Non riesco ad accedere ai siti degli antivirus

[Luke57]

@stix
Ciao, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
devi rinominare il file prima di salvarlo sul desktop in abc.exe
(per rinominare il file, quando lo scarichi ti chiede dove salvarlo e ti compare la casella "nome file", cambia il nome che ti appare in abc.exe e salvalo obbligatoriamente sul desktop)

Poi disattiva l'antivirus e, in ordine, click su:
start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\abc.exe" /killall <----copia e incolla

Premi OK
non installare la recovery console quando è proposta
se tutto va bene parte il programma che potrebbe impiegare molto
attendi pazientemente il termine delle operazioni, senza fare niente, e al termine posta il report C:\ComboFix.txt.

[stix]

è troppo lungo come faccio a metterlo ??

[Luke57]

Ciao, inseriscilo come allegato al post sfruttando l'apposita opzione (invia allegati)

[stix]

non gli posso aggiungere..non me l'ho fa fare..

[gahan]

Ciao stix,

vai su
http://www.wikifortio.com/

e alla voce Upload File clicca su sfoglia per effettuare l'upload del report sulla rete, dopo di che posta qui il link risultante

[stix]

neanche in quel modo mi dice file is not registered...l'ho divito a meta e lo posto qua anche se causera un po di problemi...

