webroot\Washer\wwDisp.exe" [2005-03-08 910336]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Disk Monitor"="c:\programmi\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe" [2003-12-31 439808]
"avgnt"="c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"RemoteControl8"="c:\programmi\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\programmi\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-11-01 163840]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.2.lnk - c:\programmi\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2006-9-13 995328]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2006-9-15 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Soulseek\\slsk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12028:TCP"= 12028:TCP:BitComet 12028 TCP
"12028:UDP"= 12028:UDP:BitComet 12028 UDP
"2093:TCP"= 2093:TCP:ssmnz

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [13/09/2006 17.51.22 11264]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [10/05/2008 18.44.42 120320]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [21/09/2006 20.23.51 59338]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [21/09/2006 20.23.51 527980]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [13/09/2006 18.09.15 175872]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [13/09/2006 18.09.14 13532]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-06-16 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
TCP: {47E025EE-23F8-410C-8C6E-124DA11E15A5} = 85.37.17.4 85.38.28.70
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1409082233-926492609-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\programmi\Lavasoft\Ad-Aware\aawservice.exe
c:\programmi\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\OpenOffice.org 2.2\program\soffice.exe
c:\programmi\OpenOffice.org 2.2\program\soffice.bin
c:\programmi\Mozilla Thunderbird\thunderbird.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-16 20.13.06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-16 18:13
ComboFix2.txt 2009-06-15 18:59
ComboFix3.txt 2009-06-15 03:03

Pre-Run: 41.643.155.456 byte disponibili
Post-Run: 41.610.842.112 byte disponibili

Current=2 Default=2 Failed=8 LastKnownGood=3 Sets=1,2,3,5,6,7,8
258

[utalni]

salve....nuova iscritta e vecchio problema!
questo è il log del programma ComboFix :

ComboFix 09-06-15.07 - eithel 16/06/2009 21.10.49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.383.90 [GMT 2:00]
Eseguito da: c:\documents and settings\eithel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\eithel\Impostazioni locali\Dati applicazioni\yaksiuw.exe
c:\documents and settings\eithel\Impostazioni locali\Dati applicazioni\yaksiuw_nav.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-05-16 al 2009-06-16 )))))))))))))))))))))))))))))))))))
.

2009-06-07 00:49 . 2009-06-07 00:59 -------- d-----w- c:\documents and settings\eithel\Dati applicazioni\vlc
2009-06-07 00:14 . 2009-06-07 00:45 -------- d-----w- c:\programmi\URUSoft
2009-06-07 00:12 . 2009-06-07 00:12 -------- d-----w- c:\documents and settings\eithel\Dati applicazioni\CyberLink
2009-05-31 17:15 . 2009-05-31 19:56 -------- d-----w- c:\programmi\PhotoFiltre
2009-05-19 11:00 . 2009-05-11 10:32 3288344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\setup.exe
2009-05-19 11:00 . 2009-05-11 10:32 2302232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avguiadv.dll
2009-05-19 11:00 . 2009-05-11 10:32 2051864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-05-19 11:00 . 2009-05-11 10:32 3399960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgui.exe
2009-05-19 11:00 . 2009-05-11 10:32 424472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgwdwsc.dll
2009-05-19 11:00 . 2009-05-11 10:32 312088 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avglngx.dll
2009-05-19 11:00 . 2009-05-11 10:32 177432 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgmail.dll
2009-05-19 10:59 . 2009-05-11 10:30 755992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avginet.dll
2009-05-19 10:59 . 2009-05-11 10:30 1437464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 19:09 . 2009-01-15 21:02 -------- d-----w- c:\documents and settings\eithel\Dati applicazioni\DNA
2009-06-16 10:18 . 2009-01-15 21:02 -------- d-----w- c:\programmi\DNA
2009-06-13 00:10 . 2009-01-19 15:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-09 10:59 . 2009-01-14 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Soulseek
2009-06-06 11:29 . 2009-01-20 22:28 1 ----a-w- c:\documents and settings\eithel\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-04 12:30 . 2009-01-14 19:39 19576 ----a-w- c:\documents and settings\eithel\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-12 15:29 . 2001-08-31 11:00 69988 ----a-w- c:\windows\system32\perfc010.dat
2009-05-12 15:29 . 2001-08-31 11:00 437882 ----a-w- c:\windows\system32\perfh010.dat
2009-05-09 18:30 . 2009-01-15 21:12 -------- d-----w- c:\documents and settings\eithel\Dati applicazioni\BitTorrent
2009-04-30 14:39 . 2009-01-30 20:50 -------- d-----w- c:\documents and settings\eithel\Dati applicazioni\dvdcss
2009-04-24 20:02 . 2009-01-14 22:49 683801 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Last.fm\Client\UninstWMP\unins000.exe
2009-04-18 00:17 . 2009-01-14 22:47 -------- d-----w- c:\programmi\Last.fm
2009-04-03 15:28 . 2009-04-03 15:28 152576 ----a-w- c:\documents and settings\eithel\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-01 23:34 . 2009-04-01 23:34 299008 ----a-w- c:\documents and settings\eithel\Impostazioni locali\Dati applicazioni\gcywoey.exe
2009-03-30 12:20 . 2009-03-30 12:20 45 ---h--w- c:\windows\dsez8088.dat
2009-03-21 14:06 . 2007-01-03 10:49 171096 --sha-r- c:\windows\system32\hllskbn.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\programmi\DNA\btdna.exe" [2009-01-15 342848]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programmi\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Philips Wireless USB Adapter 11g.lnk - c:\programmi\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe [2006-1-5 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\SoulseekNS\\slsk.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47436:TCP"= 47436:TCP:tt
"6094:TCP"= 6094:TCP:bfhca

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/01/2009 22.15.49 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14/01/2009 22.15.43 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14/01/2009 22.15.42 298776]
R3 CPWUA6D;Philips USB Wireless Network Adapter Service;c:\windows\system32\drivers\CPWUA6D1.sys [16/01/2009 23.44.30 360288]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [21/04/2004 18.51.00 16384]
S2 hlutrxmts;Network Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 15.39.46 14336]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [06/02/2009 14.40.16 356920]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hlutrxmts
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-igyissy - c:\documents and settings\eithel\impostazioni locali\dati applicazioni\igyissy.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlutrxmts]
"ServiceDll"="c:\windows\system32\hllskbn.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\avgrsstx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\avgrsstx.dll
.
Ora fine scansione: 2009-06-16 21.16.43
ComboFix-quarantined-files.txt 2009-06-16 19:16

Pre-Run: 24.336.478.208 byte disponibili
Post-Run: 24.893.607.936 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

143 --- E O F --- 2009-05-14 01:10



grazie in anticipo dell'aiuto...

