Ciao a tutti,
sono un neofita di trojan e adware così avrei bisogno di una mano per capire se il mio pc è pulito o qualche altro malware si cela nell'hard-disk.
Il problema è che aprendo firefox e usandolo normalmente, ogni tanto spuntavano fuori dei popup di pubblicità inerente a ciò che stavo visitando.
Ho fatto una scansione con HijackThis e il log era questo.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.59.32, on 27/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Massimo\AppData\Local\isaswwi.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\explorer.exe
C:\Users\Massimo\Desktop\HiJackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [isaswwi] "c:\users\massimo\appdata\local\isaswwi.exe" isaswwi
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 10000 bytes
Spulciando qua e la nel forum ho capito che eseguire il Combofix sarebbe stato di aiuto e così l'ho eseguito ed ecco qui il log che però non riesco a capire...
ComboFix 09-07-26.03 - Massimo 27/07/2009 22.11.54.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3068.1495 [GMT 2:00]
Eseguito da: c:\users\Massimo\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-302513418-1374094644-3710361010-500
c:\users\Massimo\AppData\Local\isaswwi.dat
c:\users\Massimo\AppData\Local\isaswwi.exe
c:\users\Massimo\AppData\Local\isaswwi_nav.dat
c:\users\Massimo\AppData\Local\isaswwi_navps.dat
c:\windows\Installer\179bb.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-06-27 al 2009-07-27 )))))))))))))))))))))))))))))))))))
.
2009-07-26 21:21 . 2009-07-27 19:00 117760 ----a-w- c:\users\Massimo\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-26 21:21 . 2009-07-26 21:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-26 21:20 . 2009-07-26 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-26 21:20 . 2009-07-26 21:20 -------- d-----w- c:\users\Massimo\AppData\Roaming\SUPERAntiSpyware.com
2009-07-26 21:20 . 2009-07-26 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-25 21:36 . 2009-07-25 21:36 -------- d-----w- c:\users\Massimo\AppData\Roaming\FileZilla
2009-07-25 09:06 . 2009-07-25 09:06 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-25 08:31 . 2009-07-25 08:35 -------- d-----w- c:\users\Massimo\AppData\Local\Apple Computer
2009-07-25 08:28 . 2009-07-25 08:28 -------- d-----w- c:\programdata\Apple
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\users\Massimo\AppData\Roaming\HP
2009-07-22 20:24 . 2009-07-22 20:24 -------- d-----w- c:\programdata\HP
2009-07-22 20:22 . 2009-07-23 20:46 -------- d-----w- c:\users\Massimo\AppData\Roaming\CyberLink
2009-07-22 20:21 . 2009-07-22 20:21 406360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-21 20:04 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:04 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 19:57 . 2009-07-21 19:58 -------- d-----w- c:\users\Massimo\AppData\Local\Adobe
2009-07-18 19:03 . 2009-07-18 19:03 -------- d-----w- c:\program files\AC3Filter
2009-07-18 17:31 . 2009-07-18 17:31 -------- d-----w- c:\users\Massimo\AppData\Roaming\DivX
2009-07-18 09:59 . 2009-07-27 18:59 -------- d-----w- c:\users\Massimo\Tracing
2009-07-18 09:53 . 2009-07-18 09:53 -------- d-----w- c:\program files\Microsoft
2009-07-18 09:53 . 2009-07-18 09:53 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-18 09:53 . 2009-07-18 09:53 -------- d-----w- c:\program files\Windows Live
2009-07-18 09:52 . 2009-07-18 09:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\program files\AskBarDis
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\program files\uTorrent
2009-07-17 23:44 . 2009-07-19 02:20 -------- d-----w- c:\users\Massimo\AppData\Roaming\uTorrent
2009-07-16 21:24 . 2009-07-25 22:20 -------- d-----w- c:\program files\xampp
2009-07-16 21:06 . 2009-07-16 21:06 -------- d-----w- c:\program files\Mythicsoft
2009-07-16 21:06 . 2009-07-16 21:06 -------- d-----w- c:\users\Massimo\AppData\Roaming\PSpad
2009-07-16 21:06 . 2009-07-16 21:06 -------- d-----w- c:\program files\PSPad editor
2009-07-16 20:55 . 2009-07-16 20:56 -------- d-----w- c:\windows\system32\js
2009-07-16 20:55 . 2009-07-16 20:56 -------- d-----w- c:\windows\system32\html
2009-07-16 20:55 . 2009-07-16 20:56 -------- d-----w- c:\windows\system32\css
2009-07-16 20:55 . 2009-07-16 20:55 -------- d-----w- c:\windows\system32\images
2009-07-16 20:55 . 2009-07-16 20:55 -------- d-----w- c:\program files\Business Objects