ComboFix 10-01-04.01 - Administrator 06/01/2010 17.44.27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1464 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\desktop\abc.exe
Opzioni usate :: /killall
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\ADMINI~1\IMPOST~1\Temp\install_flash_player.exe
c:\documents and settings\Administrator\Dati applicazioni\Desktopicon
c:\documents and settings\Administrator\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Administrator\Dati applicazioni\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\nmtcab.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\nmtcab_nav.dat
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\nmtcab_navps.dat
c:\recycler\S-1-5-21-4121735084-2419123753-840517897-500
c:\recycler\S-1-5-21-796845957-630328440-682003330-500
c:\windows\10732not-a-ziru95bd.exe
c:\windows\10943worm5a6z.ocx
c:\windows\10dcdownzo5der1999.ocx
c:\windows\11135hz9kto5l3cd.exe
c:\windows\11301not-a-v5rus49z.exe
c:\windows\12450spazbot9e1.cpl
c:\windows\124609i5usz1.cpl
c:\windows\12554viruz191.cpl
c:\windows\1255backdo9r14z4.cpl
c:\windows\12568n5tza-viru9638.cpl
c:\windows\1258zack5ool49e.dll
c:\windows\12742spz95.bin
c:\windows\128not-5-virusza99.ocx
c:\windows\129425ro935z.cpl
c:\windows\13525spz159.cpl
c:\windows\13546v95uszf.dll
c:\windows\13609zc5tool2c0.dll
c:\windows\13732not-5-vizu96a9.cpl
c:\windows\139spy9aze2563.dll
c:\windows\139zadd5are19869.ocx
c:\windows\14049vzrus1f5.dll
c:\windows\14975parse1z569.ocx
c:\windows\14dbb5ckz9or440.exe
c:\windows\15194not-a-zirus6c6.bin
c:\windows\1529th9eatz5839.cpl
c:\windows\15422vzr9s226.cpl
c:\windows\1546addzare1592.exe
c:\windows\15579ir12z6.cpl
c:\windows\1569zrm557.dll
c:\windows\1579bac9door62z.dll
c:\windows\15889v5rzs5ed.ocx
c:\windows\15z1worm9ab.bin
c:\windows\15z8s9amb5tea.bin
c:\windows\15z95teal361.exe
c:\windows\16063not-9-virus5zc.bin
c:\windows\16569spam5ot759z.cpl
c:\windows\1659d5wnloazer1149.exe
c:\windows\1695threat327z8.ocx
c:\windows\169779acktooz15b.dll
c:\windows\16b5threat9449z.dll
c:\windows\173z4viru9405.ocx
c:\windows\17691vir5s6efz.exe
c:\windows\177949ackzoo52ac.bin
c:\windows\18253w5rz79f.exe
c:\windows\18573w5r9zee.ocx
c:\windows\1895zroj55c9.cpl
c:\windows\193c5aczdoor21939.cpl
c:\windows\194595acztool7fa.dll
c:\windows\194z2not-a-vir5s12c.dll
c:\windows\19527spy752z.bin
c:\windows\19538wo5z966.bin
c:\windows\19a1thief5397z.bin
c:\windows\19z32vi5u9a5.ocx
c:\windows\1a195ir2z79.dll
c:\windows\1af8szar9e5398.bin
c:\windows\1b47s9eaz2759.bin
c:\windows\1c3c5tz9l1635.cpl
c:\windows\1e39adzwa5e1810.dll
c:\windows\1f9zbackdoor2175.exe
c:\windows\1fa4th9ef215z.cpl
c:\windows\1fbaaddwa9e1523z.exe
c:\windows\1z763s9y5b5.bin
c:\windows\20109troj75z.cpl
c:\windows\20165w9rmz5a.ocx
c:\windows\20558zirus798.ocx
c:\windows\20623sp59boz70.ocx
c:\windows\208z9spambo9655.cpl
c:\windows\209095oz918.cpl
c:\windows\2096noz-a-vi5us293.ocx
c:\windows\20973hac9tool56z.ocx