[Luke57]

Ciao, adesso apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Codice: Seleziona tutto

NetSvcs::
hlutrxmts

Driver::
hlutrxmts

File::
c:\windows\system32\hllskbn.dll
c:\windows\dsez8088.dat

salva il file sul desktop (dove hai messo combofix) chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[gianni-56]

Ciao Luke, puoi darmi una mano? non riesco a collegarmi nemmeno io ai siti di aggiornamento degli antivirus ed al sito microsoft, ho fatto una scansione sia con suspectfile quanto con combofix, quale ti devo postare?
grazie
gianni

[gianni-56]

comunque ti posto il risultato di combofix, incollato qui di seguito...

ComboFix 09-06-22.0E - user 25/06/2009 5.21.51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1584 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\SCARICATI\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Creati Da 2009-05-25 al 2009-06-25 )))))))))))))))))))))))))))))))))))
.

2009-06-25 03:16 . 2009-06-25 03:16 -------- d-----w- c:\programmi\JRE
2009-06-23 23:34 . 2009-06-23 23:34 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 09:14 . 2009-06-23 09:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-23 09:09 . 2009-06-23 09:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-23 09:09 . 2009-06-23 09:07 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-23 09:09 . 2009-06-23 09:09 314200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-23 09:09 . 2009-06-23 09:09 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-23 09:09 . 2009-06-23 09:09 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-23 09:09 . 2009-06-23 09:09 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-23 09:09 . 2009-06-23 09:09 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-23 09:09 . 2009-06-23 09:09 296800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-23 09:09 . 2009-06-23 09:09 83808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-23 09:08 . 2009-06-23 09:08 1630048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-23 09:07 . 2009-06-23 09:07 212848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-23 09:07 . 2009-06-23 09:07 40288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-23 09:07 . 2009-06-23 09:07 64160 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-23 09:07 . 2009-06-23 09:07 72704 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-23 09:07 . 2009-06-23 09:07 640360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-23 09:07 . 2009-06-23 09:07 561016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-23 09:07 . 2009-06-23 09:07 565096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-23 09:07 . 2009-06-23 09:07 2349384 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-23 09:06 . 2009-06-23 09:06 627536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-23 09:06 . 2009-06-23 09:06 518488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-23 09:06 . 2009-06-23 09:06 1003344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-23 08:57 . 2008-04-14 08:43 39936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_DIX0RE.DLL
2009-06-23 08:49 . 2009-06-23 08:49 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-23 08:49 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-23 08:49 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-06-23 08:49 . 2009-06-23 08:49 -------- d-----w- c:\programmi\Lavasoft
2009-06-22 22:29 . 2009-06-22 22:33 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-22 22:29 . 2009-06-22 22:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-22 22:15 . 2009-06-24 15:30 -------- d-----w- c:\programmi\spybot
2009-06-21 11:17 . 2009-06-21 11:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 11:16 . 2009-06-21 11:16 152576 ----a-w- c:\documents and settings\user\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-17 08:30 . 2009-06-17 08:30 76040 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 08:30 . 2009-06-17 08:30 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-17 08:30 . 2009-06-17 08:30 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 08:30 . 2009-06-17 08:30 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 08:30 . 2009-06-17 08:30 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-17 08:30 . 2009-06-17 08:30 -------- d-----w- c:\programmi\AVG
2009-06-17 08:17 . 2009-06-17 08:17 -------- d-----w- c:\windows\Sun
2009-06-17 07:52 . 2009-06-17 07:52 -------- d-----w- C:\WebCam
2009-06-17 07:52 . 2005-04-13 23:00 138112 ----a-w- c:\windows\system32\drivers\V0090Vid.sys
2009-06-17 07:52 . 2005-03-30 23:06 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2009-06-17 07:52 . 2004-11-15 23:05 36864 ----a-w- c:\windows\system32\CtRegApp.dll
2009-06-17 07:52 . 2004-10-22 00:15 86016 ----a-w- c:\windows\CtDrvIns.exe
2009-06-17 07:52 . 2004-10-18 23:01 49152 ----a-w- c:\windows\system32\V0090Hwx.dll
2009-06-17 07:52 . 2004-10-17 23:01 36864 ----a-w- c:\windows\system32\V0090Pin.dll
2009-06-17 07:52 . 2004-10-17 23:01 20480 ----a-w- c:\windows\V0090Cfg.exe
2009-06-17 07:52 . 2004-10-17 23:01 126976 ----a-w- c:\windows\system32\V0090Vfw.dll
2009-06-17 07:52 . 2004-07-11 23:00 10240 ----a-w- c:\windows\system32\V0090Sti.dll
2009-06-17 07:52 . 2004-07-07 23:00 20480 ----a-w- c:\windows\system32\V0090Srv.exe
2009-06-16 17:45 . 2009-06-16 17:45 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-06-16 17:10 . 2009-06-16 17:10 -------- d-s---w- c:\documents and settings\user\UserData
2009-06-16 15:33 . 2009-06-16 15:33 -------- d-----w- c:\programmi\3
2009-06-16 15:07 . 2009-06-23 23:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\windows\Downloaded Installations
2009-06-15 08:45 . 2009-06-15 08:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Acer Arcade
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\CyberLink
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Acer
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-06-15 08:44 . 2009-06-15 22:31 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-14 17:43 . 2009-06-14 17:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-06-14 17:42 . 2009-06-14 17:42 -------- d-----w- c:\programmi\Epson Software
2009-06-14 17:40 . 2009-06-15 08:44 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-06-14 17:38 . 2009-06-15 08:39 -------- d-----w- c:\programmi\epson
2009-06-14 17:27 . 2008-04-14 08:42 53248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_S9E0D7.DLL
2009-06-14 17:27 . 2007-12-17 03:00 143872 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2009-06-14 17:27 . 2007-01-11 03:02 113664 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2009-06-14 17:27 . 2008-04-14 08:42 211968 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_DI0EEE.DLL
2009-06-14 17:27 . 2009-06-15 08:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-06-14 17:27 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-06-14 17:27 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBEDE.DLL
2009-06-14 17:27 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEDE.DLL
2009-06-14 08:14 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-14 08:14 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-14 08:11 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-14 08:11 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-13 22:06 . 2009-06-13 22:06 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\PowerCinema
2009-06-13 21:32 . 2004-02-19 12:12 299776 ----a-w- c:\windows\system32\drivers\snpstd.sys
2009-06-13 21:32 . 2004-01-28 14:59 36864 ----a-w- c:\windows\system32\vsnpstd.dll
2009-06-13 21:32 . 2003-12-31 14:39 40960 ----a-w- c:\windows\vsnpstd.exe
2009-06-13 21:32 . 2003-04-21 11:09 245408 ----a-w- c:\windows\Unicows.dll
2009-06-13 21:32 . 2009-06-13 21:32 -------- d-----w- c:\windows\Options
2009-06-13 21:32 . 2003-12-10 11:17 57344 ----a-w- c:\windows\system32\csnpstd.dll
2009-06-13 21:32 . 2003-10-22 06:40 53248 ----a-w- c:\windows\system32\dsnpstd.dll
2009-06-13 21:32 . 2003-06-03 11:35 40960 ----a-w- c:\windows\CleanDev.exe
2009-06-11 23:30 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google
2009-06-11 23:30 . 2009-01-19 03:48 43008 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-11 23:30 . 2009-01-19 03:48 43008 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-11 23:30 . 2009-01-19 03:48 245248 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-11 23:30 . 2009-01-19 03:48 243200 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-11 23:30 . 2009-01-19 03:48 239616 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-11 23:30 . 2009-01-19 03:48 233984 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-11 10:17 . 2009-06-11 10:17 258048 ----a-w- c:\windows\system32\config\systemprofile\NTUSER(2).DAT
2009-06-11 10:09 . 2009-06-11 10:09 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-11 10:08 . 2009-06-11 10:08 0 ----a-w- c:\windows\nsreg.dat
2009-06-11 10:07 . 2009-06-11 10:07 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-11 10:02 . 2009-06-23 08:17 17840 ----a-w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-11 09:58 . 2009-06-11 09:59 -------- d-----w- c:\programmi\Google
2009-06-11 09:57 . 2009-06-11 09:58 1886320 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-06-11 09:57 . 2009-06-11 09:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-06-11 09:57 . 2009-06-11 09:57 -------- d-----w- c:\programmi\NOS
2009-06-11 08:56 . 2009-06-11 10:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2009-06-11 08:40 . 2009-06-24 15:31 1 ----a-w- c:\documents and settings\user\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 08:40 . 2009-06-11 08:40 -------- d-----w- c:\documents and settings\user\Dati applicazioni\OpenOffice.org
2009-06-11 08:16 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-11 08:16 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-11 08:16 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-11 08:05 . 2009-06-11 08:20 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-06-11 08:05 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-11 08:05 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-11 07:50 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-11 07:37 . 2008-07-09 07:42 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-11 07:37 . 2009-06-11 08:24 -------- d--h--w- c:\windows\$hf_mig$
2009-06-11 07:26 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-11 07:25 . 2005-05-23 06:29 137884 ----a-r- c:\windows\system32\drivers\sscdmdm.sys
2009-06-11 07:25 . 2005-05-23 06:29 11877 ----a-r- c:\windows\system32\drivers\sscdcmnt.sys
2009-06-11 07:25 . 2005-05-23 06:29 11877 ----a-r- c:\windows\system32\drivers\sscdcm.sys
2009-06-11 07:25 . 2005-05-23 06:29 10864 ----a-r- c:\windows\system32\drivers\sscdmdfl.sys
2009-06-11 07:23 . 2005-05-23 06:29 80272 ----a-r- c:\windows\system32\drivers\sscdbus.sys
2009-06-11 07:23 . 2005-05-23 06:29 11188 ----a-r- c:\windows\system32\drivers\sscdwhnt.sys
2009-06-11 07:23 . 2005-05-23 06:29 11188 ----a-r- c:\windows\system32\drivers\sscdwh.sys
2009-06-11 07:11 . 2009-06-11 07:11 -------- d-----w- c:\windows\IIS Temporary Compressed Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 11:09 . 2001-08-31 15:00 72956 ----a-w- c:\windows\system32\perfc010.dat
2009-06-21 11:09 . 2001-08-31 15:00 417892 ----a-w- c:\windows\system32\perfh010.dat
2009-06-09 13:28 . 2009-06-09 13:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-09 13:03 . 2009-06-09 13:03 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-09 13:01 . 2009-06-09 13:01 -------- d-----w- c:\programmi\Servizi in linea
2009-06-09 12:59 . 2009-06-09 12:59 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2008-04-13 17:13 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:47 . 2008-04-13 16:50 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2008-04-13 17:13 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-04-28 17:26 . 2009-06-11 10:26 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-21 14:06 . 2008-04-13 17:13 165826 --sha-r- c:\windows\system32\gwegq.dll
.