2009-07-16 20:53 . 2009-07-19 01:05 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-16 20:53 . 2009-07-16 20:53 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-07-16 20:52 . 2009-07-16 20:53 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-07-16 20:52 . 2009-07-16 20:52 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-07-16 20:52 . 2009-07-16 20:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-16 20:51 . 2009-07-19 01:08 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-07-16 20:51 . 2009-07-19 01:08 1680064 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-07-16 20:48 . 2009-07-16 20:48 -------- d-----w- c:\programdata\PreEmptive Solutions
2009-07-16 20:45 . 2009-07-16 20:45 -------- d-----w- c:\windows\symbols
2009-07-16 20:44 . 2009-07-16 20:44 -------- d-----w- c:\windows\system32\1033
2009-07-16 20:42 . 2009-07-16 20:54 -------- d-----w- c:\program files\Microsoft.NET
2009-07-16 20:42 . 2009-07-16 20:48 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-16 20:42 . 2009-07-16 20:45 -------- d-----w- c:\program files\HTML Help Workshop
2009-07-16 20:42 . 2009-07-16 20:42 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-16 20:42 . 2009-07-16 20:42 -------- d-----w- c:\program files\CE Remote Tools
2009-07-16 20:42 . 2009-07-16 20:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-16 20:41 . 2009-07-16 20:41 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-07-16 20:41 . 2009-07-16 20:41 -------- d--h--r- C:\MSOCache
2009-07-16 20:40 . 2009-07-16 20:40 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-16 20:40 . 2009-07-16 20:40 -------- d-----w- c:\users\Massimo\AppData\Local\Microsoft Help
2009-07-14 23:14 . 2009-07-14 23:14 -------- d-----w- c:\windows\system32\ca-ES
2009-07-14 23:14 . 2009-07-14 23:14 -------- d-----w- c:\windows\system32\eu-ES
2009-07-14 23:14 . 2009-07-14 23:14 -------- d-----w- c:\windows\system32\vi-VN
2009-07-14 23:10 . 2009-07-14 23:10 -------- d-----w- c:\windows\system32\SPReview
2009-07-14 23:01 . 2009-04-10 21:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-07-14 23:01 . 2009-04-10 21:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-07-14 22:55 . 2009-07-14 22:55 -------- d-----w- c:\windows\system32\EventProviders
2009-07-14 22:51 . 2009-07-14 22:52 1 ----a-w- c:\users\Massimo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-14 22:51 . 2009-07-14 22:51 -------- d-----w- c:\users\Massimo\AppData\Roaming\OpenOffice.org
2009-07-14 22:48 . 2009-07-14 22:48 -------- d-----w- c:\program files\JRE
2009-07-14 22:48 . 2009-07-14 22:48 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-14 22:47 . 2009-07-14 22:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 22:24 . 2009-07-14 22:24 -------- d-----w- c:\program files\7-Zip
2009-07-14 22:18 . 2009-07-14 22:18 -------- d-----w- c:\users\Massimo\AppData\Local\Seven Zip
2009-07-14 22:09 . 2009-07-14 22:09 -------- d-----w- c:\programdata\AOL
2009-07-14 22:06 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-14 22:06 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-14 22:06 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-14 22:06 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-14 22:06 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-14 22:06 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-14 22:06 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-14 22:06 . 2009-07-14 22:06 -------- d-----w- c:\program files\Alwil Software
2009-07-14 22:05 . 2009-07-27 18:58 92 ----a-w- c:\users\Massimo\AppData\Local\guweq.bat
2009-07-14 21:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-14 21:58 . 2009-07-14 21:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-14 21:58 . 2009-07-14 21:58 -------- d-----w- c:\program files\DivX
2009-07-14 21:58 . 2009-07-14 21:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-14 21:58 . 2009-07-14 21:58 -------- d-----w- c:\program files\MSXML 4.0
2009-07-14 21:55 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-14 21:55 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 21:55 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 21:55 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 21:55 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 21:55 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 21:55 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 21:55 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-07-14 21:49 . 2009-07-14 21:49 -------- d-----w- c:\users\Massimo\AppData\Local\Mozilla
2009-07-14 21:48 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-14 21:48 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-14 21:48 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-14 21:48 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-14 21:48 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-14 21:48 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-14 21:48 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-14 21:48 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-07-14 21:48 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-07-14 21:33 . 2009-07-14 21:33 -------- d-----w- c:\users\Massimo\Bluetooth Software