c:\windows\209aczd5or852.dll
c:\windows\2129zackdoor845.ocx
c:\windows\21322h5ck9ooz73f.ocx
c:\windows\216375acktoo9z2.dll
c:\windows\2194doznloader2955.exe
c:\windows\2199szarse5266.ocx
c:\windows\21a5virz59.cpl
c:\windows\22891trojz75.dll
c:\windows\22f5backdoo9z192.bin
c:\windows\23239vi5z93b1.ocx
c:\windows\2334zhac5tool38a9.ocx
c:\windows\233559oj597z.ocx
c:\windows\233699ack5ooz7b6.ocx
c:\windows\23733hackzool6159.cpl
c:\windows\2391s956z1.cpl
c:\windows\23efzackdo9586.exe
c:\windows\23z9st5al1479.dll
c:\windows\245z1w5r92ae.ocx
c:\windows\24651spyz5b9.bin
c:\windows\24745viru594z.dll
c:\windows\24912spy65z.cpl
c:\windows\24913worz195.cpl
c:\windows\2515t9zj65a5.cpl
c:\windows\25169virus2e0z.ocx
c:\windows\25469tr5j3z.ocx
c:\windows\25554virzs91.bin
c:\windows\2559zddware2954.ocx
c:\windows\25759wozm150.ocx
c:\windows\25827ziru957c.cpl
c:\windows\2589zviru556f.bin
c:\windows\25d7downzoader6369.bin
c:\windows\25zathrea96279.cpl
c:\windows\26199not-a-ziru55af.ocx
c:\windows\26275s9y21z5.exe
c:\windows\26368w59m159z.exe
c:\windows\26695not-z-virus2a4.ocx
c:\windows\26z4download5r17919.dll
c:\windows\27159spazbot9d5.cpl
c:\windows\2752ste9l1z64.dll
c:\windows\2752zha9ktool659.ocx
c:\windows\27728spa5bot9fcz.exe
c:\windows\28278vir596z8.cpl
c:\windows\28478zackto9l54e.exe
c:\windows\28509virus4z5.dll
c:\windows\287z2tr5j299.dll
c:\windows\28993n5t-a-vizus18f.dll
c:\windows\289aspyware25z9.exe
c:\windows\29130not-a-vi5uszdc.dll
c:\windows\29390n59-a-viruz1a4.bin
c:\windows\294z8ha5kt9ol1f3.ocx
c:\windows\29990v9rus5z4.ocx
c:\windows\299zthief24775.exe
c:\windows\299zvirus535.bin
c:\windows\29aesparsez205.exe
c:\windows\29af59dwarz187.ocx
c:\windows\29z055orm1e7.cpl
c:\windows\2a95szeal599.bin
c:\windows\2d2f9zreat756.cpl
c:\windows\2e19baczdoo5291.cpl
c:\windows\2z417w59m256.bin
c:\windows\2z5dbackdoor590.cpl
c:\windows\2z96sp5rse1462.ocx
c:\windows\305zparse14539.exe
c:\windows\30z99spambot495.bin
c:\windows\31259not9a-5izus511.cpl
c:\windows\3129ztr5j527.ocx
c:\windows\314z5h9ef392.ocx
c:\windows\315spy9arez19.bin
c:\windows\31ec9hreat466z5.exe
c:\windows\31z66w5rm39d.ocx
c:\windows\3290szar5e979.cpl
c:\windows\33aabackdozr28559.ocx
c:\windows\33b5zteal3947.exe
c:\windows\348edo9zloader5515.bin
c:\windows\3496downz59der2074.cpl
c:\windows\34e6thr9zt27935.dll
c:\windows\3504spambo5579z.dll
c:\windows\35295ir126z.bin
c:\windows\35359trzj5749.cpl
c:\windows\3655s9zal240.dll
c:\windows\3670t5iez559.dll
c:\windows\36dct9zeat5151.dll
c:\windows\3953zhief2170.cpl
c:\windows\39ecstz5l49.dll
c:\windows\39z5ba9kdoor3205.exe
c:\windows\3a70backdzor23795.cpl
c:\windows\3de9spa9se125z.ocx
c:\windows\3e5bsp5zare293.ocx
c:\windows\3e929ddware20z25.exe
c:\windows\3ebz5r27059.ocx
c:\windows\3z548spambo9153.ocx
c:\windows\3z5c5hie92529.ocx
c:\windows\3z7655ackt9ol35c.dll
c:\windows\3z858n9t-a-virus5d.cpl
c:\windows\40d9s5ars9z819.cpl
c:\windows\4191spy5aaz.ocx
c:\windows\43e6sparse15z9.bin