------- Sigcheck -------

[-] 2008-07-06 11:28 1571840 0CF0382F318E5349DC94DB9120D34A6D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-23_23.33.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 14:09 . 2009-06-24 14:09 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2009-06-24 14:08 . 2009-06-24 14:08 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2009-06-23 23:34 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 23:34 . 2008-04-13 17:13 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 26624 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 23:34 . 2008-04-13 17:14 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 23:34 . 2008-04-13 17:14 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 23:34 . 2008-04-13 17:13 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 23:34 . 2008-04-13 16:53 25088 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 23:34 . 2008-04-13 09:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 23:34 . 2008-04-13 17:14 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-04-23 16:37 . 2009-04-23 16:37 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2009-04-23 16:37 . 2009-04-23 16:37 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-04-23 16:37 . 2009-04-23 16:37 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-06-15 08:38 . 2009-06-24 14:12 222412 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-06-23 23:34 . 2008-04-13 17:14 510464 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 23:34 . 2009-02-20 08:09 668672 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 579584 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 296960 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 23:34 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 23:34 . 2009-02-09 11:22 111104 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 23:34 . 2008-04-13 10:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 23:34 . 2008-04-13 17:13 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 175104 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-23 23:34 . 2009-02-09 11:22 2148864 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 23:34 . 2009-02-09 11:23 2027520 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 23:34 . 2009-03-21 14:06 1033728 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 1036288 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-25 03:17 . 2009-06-25 03:17 7424000 c:\windows\Installer\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}\soffice.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-17 1261336]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-12-19 15797248]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-13 177152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1127:TCP"= 1127:TCP:jsghtrz