2009-07-14 21:33 . 2009-07-22 21:13 -------- d-----w- c:\users\Massimo\AppData\Local\QuickPlay
2009-07-14 21:33 . 2009-07-14 21:33 -------- d-----w- c:\users\Massimo\AppData\Roaming\Symantec
2009-07-14 21:33 . 2009-07-16 21:11 75576 ----a-w- c:\users\Massimo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-14 21:33 . 2009-07-14 21:33 -------- d-----w- c:\users\Massimo\AppData\Roaming\DigitalPersona
2009-07-14 21:33 . 2009-07-14 21:33 -------- d-----w- c:\users\Massimo\AppData\Local\DigitalPersona
2009-07-14 21:32 . 2009-07-14 21:32 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-07-14 21:31 . 2009-07-22 21:19 -------- d-----w- c:\users\Massimo\AppData\Roaming\Hewlett-Packard
2009-07-14 21:31 . 2009-07-14 21:31 -------- d-----w- c:\programdata\Viewpoint
2009-07-14 21:31 . 2009-07-14 21:31 -------- d-----w- c:\program files\Viewpoint
2009-07-14 21:29 . 2009-07-14 21:29 -------- d-----w- c:\users\Massimo\AppData\Roaming\Macrovision
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\users\Default\Risorse di stampa
2009-07-14 21:02 . 2009-07-14 23:11 -------- d-----w- c:\programdata\NVIDIA
2009-07-14 21:01 . 2009-07-23 20:46 -------- d-----w- c:\programdata\CyberLink
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\tr
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\ru
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\ko
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\ja
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\fr
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\es
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\system32\de
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\windows\DPDrv
2009-07-14 21:01 . 2009-07-14 21:01 -------- d-----w- c:\program files\DigitalPersona
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 19:04 . 2008-07-18 17:13 709554 ----a-w- c:\windows\system32\perfh010.dat
2009-07-27 19:04 . 2008-07-18 17:13 137968 ----a-w- c:\windows\system32\perfc010.dat
2009-07-27 18:59 . 2009-07-14 20:56 42749 ----a-w- c:\programdata\nvModes.dat
2009-07-25 08:31 . 2009-07-25 08:31 -------- d-----w- c:\users\Massimo\AppData\Roaming\Apple Computer
2009-07-25 08:31 . 2009-07-25 08:31 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-25 08:31 . 2009-07-25 08:31 -------- d-----w- c:\program files\iTunes
2009-07-25 08:31 . 2009-07-25 08:31 -------- d-----w- c:\program files\iPod
2009-07-25 08:31 . 2009-07-25 08:30 -------- d-----w- c:\programdata\Apple Computer
2009-07-25 08:31 . 2009-07-25 08:28 -------- d-----w- c:\program files\Common Files\Apple
2009-07-25 08:30 . 2009-07-25 08:30 -------- d-----w- c:\program files\Bonjour
2009-07-25 08:30 . 2009-07-25 08:30 -------- d-----w- c:\program files\QuickTime
2009-07-25 08:30 . 2009-07-25 08:30 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 21:27 . 2008-07-18 07:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 21:22 . 2008-07-18 07:32 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-21 20:05 . 2008-07-18 08:39 -------- d-----w- c:\programdata\Microsoft Help
2009-07-17 18:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 20:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-14 23:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-14 23:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 23:08 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-14 22:46 . 2008-07-18 09:01 -------- d-----w- c:\program files\Java
2009-07-14 22:34 . 2008-07-18 08:13 -------- d-----w- c:\programdata\WildTangent
2009-07-14 22:27 . 2008-07-18 08:28 -------- d-----w- c:\program files\Microsoft Works
2009-07-14 21:43 . 2008-07-18 07:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-14 21:41 . 2008-07-18 07:38 -------- d-----w- c:\programdata\Symantec
2009-07-14 21:39 . 2009-07-14 21:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-14 21:29 . 2009-07-14 21:29 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8414297_E465478-065_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L410_M3069_J320_7Intel_8676_92.53_#090714_N10EC8168;80864237_(FW713EA#ABZ)_XMOBILE_CN10_Z_2F.0C.MRK
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\programdata\Preferiti
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\programdata\Modelli
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\programdata\Menu Avvio
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\programdata\Documenti
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\programdata\Dati applicazioni
2009-07-14 21:25 . 2009-07-14 21:25 -------- d-sh--we c:\program files\File comuni
2009-07-14 21:00 . 2008-07-18 08:43 -------- d-----w- c:\program files\CyberLink