c:\windows\4446vzru5395.ocx
c:\windows\44ezhreat291965.bin
c:\windows\452ezownloader25169.exe
c:\windows\4559zpambot698.cpl
c:\windows\458dthiez394.dll
c:\windows\4599spazbot6c3.dll
c:\windows\459z9ddw5re89.cpl
c:\windows\45a0downloazer2309.dll
c:\windows\45cdzownl5ader1908.bin
c:\windows\4621th5ef79z.dll
c:\windows\4745add9aze109.cpl
c:\windows\479zhre9t248185.exe
c:\windows\491bsp9rse2z05.ocx
c:\windows\495abackzoor590.exe
c:\windows\499zvi92512.cpl
c:\windows\49z95hief2299.cpl
c:\windows\4azbdownloa5e91058.exe
c:\windows\4b97spyzare15135.exe
c:\windows\4bcdoznl5ader16889.ocx
c:\windows\4e9fthrza52848.bin
c:\windows\4ed6tzie51989.ocx
c:\windows\4z96vi595.dll
c:\windows\4zcesteal35179.cpl
c:\windows\5093thief9693z.ocx
c:\windows\5139zspy7e79.dll
c:\windows\515z0worm295.cpl
c:\windows\51dzt5ief1729.bin
c:\windows\52a9thizf5485.ocx
c:\windows\52cc9ownloader583z.ocx
c:\windows\538159reatz0990.dll
c:\windows\538thie928z7.bin
c:\windows\5395w9rz2ef.cpl
c:\windows\54551vir9z776.cpl
c:\windows\54b3v9z1493.dll
c:\windows\5530spywar5z79.cpl
c:\windows\55379zy3d.dll
c:\windows\55903zroj95c.bin
c:\windows\55daszy9are1770.exe
c:\windows\55fd9teal556z.ocx
c:\windows\56096zroje5.cpl
c:\windows\57b35teal9z73.dll
c:\windows\5805backd9or3z28.dll
c:\windows\580zsteal951.dll
c:\windows\58c4zackdoo92946.dll
c:\windows\58z35hacktoo970d.exe
c:\windows\590eadzw9r5940.exe
c:\windows\59195worm3ez.ocx
c:\windows\59588spz94.bin
c:\windows\59778spzmbo96fe.ocx
c:\windows\59a5vir590z.cpl
c:\windows\5a8zb5ckd9or2375.cpl
c:\windows\5a8zv9r2725.exe
c:\windows\5c13thie91959z.bin
c:\windows\5d98thiez159.cpl
c:\windows\5da9dowzloader2848.exe
c:\windows\5dfz9parse2132.dll
c:\windows\5e0backzoor1998.ocx
c:\windows\5e7zvir1295.ocx
c:\windows\5e89steal929z.cpl
c:\windows\5eczthreat10927.exe
c:\windows\5f375zck9oor631.dll
c:\windows\5fazthrea927748.bin
c:\windows\5fc95parse9179z.bin
c:\windows\5z1ddownloader659.ocx
c:\windows\5z395acktool179.exe
c:\windows\5z8th9ef1207.bin
c:\windows\5zv9r1453.dll
c:\windows\6054zir5968.bin
c:\windows\60ecdo9nl5adez1974.ocx
c:\windows\612d5wnl9adez1915.exe
c:\windows\6145sparsz10779.dll
c:\windows\62d8bac95oor227z.ocx
c:\windows\631zsp9558.exe
c:\windows\634bspywa59z487.cpl
c:\windows\63edspyw9re543z.cpl
c:\windows\6439tzief25015.cpl
c:\windows\64b5zo5n9oader2590.cpl
c:\windows\65a5vzr1992.dll
c:\windows\662z59r1088.cpl
c:\windows\67279iruz56d.ocx
c:\windows\6819hac5tzol5de.bin
c:\windows\684b9hreatz6657.cpl
c:\windows\69c2st5alz68.ocx
c:\windows\69z3thie53077.dll
c:\windows\6a5fthreat2516z9.ocx
c:\windows\6b645a9kdoor16z.dll
c:\windows\6ccczp9rs5823.cpl
c:\windows\6ce8d9wzloader1556.cpl
c:\windows\6d52szeal17169.bin
c:\windows\6f53vz952.exe
c:\windows\6ze7spars52937.dll
c:\windows\7095spyware964z.dll
c:\windows\71z7th5ea921507.cpl
c:\windows\7287tr5jz8a9.dll
c:\windows\7290szeal24595.dll
c:\windows\72z1thief1295.bin
c:\windows\7333zhr5at25918.cpl
c:\windows\748eaddwar51059z.dll