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/06/2009 11.09.36 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/06/2009 10.30.27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [17/06/2009 10.30.19 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17/06/2009 10.30.18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/06/2009 10.30.32 76040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21.06.55 1003344]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 22.07.24 1274880]
S2 ofewpsr;Boot Image;c:\windows\system32\svchost.exe -k netsvcs [13/04/2008 19.14.22 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [11/06/2009 11.57.13 66048]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [17/06/2009 9.52.27 138112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ofewpsr
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:07]

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Scansione supplementare -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 05:24
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofewpsr]
"ServiceDll"="c:\windows\system32\gwegq.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(1152)
c:\windows\system32\avgrsstx.dll
.
Ora fine scansione: 2009-06-25 5.24.56
ComboFix-quarantined-files.txt 2009-06-25 03:24
ComboFix2.txt 2009-06-23 23:35

Pre-Run: 94.731.038.720 byte disponibili
Post-Run: 94.721.298.432 byte disponibili

280 --- E O F --- 2009-06-11 08:24

[Luke57]

Ciao, adesso apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script:

Codice: Seleziona tutto

NetSvcs::
ofewpsr

Driver::
ofewpsr

File::
c:\windows\system32\gwegq.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofewpsr]

salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt

Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.

[gianni-56]

ComboFix 09-06-24.05 - user 25/06/2009 16.37.28.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1651 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\gwegq.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gwegq.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFEWPSR
-------\Service_ofewpsr


((((((((((((((((((((((((( Files Creati Da 2009-05-25 al 2009-06-25 )))))))))))))))))))))))))))))))))))
.