2009-07-14 20:56 . 2008-07-18 08:13 -------- d-----w- c:\programdata\Hewlett-Packard
2009-07-14 20:52 . 2009-07-14 20:52 -------- d-----w- c:\program files\AVerMedia
2009-07-14 20:52 . 2009-07-14 20:50 -------- d-----w- c:\program files\Intel
2009-07-14 20:49 . 2009-07-14 20:48 -------- d-----w- c:\program files\IDT
2009-07-14 20:47 . 2009-07-14 20:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-18 01:03 . 2009-07-14 21:49 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-18 17:15 . 2008-07-18 17:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):88,06,17,fd,d9,04,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BD3D597-2432-45FB-97F4-F2315C81F350}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FB500848-9144-43BF-90C4-B3C564185A72}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{BB642A42-A2B9-4F6A-BC56-22B151318D1D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B5F932D-A2F1-4EF0-86CD-FB5806A673D0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{102CEC70-F3D3-4DFD-8FDC-E198BD5C40D0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FA8429A5-1A62-4570-8F15-FAAE0982052B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{21F570FD-F5B1-45B8-919B-40AC6881E17B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{67DB576C-603D-427D-8970-8DBB9BCEC314}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F3A38EF8-F05D-4917-95A3-78748E87393F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B8FA4A50-B113-495A-8430-DC2C1417113C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1A8FCF64-DCB1-419E-A98C-1EA958597D01}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{76531154-D7A3-4856-A426-077B273ECA3F}c:\\program files\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{BCE4C70B-622F-49E1-97E4-018D2C91531D}c:\\program files\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\xampp\mysql\bin\mysqld.exe:mysqld
"TCP Query User{37DF0D32-2D40-4B09-B86E-0E5898F07873}c:\\program files\\xampp\\apache\\bin\\httpd.exe"= UDP:c:\program files\xampp\apache\bin\httpd.exe:Apache HTTP Server
"UDP Query User{3FE6F495-4C90-4490-8E2E-FB6D2DFE93AE}c:\\program files\\xampp\\apache\\bin\\httpd.exe"= TCP:c:\program files\xampp\apache\bin\httpd.exe:Apache HTTP Server
"{63381F2B-AE50-4289-AE3B-9F39FA165C98}"= UDP:3306:Mysql
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [15/07/2009 0.06.47 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [18/07/2008 9.54.37 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [14/07/2009 22.48.29 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [15/07/2009 0.06.47 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [15/07/2009 0.06.37 51792]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4.23.43 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16.24.58 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [18/07/2008 10.56.26 341328]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26/03/2008 18.27.52 595248]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [14/07/2009 22.52.28 280192]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [18/07/2008 10.01.22 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15.23.12 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 13.14.10 81296]
R3 NETw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [14/07/2009 22.49.47 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23/05/2008 5.29.00 43552]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26/03/2008 18.28.08 40752]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [18/07/2009 1.46.24 234888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-isaswwi - c:\users\massimo\appdata\local\isaswwi.exe
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Massimo\AppData\Roaming\Mozilla\Firefox\Profiles\uc4cq5sq.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 22:17
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
c:\users\Massimo\AppData\Local\Temp\MUI
c:\windows\TEMP\_isTmp_{8675309}
C:\$RECYCLE.BIN
Scansione completata con successo
Files nascosti: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\DPPWDFLT.dll
.
Ora fine scansione: 2009-07-27 22.18.46
ComboFix-quarantined-files.txt 2009-07-27 20:18
Pre-Run: 81.380.327.424 byte disponibili
Post-Run: 81.600.045.056 byte disponibili
395 --- E O F --- 2009-07-27 19:04
Qualcuno mi può aiutare a capire se c'è ancora qualche ospite indesiderato????
Per completezza posto anche il log di HijackThis dopo aver eseguito il Combofix.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.30.44, on 27/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Massimo\Desktop\HiJackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 9069 bytes
Quel che mi puzza è
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Che ne dite?