c:\windows\74c5zhi9f2965.bin
c:\windows\7504stzal395.cpl
c:\windows\757zvir31195.bin
c:\windows\75f4zi52939.bin
c:\windows\7639addwaze3125.dll
c:\windows\7662zir5s9b4.dll
c:\windows\7721wo5z89.bin
c:\windows\7745thz9f409.bin
c:\windows\7776backdo5r3z9.cpl
c:\windows\7785spazse16989.cpl
c:\windows\7789sp5zse491.cpl
c:\windows\779dthie5z49.dll
c:\windows\782bd5wnloadez2119.ocx
c:\windows\78z9spyware9512.dll
c:\windows\792cvir5915z.bin
c:\windows\793zdownloa9er1527.exe
c:\windows\7943zi51997.bin
c:\windows\799athreat29z995.dll
c:\windows\7a97zownloade51186.bin
c:\windows\7bf0addwa5e9z89.exe
c:\windows\7c28s5eal9z45.dll
c:\windows\7c3cst9zl2586.exe
c:\windows\7ca4ste5l139z.cpl
c:\windows\7f69b5zkdoor1507.exe
c:\windows\7z50s9ar5e832.dll
c:\windows\8051s5a9zot724.exe
c:\windows\824downloa5er99z1.cpl
c:\windows\8690s9z655.ocx
c:\windows\8765w5rm59z.bin
c:\windows\8d5vzr5559.cpl
c:\windows\8z97s9y15c.ocx
c:\windows\8zfaddw9re9955.bin
c:\windows\90415zam9ot4e3.exe
c:\windows\9114hackto5952z.bin
c:\windows\91267tzoj454.bin
c:\windows\91809spazbo524e.dll
c:\windows\92546zorm5d6.cpl
c:\windows\9255steal1z79.ocx
c:\windows\93865hiefz57.cpl
c:\windows\93b4tzi5f2292.bin
c:\windows\95063virus4zf.exe
c:\windows\95169troz64e.bin
c:\windows\9521tro969z.exe
c:\windows\952zbackdoor2147.cpl
c:\windows\95454zr5j26b.ocx
c:\windows\958zirus7759.cpl
c:\windows\959zspy372.dll
c:\windows\95bbazdw5re2300.bin
c:\windows\95d9s5ealz767.cpl
c:\windows\9650a5dzare2872.dll
c:\windows\9767zparse805.cpl
c:\windows\9797spazbo5495.exe
c:\windows\97afth5eat17697z.bin
c:\windows\9860not-a-vi5us3z8.cpl
c:\windows\98669pzmbo518f.cpl
c:\windows\9956tro52z5.dll
c:\windows\9a7caddware257z.exe
c:\windows\9az2addware805.bin
c:\windows\9b5e5zr2698.ocx
c:\windows\9c58vir2z9.ocx
c:\windows\9ca1dzw5loader2669.dll
c:\windows\9d2th5e916z2.ocx
c:\windows\9e28addwzre65.bin
c:\windows\9f95tezl192.ocx
c:\windows\9z725pyab.cpl
c:\windows\9z85ir52.bin
c:\windows\9z909virus655.exe
c:\windows\9z964spy6545.cpl
c:\windows\a02downloaz9r11545.dll
c:\windows\a0bazdw59e703.bin
c:\windows\a96sz9w5re536.bin
c:\windows\aa5thie95156z.ocx
c:\windows\c5cvzr30879.dll
c:\windows\cecba9k5oorz41.exe
c:\windows\dc35teaz3978.bin
c:\windows\ec9spars5745z.exe
c:\windows\ef95ackdoor196z.cpl
c:\windows\f59zp5rse2466.bin
c:\windows\f5ath9ef16z1.exe
c:\windows\f955aczdoor1982.exe
c:\windows\recover.reg
c:\windows\run.log
c:\windows\system32\10376z9amb5t5b1.bin
c:\windows\system32\1046z9roj659.dll
c:\windows\system32\107z3tro935f.exe
c:\windows\system32\10955szam9ot92.exe
c:\windows\system32\11102hackto9l6az5.ocx
c:\windows\system32\113fs5ywaz92141.cpl
c:\windows\system32\115z5ir9923.bin
c:\windows\system32\1175zsp550a9.cpl
c:\windows\system32\11888spam5o92z8.bin
c:\windows\system32\118z1s9amb5t1a7.bin
c:\windows\system32\119395arsez654.dll
c:\windows\system32\1193not-a-virzs565.ocx
c:\windows\system32\128495roj59z9.bin
c:\windows\system32\12ead95are279z.exe