2009-06-25 08:52 . 2009-06-25 08:52 76040 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 08:52 . 2009-06-25 08:52 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 08:52 . 2009-06-25 08:52 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 08:52 . 2009-06-25 08:52 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 08:52 . 2009-06-25 08:52 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-25 04:48 . 2009-06-25 04:48 -------- d-----w- c:\programmi\CCleaner
2009-06-25 04:29 . 2009-06-25 08:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg8
2009-06-25 03:16 . 2009-06-25 03:16 -------- d-----w- c:\programmi\JRE
2009-06-23 23:34 . 2009-06-23 23:34 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 09:14 . 2009-06-23 09:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-23 09:09 . 2009-06-23 09:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-23 09:09 . 2009-06-23 09:07 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-23 09:09 . 2009-06-23 09:09 314200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-23 09:09 . 2009-06-23 09:09 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-23 09:09 . 2009-06-23 09:09 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-23 09:09 . 2009-06-23 09:09 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-23 09:09 . 2009-06-23 09:09 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-23 09:09 . 2009-06-23 09:09 296800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-23 09:09 . 2009-06-23 09:09 83808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-23 09:08 . 2009-06-23 09:08 1630048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-23 09:07 . 2009-06-23 09:07 212848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-23 09:07 . 2009-06-23 09:07 40288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-23 09:07 . 2009-06-23 09:07 64160 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-23 09:07 . 2009-06-23 09:07 72704 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-23 09:07 . 2009-06-23 09:07 640360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-23 09:07 . 2009-06-23 09:07 561016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-23 09:07 . 2009-06-23 09:07 565096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-23 09:07 . 2009-06-23 09:07 2349384 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-23 09:06 . 2009-06-23 09:06 627536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-23 09:06 . 2009-06-23 09:06 518488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-23 09:06 . 2009-06-23 09:06 1003344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-23 08:57 . 2008-04-14 08:43 39936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_DIX0RE.DLL
2009-06-23 08:49 . 2009-06-23 08:49 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-23 08:49 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-23 08:49 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-06-23 08:49 . 2009-06-23 08:49 -------- d-----w- c:\programmi\Lavasoft
2009-06-22 22:29 . 2009-06-25 04:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-22 22:29 . 2009-06-22 22:33 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-22 22:15 . 2009-06-24 15:30 -------- d-----w- c:\programmi\spybot
2009-06-21 11:17 . 2009-06-21 11:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-21 11:16 . 2009-06-21 11:16 152576 ----a-w- c:\documents and settings\user\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-17 08:30 . 2009-06-17 08:30 -------- d-----w- c:\programmi\AVG
2009-06-17 08:17 . 2009-06-17 08:17 -------- d-----w- c:\windows\Sun
2009-06-17 07:52 . 2009-06-17 07:52 -------- d-----w- C:\WebCam
2009-06-17 07:52 . 2005-04-13 23:00 138112 ----a-w- c:\windows\system32\drivers\V0090Vid.sys
2009-06-17 07:52 . 2005-03-30 23:06 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2009-06-17 07:52 . 2004-11-15 23:05 36864 ----a-w- c:\windows\system32\CtRegApp.dll
2009-06-17 07:52 . 2004-10-22 00:15 86016 ----a-w- c:\windows\CtDrvIns.exe
2009-06-17 07:52 . 2004-10-18 23:01 49152 ----a-w- c:\windows\system32\V0090Hwx.dll
2009-06-17 07:52 . 2004-10-17 23:01 36864 ----a-w- c:\windows\system32\V0090Pin.dll
2009-06-17 07:52 . 2004-10-17 23:01 20480 ----a-w- c:\windows\V0090Cfg.exe
2009-06-17 07:52 . 2004-10-17 23:01 126976 ----a-w- c:\windows\system32\V0090Vfw.dll
2009-06-17 07:52 . 2004-07-11 23:00 10240 ----a-w- c:\windows\system32\V0090Sti.dll
2009-06-17 07:52 . 2004-07-07 23:00 20480 ----a-w- c:\windows\system32\V0090Srv.exe
2009-06-16 17:45 . 2009-06-16 17:45 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-06-16 17:10 . 2009-06-16 17:10 -------- d-s---w- c:\documents and settings\user\UserData
2009-06-16 15:33 . 2009-06-16 15:33 -------- d-----w- c:\programmi\3
2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\windows\Downloaded Installations
2009-06-15 08:45 . 2009-06-15 08:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Acer Arcade
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\CyberLink
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Acer
2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-06-15 08:44 . 2009-06-15 22:31 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-14 17:43 . 2009-06-14 17:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-06-14 17:42 . 2009-06-14 17:42 -------- d-----w- c:\programmi\Epson Software
2009-06-14 17:40 . 2009-06-15 08:44 -------- d-----w- c:\programmi\ABBYY FineReader 6.0 Sprint
2009-06-14 17:38 . 2009-06-15 08:39 -------- d-----w- c:\programmi\epson
2009-06-14 17:27 . 2008-04-14 08:42 53248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_S9E0D7.DLL
2009-06-14 17:27 . 2007-12-17 03:00 143872 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2009-06-14 17:27 . 2007-01-11 03:02 113664 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2009-06-14 17:27 . 2008-04-14 08:42 211968 ----a-w- c:\documents and settings\All Users\Dati applicazioni\EPSON\EPSON SX100 Series\Language\0410.E_DI0EEE.DLL
2009-06-14 17:27 . 2009-06-15 08:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2009-06-14 17:27 . 2007-04-10 00:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-06-14 17:27 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBEDE.DLL
2009-06-14 17:27 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEDE.DLL
2009-06-14 08:14 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-14 08:14 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-14 08:11 . 2008-04-13 09:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-14 08:11 . 2008-04-13 09:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-13 22:06 . 2009-06-13 22:06 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\PowerCinema
2009-06-13 21:32 . 2004-02-19 12:12 299776 ----a-w- c:\windows\system32\drivers\snpstd.sys
2009-06-13 21:32 . 2004-01-28 14:59 36864 ----a-w- c:\windows\system32\vsnpstd.dll
2009-06-13 21:32 . 2003-12-31 14:39 40960 ----a-w- c:\windows\vsnpstd.exe
2009-06-13 21:32 . 2003-04-21 11:09 245408 ----a-w- c:\windows\Unicows.dll
2009-06-13 21:32 . 2009-06-13 21:32 -------- d-----w- c:\windows\Options
2009-06-13 21:32 . 2003-12-10 11:17 57344 ----a-w- c:\windows\system32\csnpstd.dll
2009-06-13 21:32 . 2003-10-22 06:40 53248 ----a-w- c:\windows\system32\dsnpstd.dll
2009-06-13 21:32 . 2003-06-03 11:35 40960 ----a-w- c:\windows\CleanDev.exe
2009-06-11 23:30 . 2009-06-15 08:44 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google
2009-06-11 23:30 . 2009-01-19 03:48 43008 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-11 23:30 . 2009-01-19 03:48 43008 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-11 23:30 . 2009-01-19 03:48 245248 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-11 23:30 . 2009-01-19 03:48 243200 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-11 23:30 . 2009-01-19 03:48 239616 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-11 23:30 . 2009-01-19 03:48 233984 ----a-w- c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\heox7hh1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-11 10:17 . 2009-06-11 10:17 258048 ----a-w- c:\windows\system32\config\systemprofile\NTUSER(2).DAT
2009-06-11 10:09 . 2009-06-11 10:09 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-11 10:08 . 2009-06-11 10:08 0 ----a-w- c:\windows\nsreg.dat
2009-06-11 10:07 . 2009-06-11 10:07 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Mozilla
2009-06-11 10:02 . 2009-06-23 08:17 17840 ----a-w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-11 09:58 . 2009-06-11 09:59 -------- d-----w- c:\programmi\Google
2009-06-11 09:57 . 2009-06-11 09:58 1886320 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-06-11 09:57 . 2009-06-11 09:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-06-11 09:57 . 2009-06-11 09:57 -------- d-----w- c:\programmi\NOS
2009-06-11 08:56 . 2009-06-11 10:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2009-06-11 08:40 . 2009-06-25 04:39 1 ----a-w- c:\documents and settings\user\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 08:40 . 2009-06-11 08:40 -------- d-----w- c:\documents and settings\user\Dati applicazioni\OpenOffice.org
2009-06-11 08:16 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-11 08:16 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-11 08:16 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-11 08:05 . 2009-06-11 08:20 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-06-11 08:05 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-11 08:05 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-11 07:50 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-11 07:37 . 2008-07-09 07:42 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-11 07:37 . 2009-06-11 08:24 -------- d--h--w- c:\windows\$hf_mig$
2009-06-11 07:26 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-11 07:25 . 2005-05-23 06:29 137884 ----a-r- c:\windows\system32\drivers\sscdmdm.sys
2009-06-11 07:25 . 2005-05-23 06:29 11877 ----a-r- c:\windows\system32\drivers\sscdcmnt.sys
2009-06-11 07:25 . 2005-05-23 06:29 11877 ----a-r- c:\windows\system32\drivers\sscdcm.sys
2009-06-11 07:25 . 2005-05-23 06:29 10864 ----a-r- c:\windows\system32\drivers\sscdmdfl.sys
2009-06-11 07:23 . 2005-05-23 06:29 80272 ----a-r- c:\windows\system32\drivers\sscdbus.sys
2009-06-11 07:23 . 2005-05-23 06:29 11188 ----a-r- c:\windows\system32\drivers\sscdwhnt.sys
2009-06-11 07:23 . 2005-05-23 06:29 11188 ----a-r- c:\windows\system32\drivers\sscdwh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 11:09 . 2001-08-31 15:00 72956 ----a-w- c:\windows\system32\perfc010.dat
2009-06-21 11:09 . 2001-08-31 15:00 417892 ----a-w- c:\windows\system32\perfh010.dat
2009-06-09 13:28 . 2009-06-09 13:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-09 13:03 . 2009-06-09 13:03 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-09 13:01 . 2009-06-09 13:01 -------- d-----w- c:\programmi\Servizi in linea
2009-06-09 12:59 . 2009-06-09 12:59 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2008-04-13 17:13 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:47 . 2008-04-13 16:50 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2008-04-13 17:13 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-04-28 17:26 . 2009-06-11 10:26 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2008-07-06 11:28 1571840 0CF0382F318E5349DC94DB9120D34A6D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-23_23.33.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 14:40 . 2009-06-25 14:40 16384 c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2009-06-25 14:23 . 2009-06-25 14:23 16384 c:\windows\Temp\Perflib_Perfdata_454.dat
+ 2009-06-25 14:40 . 2009-06-25 14:40 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2009-06-23 23:34 . 2008-10-16 12:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 23:34 . 2008-04-13 17:13 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 26624 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 23:34 . 2008-04-13 17:14 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 23:34 . 2008-04-13 17:14 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 23:34 . 2008-04-13 17:13 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 23:34 . 2008-04-13 16:53 25088 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 23:34 . 2008-04-13 09:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 23:34 . 2008-04-13 17:14 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-04-23 16:37 . 2009-04-23 16:37 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2009-04-23 16:37 . 2009-04-23 16:37 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2009-01-21 15:11 . 2009-01-21 15:11 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-04-23 16:37 . 2009-04-23 16:37 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2009-06-15 08:38 . 2009-06-25 14:40 222413 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-06-09 13:26 . 2009-06-25 04:30 113376 c:\windows\system32\FNTCACHE.DAT
- 2009-06-09 13:26 . 2009-06-16 17:54 113376 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-23 23:34 . 2008-04-13 17:14 510464 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 23:34 . 2009-02-20 08:09 668672 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 579584 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 296960 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 23:34 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 23:34 . 2009-02-09 11:22 111104 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 23:34 . 2008-04-13 10:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 23:34 . 2008-04-13 17:13 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:13 175104 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-23 23:34 . 2009-02-09 11:22 2148864 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 23:34 . 2009-02-09 11:23 2027520 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 23:34 . 2009-03-21 14:06 1033728 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 23:34 . 2008-04-13 17:14 1036288 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-25 03:17 . 2009-06-25 03:17 7424000 c:\windows\Installer\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}\soffice.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1261336]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-12-19 15797248]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-13 177152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1127:TCP"= 1127:TCP:jsghtrz