c:\windows\system32\1333zparse22195.dll
c:\windows\system32\13551troz69b.dll
c:\windows\system32\135z45orm5e9.dll
c:\windows\system32\13679spazb9t57c.dll
c:\windows\system32\1379hacktooz195.ocx
c:\windows\system32\137addwzre6599.exe
c:\windows\system32\139caddwar5289z.cpl
c:\windows\system32\1418zp59are2486.exe
c:\windows\system32\14557ha5kt9zl33f.ocx
c:\windows\system32\14599virus7zf.cpl
c:\windows\system32\14768viruz3659.dll
c:\windows\system32\14932spyz775.ocx
c:\windows\system32\152719ot-5zvirus646.dll
c:\windows\system32\15309zea52958.bin
c:\windows\system32\15556troj97ez.dll
c:\windows\system32\156559pz2dc.exe
c:\windows\system32\1585zwor9155.dll
c:\windows\system32\158z1v9r5s1d.exe
c:\windows\system32\1594tzoj419.cpl
c:\windows\system32\159995ackzool6e9.exe
c:\windows\system32\15z15troj975.cpl
c:\windows\system32\15z29not-a-5irus6959.exe
c:\windows\system32\16157t9oz2c6.ocx
c:\windows\system32\16194szambot985.bin
c:\windows\system32\16556spy593z.cpl
c:\windows\system32\17259noz-a-virus5559.cpl
c:\windows\system32\178azi92757.exe
c:\windows\system32\18065zr11949.exe
c:\windows\system32\18203vir9s2dz5.exe
c:\windows\system32\18657nzt-a-v9rus1d4.ocx
c:\windows\system32\187995pzmbot473.ocx
c:\windows\system32\190569oz-a-virus604.ocx
c:\windows\system32\19069roj575z.bin
c:\windows\system32\1926n95-a-virus2dfz.cpl
c:\windows\system32\192z4wo5m3d9.exe
c:\windows\system32\19945tz5j32e.cpl
c:\windows\system32\19997zroj75c.cpl
c:\windows\system32\19ezaddwar52037.ocx
c:\windows\system32\19zd5ddware2799.exe
c:\windows\system32\1c98backdo9r15z2.cpl
c:\windows\system32\1c98zpyw5re1915.bin
c:\windows\system32\1d97tzrea51136.ocx
c:\windows\system32\1e0dv953z19.exe
c:\windows\system32\1ec5zh9ef591.cpl
c:\windows\system32\1z542sp9mbot59d.exe
c:\windows\system32\1z5925or9558.cpl
c:\windows\system32\1z97595cktool4ad.dll
c:\windows\system32\1ze5sparse1619.ocx
c:\windows\system32\202z1sp5mb9t239.ocx
c:\windows\system32\2067hacktz954af.ocx
c:\windows\system32\206znot-a-virus159.dll
c:\windows\system32\20759troj2z8.dll
c:\windows\system32\20zba59door2955.exe
c:\windows\system32\2125bac9doo52883z.dll
c:\windows\system32\21273v5ru9z06.cpl
c:\windows\system32\22189hacktzo5494.cpl
c:\windows\system32\22532not-9zvirus4b5.bin
c:\windows\system32\22597trojz0b.cpl
c:\windows\system32\22759spa9boz63.exe
c:\windows\system32\2291sp5rze2277.exe
c:\windows\system32\22922noz-a9vir5s7ca.ocx
c:\windows\system32\23251n9t-a5virus520z.cpl
c:\windows\system32\2361a95wzre994.exe
c:\windows\system32\23667not-a-vi9uz4f5.bin
c:\windows\system32\23702tr5j9zb.ocx
c:\windows\system32\23759virus29z.cpl
c:\windows\system32\24266sp9zbo556f.cpl
c:\windows\system32\24390n5tza-virus68e.dll
c:\windows\system32\24817s5y693z.dll
c:\windows\system32\24954not-a5viruz679.exe
c:\windows\system32\25099zpy3099.ocx
c:\windows\system32\25195nzt-9-virus38d.dll
c:\windows\system32\25299virus55az.ocx
c:\windows\system32\252z1worm149.dll
c:\windows\system32\254575zckto9l6f1.exe
c:\windows\system32\2575sz9286.bin
c:\windows\system32\258509zy155.ocx
c:\windows\system32\25cbz5r26809.cpl
c:\windows\system32\25czvir9095.cpl
c:\windows\system32\261279ot-a-viz5s15c.exe
c:\windows\system32\26225not-9-virus65z.ocx
c:\windows\system32\26945wzrm7f3.bin
c:\windows\system32\26a4doznl59der1837.exe
c:\windows\system32\26z95h5cktool15f.exe
c:\windows\system32\2708znot-a-virus9c5.cpl
c:\windows\system32\2749zh5eat3407.exe
c:\windows\system32\27997vir5s2c5z.dll
c:\windows\system32\28161not-a-9iz5s496.ocx
c:\windows\system32\28297troz551.exe
c:\windows\system32\283z5troj9d2.exe
c:\windows\system32\28addow9loade5744z.dll
c:\windows\system32\28z499roj5e7.bin
c:\windows\system32\29252worm3afz.dll
c:\windows\system32\29517worm539z.exe
c:\windows\system32\29569ir315z.dll
c:\windows\system32\29588viruz6f3.dll
c:\windows\system32\295975orm6b1z.bin
c:\windows\system32\2997back5ooz12369.bin
c:\windows\system32\2b98d5wzloader298.exe
c:\windows\system32\2bebdown9o5der2769z.bin
c:\windows\system32\2d52ad9warz368.exe
c:\windows\system32\2df3th5eatz57919.dll
c:\windows\system32\2f09threat9z705.dll
c:\windows\system32\2f90download59z566.dll
c:\windows\system32\2z19threa510319.exe
c:\windows\system32\2z59hacktool4d4.dll
c:\windows\system32\2z7faddware57969.dll
c:\windows\system32\300zsp9ware1548.cpl
c:\windows\system32\3088z9o5-a-virus576.bin
c:\windows\system32\3089zir2597.exe
c:\windows\system32\30988zi5u9423.dll
c:\windows\system32\31001spazbot5f19.exe
c:\windows\system32\31457szy92a.dll
c:\windows\system32\31522not-a-vizus4db9.bin
c:\windows\system32\31522trzj691.cpl
c:\windows\system32\3169sp9rse31z05.cpl
c:\windows\system32\31937h5cktool18z.cpl
c:\windows\system32\34c4sz9a51615.exe
c:\windows\system32\3529hackto9l4za.exe
c:\windows\system32\355bzhief9798.bin
c:\windows\system32\357dthiez9725.ocx
c:\windows\system32\3587baczdoor19399.bin
c:\windows\system32\3599s5zal84.exe
c:\windows\system32\375bthrzat22039.ocx
c:\windows\system32\39544not-a5virus7z2.bin
c:\windows\system32\39669ormz5b5.ocx
c:\windows\system32\39809ir17z5.dll
c:\windows\system32\39c9vi95z0.dll
c:\windows\system32\3a77spar9e323z5.cpl
c:\windows\system32\3a7bback9z5r2476.cpl
c:\windows\system32\3d0dspy59ze3030.exe
c:\windows\system32\3e6bzackd9or3525.cpl
c:\windows\system32\3f3dste5l1z96.dll
c:\windows\system32\3z1d95r2816.dll
c:\windows\system32\3z959hacktool40e.exe
c:\windows\system32\3za6spyware95315.ocx
c:\windows\system32\4258hzcktool98.exe
c:\windows\system32\4392bazkdoor1950.exe
c:\windows\system32\44b9spzware31265.ocx
c:\windows\system32\4536hac9tool41z.ocx
c:\windows\system32\4581zot-a-virus98d.dll
c:\windows\system32\45995ir5z7.cpl
c:\windows\system32\45a5vir19z79.bin
c:\windows\system32\45d9backdoor159z.cpl
c:\windows\system32\45z0spy79c.exe
c:\windows\system32\4691spzr5e3167.exe
c:\windows\system32\4895z5y38f.cpl
c:\windows\system32\489athze5580.bin
c:\windows\system32\49995hzeat26041.dll