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/06/2009 11.09.36 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/06/2009 10.52.50 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25/06/2009 10.52.36 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/06/2009 10.52.35 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/06/2009 10.52.55 76040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21.06.55 1003344]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 22.07.24 1274880]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\programmi\NOS\bin\getPlus_HelperSvc.exe [11/06/2009 11.57.13 66048]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [17/06/2009 9.52.27 138112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:07]

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Scansione supplementare -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\AVG\AVG8\avgtray.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\user\IMPOST~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-25 16.43.01 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-25 14:42
ComboFix2.txt 2009-06-25 14:25
ComboFix3.txt 2009-06-23 23:35

Pre-Run: 94.665.850.880 byte disponibili
Post-Run: 94.867.955.712 byte disponibili

301 --- E O F --- 2009-06-11 08:24

ecco il nuovo report
sarei curioso di sapere cosa succede...

[Luke57]

Ciao, il report pare a posto, il servzio infetto è stato eliminato, hai sempre problemi?

[gianni-56]

Ciao Luke,
sembra che adesso funzioni tutto, lo verifico naturalmente mentre lavoro, esiste un programma per evitare che ciò non succeda? i normali anti tutto che ci sono in giro non sembrano molto efficaci, tu ne conosci qualcuno particolarmente indicato?...
Dirti grazie è poca cosa, a poter ricambiare in qualche modo la tua cortesia non hai che da chiederlo...se sono capace ritienimi a disposizione...!!!
gianni

[marchio78]

Salve o nn riesco ad accedere ai siti microsoft, ai siti di antivirus e ad aggiornare due pc.
Ho eseguito la scansione con combofix e sono usciti fuori i seguenti log:



LOG PC 1



ComboFix 09-07-09.08 - gaia 10/07/2009 18.13.55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3001.2569 [GMT 2:00]
Eseguito da: c:\documents and settings\gaia\Desktop\Nuova cartella\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gaia\Menu Avvio\Programmi\HeroCodec
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Installer\8e08e6.msp
c:\windows\system32\gxvxccounter
c:\windows\system32\WgaLogon.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Creati Da 2009-06-10 al 2009-07-10 )))))))))))))))))))))))))))))))))))
.

2009-07-10 16:11 . 2009-07-10 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-07 16:56 . 2009-07-07 16:56 -------- d-sh--w- c:\documents and settings\gaia\IECompatCache
2009-07-07 16:56 . 2009-07-07 16:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-07 16:46 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-07 16:45 . 2009-07-07 16:45 -------- d-----w- c:\windows\ie8updates
2009-07-07 16:45 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-07 16:45 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-07 16:43 . 2009-07-07 16:45 -------- dc-h--w- c:\windows\ie8
2009-07-02 08:26 . 2009-07-07 16:13 -------- d-----w- c:\documents and settings\gaia\Dati applicazioni\Skype
2009-06-24 21:32 . 2009-06-24 21:32 -------- d-----w- c:\programmi\Runtime Software
2009-06-20 08:42 . 2009-06-20 08:42 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-20 08:39 . 2009-06-25 15:53 -------- d-----w- c:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\Adobe
2009-06-20 08:38 . 2009-06-22 06:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-06-20 08:38 . 2009-06-22 06:49 -------- d-----w- c:\programmi\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 15:35 . 2009-03-31 15:47 -------- d-----w- c:\documents and settings\gaia\Dati applicazioni\U3
2009-07-10 15:06 . 2002-09-10 12:00 93612 ----a-w- c:\windows\system32\perfc010.dat
2009-07-10 15:06 . 2002-09-10 12:00 515386 ----a-w- c:\windows\system32\perfh010.dat
2009-07-07 16:51 . 2009-04-01 15:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-07 16:49 . 2009-04-01 15:35 -------- d-----w- c:\programmi\Microsoft Works
2009-06-24 12:49 . 2009-03-31 18:40 -------- d-----w- c:\programmi\Windows Desktop Search
2009-06-02 16:00 . 2009-06-02 16:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Canopus
2009-06-02 13:13 . 2009-03-31 05:51 137520 ----a-w- c:\documents and settings\gaia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-01 10:40 . 2009-06-01 10:40 -------- d-----w- c:\programmi\VSTplugins
2009-06-01 10:40 . 2009-06-01 10:40 -------- d-----w- c:\documents and settings\gaia\Dati applicazioni\Publish Providers
2009-06-01 10:35 . 2009-06-01 10:35 -------- d-----w- c:\documents and settings\gaia\Dati applicazioni\Sony
2009-06-01 10:35 . 2009-06-01 10:35 -------- d-----w- c:\programmi\Sony
2009-06-01 10:13 . 2009-06-01 10:13 -------- d-----w- c:\programmi\CyberLink
2009-06-01 10:13 . 2009-04-01 14:29 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-01 10:13 . 2009-06-01 10:13 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-01 10:13 . 2009-06-01 10:13 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-06-01 10:07 . 2009-06-01 10:00 -------- d-----w- c:\programmi\VirtualDJ
2009-05-26 11:08 . 2009-05-07 17:11 -------- d-----w- c:\programmi\Alice MOBILE
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:02 . 2004-08-19 14:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-19 14:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 16:41 . 2009-03-31 16:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-01 16:41 . 2009-03-31 16:32 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-22 09:27 . 2009-04-22 09:27 4 ----a-w- c:\windows\vx86036.dat
2009-04-19 19:47 . 2004-08-19 14:31 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2004-08-19 14:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 11:22 . 2009-05-05 11:50 245760 ----a-w- c:\programmi\Uninstall Ask Toolbar.dll
2009-03-21 14:06 . 2004-08-19 14:39 2316960 --sha-r- c:\windows\system32\ozsryj.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-09-01 12:31 98328 ----a-w- c:\programmi\Nero\Nero 9\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-07 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-04-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\gaia\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1762:TCP"= 1762:TCP:jhpcegf

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [01/04/2009 16.29.26 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [01/04/2009 16.29.26 4608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [31/03/2009 18.32.55 108289]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [07/05/2009 19.10.48 81920]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\programmi\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [01/09/2008 14.31.18 108568]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 16.28.36 1533808]
R3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [03/01/2003 9.11.24 210792]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [30/03/2009 22.27.30 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [30/03/2009 22.09.06 51288]
S2 ctillxx;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 16.39.46 14336]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [07/05/2009 19.11.46 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [07/05/2009 19.11.46 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [07/05/2009 19.11.46 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [07/05/2009 19.11.46 104960]
S3 sffp_mmc;Driver protocollo memorie per MMC;c:\windows\system32\drivers\sffp_mmc.sys [31/03/2009 18.00.11 10240]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - CTILLXX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ctillxx

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {392D0DAD-81FC-424A-90F1-6AB032AE3E3B} = 151.99.125.2
TCP: {63892D64-B5BE-4B47-BDB0-3EBD04F91818} = 151.99.125.2
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 18:18
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ctillxx]
"ServiceDll"="c:\windows\system32\ozsryj.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(652)
c:\windows\system32\WININET.dll
c:\programmi\Nero\Nero 9\InCD\NBHshx.dll
c:\programmi\Nero\Nero 9\InCD\NBHStr.dll
c:\programmi\File comuni\Nero\AdvrCntr4\AdvrCntr4.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\Crypserv.exe
c:\programmi\Nero\Nero 9\InCD\InCDSrv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\searchindexer.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-10 18.21.25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-10 16:21

Pre-Run: 35.982.675.968 byte disponibili
Post-Run: 35.925.774.336 byte disponibili

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
196 --- E O F --- 2009-06-22 06:57






LOG PC 2






ComboFix 09-07-09.08 - user 10/07/2009 18.32.07.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.959.613 [GMT 2:00]
Eseguito da: f:\nuova cartella\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Creati Da 2009-06-10 al 2009-07-10 )))))))))))))))))))))))))))))))))))
.

2009-07-10 12:56 . 2009-07-10 12:56 -------- d-----w- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2009-07-10 12:56 . 2009-07-10 12:56 -------- d-----w- c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2009-07-10 12:56 . 2009-07-10 12:56 -------- d-----w- c:\programmi\SDHelper (Spybot - Search & Destroy)
2009-07-10 12:56 . 2009-07-10 12:56 -------- d-----w- c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2009-07-10 11:58 . 2009-07-10 15:01 117760 ----a-w- c:\documents and settings\user\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-10 11:58 . 2009-07-10 11:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-07-10 11:58 . 2009-07-10 11:58 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-10 11:58 . 2009-07-10 11:58 -------- d-----w- c:\documents and settings\user\Dati applicazioni\SUPERAntiSpyware.com
2009-07-10 11:49 . 2009-07-10 11:49 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-07-10 11:49 . 2009-07-10 11:49 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2009-07-10 11:49 . 2009-07-10 11:49 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-07-10 11:35 . 2009-07-10 11:40 -------- dc-h--w- c:\windows\ie8
2009-07-10 08:37 . 2009-07-10 08:37 -------- d-----w- c:\programmi\Trend Micro
2009-07-09 22:03 . 2009-07-09 22:03 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Windows Search
2009-07-09 15:35 . 2009-07-09 15:35 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-09 15:32 . 2009-07-09 15:32 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Windows Desktop Search
2009-07-09 15:32 . 2009-07-09 15:32 -------- d-----w- c:\programmi\Windows Desktop Search
2009-07-09 15:32 . 2009-07-09 15:32 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-09 15:31 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-09 15:31 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-09 15:31 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-07-09 15:30 . 2009-07-09 15:30 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-07-09 15:27 . 2009-07-09 19:30 -------- d-----w- c:\windows\system32\LogFiles
2009-07-09 15:27 . 2009-07-09 15:29 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-09 15:23 . 2009-07-09 15:24 -------- d-----w- c:\windows\system32\URTTemp
2009-07-09 15:16 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-09 15:16 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-09 15:16 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-09 15:16 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-09 15:16 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-09 15:16 . 2009-02-09 10:51 734720 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-09 15:16 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-09 15:16 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-09 15:16 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-09 15:16 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-09 15:16 . 2009-02-09 10:51 736256 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-09 15:16 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-09 15:15 . 2008-04-21 21:14 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-09 15:13 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-09 15:11 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-09 15:11 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-09 15:11 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-09 15:11 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-07-09 06:20 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-09 06:20 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-09 06:07 . 2009-07-09 15:37 -------- d--h--w- c:\windows\$hf_mig$
2009-07-09 06:02 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-08 06:49 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-07-08 06:49 . 2008-09-10 01:14 1307648 ----a-w- c:\windows\system32\msxml6.dll
2009-07-08 06:49 . 2008-04-13 16:53 92672 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-07-08 06:49 . 2008-04-13 16:53 92672 ------w- c:\windows\system32\msxml6r.dll
2009-07-08 06:46 . 2009-07-08 06:46 -------- d-----w- c:\windows\ServicePackFiles
2009-07-08 06:46 . 2008-04-13 17:14 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-07-07 22:22 . 2009-07-10 11:47 -------- d-----w- c:\windows\system32\it-it
2009-07-07 22:22 . 2009-07-08 06:48 -------- d-----w- c:\windows\l2schemas
2009-07-07 22:22 . 2009-07-08 06:48 -------- d-----w- c:\windows\system32\it
2009-07-07 22:22 . 2009-07-08 06:48 -------- d-----w- c:\windows\system32\bits
2009-07-07 22:10 . 2008-10-13 11:55 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-07 22:07 . 2009-02-09 10:51 683520 ----a-w- c:\windows\system32\advapi32.dll
2009-07-07 22:06 . 2009-07-08 06:37 -------- d-----w- c:\windows\EHome
2009-07-07 22:00 . 2009-07-07 22:13 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-07 22:00 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-07 22:00 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-07 21:59 . 2009-07-07 21:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-07 21:59 . 2009-07-07 21:59 -------- d-----w- c:\programmi\Avira
2009-07-07 21:56 . 2009-07-07 21:59 -------- d-----w- C:\1160aa5e75d9f9aa1de8
2009-07-07 16:07 . 2009-07-07 16:07 0 ----a-w- c:\windows\system32\lich.dat
2009-07-07 16:01 . 2009-07-07 22:13 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 15:41 . 2009-07-07 15:41 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2009-07-07 15:41 . 2009-01-14 14:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 15:41 . 2009-01-14 14:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-07 15:41 . 2009-07-07 15:41 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-07 15:41 . 2009-07-07 15:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-07 15:11 . 2009-07-07 15:11 -------- d-----w- c:\programmi\CCleaner
2009-07-07 14:58 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\user\Dati applicazioni\U3\temp\cleanup.exe
2009-07-07 14:57 . 2009-07-07 15:03 -------- d-----w- c:\programmi\FreeRegistryCleaner
2009-07-07 14:50 . 2009-07-07 14:58 -------- d-----w- c:\documents and settings\user\Dati applicazioni\U3
2009-06-26 09:43 . 2009-07-10 14:59 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-26 09:21 . 2009-07-10 16:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-25 09:41 . 2009-06-30 10:26 0 ----a-w- c:\windows\system32\drivers\d5b5751.sys
2009-06-24 20:06 . 2009-06-24 20:06 187 ----a-w- C:\d45.bat
2009-06-24 20:05 . 2009-07-07 16:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\94038586
2009-06-24 20:05 . 2009-07-07 16:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\14028594
2009-06-24 20:05 . 2009-06-30 17:27 0 ----a-w- c:\windows\system32\drivers\c2bee533.sys
2009-06-24 17:30 . 2009-06-24 17:30 -------- d-----w- C:\BackUpMSNCleaner
2009-06-24 16:48 . 2009-06-24 16:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-06-24 13:45 . 2009-07-09 19:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Grid Blue Memo Site
2009-06-24 13:44 . 2009-07-09 19:07 -------- d-----w- c:\documents and settings\user\Dati applicazioni\fast ref memo
2009-06-24 13:44 . 2009-06-24 13:44 -------- d-----w- c:\programmi\fast ref memo
2009-06-24 13:43 . 2009-07-07 16:31 -------- d-----w- c:\programmi\Circle Development
2009-06-24 13:43 . 2009-06-24 13:43 -------- d-----w- c:\programmi\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 10:18 . 2009-07-10 10:18 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-09 18:02 . 2004-08-19 12:00 71684 ----a-w- c:\windows\system32\perfc010.dat
2009-07-09 18:02 . 2004-08-19 12:00 448686 ----a-w- c:\windows\system32\perfh010.dat
2009-07-08 06:59 . 2005-09-18 10:58 29288 ----a-w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-08 06:51 . 2005-08-23 13:03 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 17:24 . 2009-04-16 16:36 -------- d-----w- c:\programmi\HSDPA USB Modem
2009-06-25 09:39 . 2005-09-02 14:31 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2009-06-18 19:26 . 2008-04-27 11:00 -------- d-----w- c:\programmi\Mahjong Mania Deluxe
2009-06-09 19:59 . 2007-06-03 14:33 -------- d-----w- c:\programmi\Jewel Quest
2009-06-08 20:29 . 2007-01-14 09:51 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT
2004-08-19 12:00 . 2009-07-07 22:07 2316960 --sha-r- c:\windows\system32\olcafuy.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\c:^documents and settings^all users^menu avvio^programmi^esecuzione automatica^microsoft office.lnk]

[HKLM\~\startupfolder\c:^documents and settings^all users^menu avvio^programmi^esecuzione automatica^nkbmonitor.exe.lnk]

[HKLM\~\startupfolder\c:^documents and settings^all users^menu avvio^programmi^esecuzione automatica^via raid tool.lnk]

[HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^fmnupd32.exe]

[HKLM\~\startupfolder\c:^documents and settings^user^menu avvio^programmi^esecuzione automatica^zqosys32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5913:TCP"= 5913:TCP:fvznjdry

R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [07/07/2009 23.59.58 108289]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]
S1 c2bee533;c2bee533;c:\windows\system32\drivers\c2bee533.sys [24/06/2009 22.05.14 0]
S1 d5b5751;d5b5751;c:\windows\system32\drivers\d5b5751.sys [25/06/2009 11.41.19 0]
S2 eqldd;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 14.00.00 14336]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [07/07/2009 18.05.12 103552]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/07/2009 17.41.03 38496]
S3 pcidisk;pcidisk;\??\c:\windows\system32\pcidisk.sys --> c:\windows\system32\pcidisk.sys [?]
S4 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [16/04/2009 18.36.07 135168]
S4 lich;lich; [x]
S4 sr5usw46is4jhserthtksrw80;sr5usw46is4jhserthtksrw80; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eqldd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
uStart Page = www.google.it
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\windowsupdate
TCP: {9FCE367F-8E48-4452-B764-1C8EF11C0072} = 151.99.125.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 18:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eqldd]
"ServiceDll"="c:\windows\system32\olcafuy.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-07-10 18.38.35
ComboFix-quarantined-files.txt 2009-07-10 16:38
ComboFix2.txt 2009-07-10 15:52
ComboFix3.txt 2009-07-10 11:16
ComboFix4.txt 2009-07-08 06:27
ComboFix5.txt 2009-07-10 16:31

Pre-Run: 22.315.515.904 byte disponibili
Post-Run: 22.307.819.520 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
206




Sto impazzendo, vi prego di farmi sapere quanto prima come muovermi, grazie in anticipo!!!