c:\windows\system32\49fc5zief2211.ocx
c:\windows\system32\4b9eb5ckdozr361.exe
c:\windows\system32\4beedownlo9dz51733.exe
c:\windows\system32\4bz995dware2885.cpl
c:\windows\system32\4c29szyware2415.exe
c:\windows\system32\4c3zspars91588.dll
c:\windows\system32\4c6dt5rezt22987.dll
c:\windows\system32\4c96spzware2458.ocx
c:\windows\system32\4z56downl9ader2399.ocx
c:\windows\system32\502edoznloa5er2498.exe
c:\windows\system32\50fzspy9are768.ocx
c:\windows\system32\512zspars930905.exe
c:\windows\system32\5169steal306z.cpl
c:\windows\system32\51b9vzr674.cpl
c:\windows\system32\5260n5t-a-v9zus5b9.exe
c:\windows\system32\548adown9oaderz917.exe
c:\windows\system32\54z9spy505.ocx
c:\windows\system32\5504steal9z9.cpl
c:\windows\system32\551v59z842.bin
c:\windows\system32\552bszea9119.exe
c:\windows\system32\55785ackzo9r1015.bin
c:\windows\system32\55959teal267z.exe
c:\windows\system32\5598worm4bcz.ocx
c:\windows\system32\559zspy2665.ocx
c:\windows\system32\55bas9ezl2559.bin
c:\windows\system32\55d9spazse1279.exe
c:\windows\system32\55zas9arse1543.bin
c:\windows\system32\5651s9ealz256.ocx
c:\windows\system32\579z9not9a-virus774.cpl
c:\windows\system32\586zspa5se959.dll
c:\windows\system32\58705rojz3f9.exe
c:\windows\system32\58a8spywa9e255z.dll
c:\windows\system32\58z59parse5902.cpl
c:\windows\system32\5914vzr2080.exe
c:\windows\system32\5951azdware1372.exe
c:\windows\system32\5959wormz22.ocx
c:\windows\system32\5982addwzre990.cpl
c:\windows\system32\598549orz2d8.bin
c:\windows\system32\59926hazktool33b.exe
c:\windows\system32\5993downloadzr532.bin
c:\windows\system32\59a7spar5ez79.exe
c:\windows\system32\59c6spywar5z099.dll
c:\windows\system32\59f2addwarez2109.dll
c:\windows\system32\59z5backdoo93156.bin
c:\windows\system32\59z71worm56c.dll
c:\windows\system32\5a15tz9eat26853.cpl
c:\windows\system32\5b5zspyware26199.dll
c:\windows\system32\5c04t9iez1863.bin
c:\windows\system32\5c3cthrezt56799.bin
c:\windows\system32\5c85zr9at18849.cpl
c:\windows\system32\5d399ddware1545z.dll
c:\windows\system32\5d9espywarez106.bin
c:\windows\system32\5da0zackdoor5129.cpl
c:\windows\system32\5e95bzckdoor2010.ocx
c:\windows\system32\5z7bv95756.exe
c:\windows\system32\5za5ba5kdoor2299.dll
c:\windows\system32\60f9t5rezt150049.exe
c:\windows\system32\6150bazkdoor1029.dll
c:\windows\system32\6249sp5waze999.exe
c:\windows\system32\6257wzr9495.ocx
c:\windows\system32\625d9pa5se215z.ocx
c:\windows\system32\62f4t5ze9t23856.ocx
c:\windows\system32\6381zddw59e1852.bin
c:\windows\system32\63a15ddwa9e2882z.bin
c:\windows\system32\64d5zir99075.ocx
c:\windows\system32\65089p5mzot716.dll
c:\windows\system32\650zv5r1939.ocx
c:\windows\system32\6517z5ief2949.ocx
c:\windows\system32\6549viz719.cpl
c:\windows\system32\654aaddware9z05.dll
c:\windows\system32\6562threzt4695.dll
c:\windows\system32\6596tr5j2z7.dll
c:\windows\system32\65z7s9a5se1936.bin
c:\windows\system32\6638stzal5976.exe
c:\windows\system32\66afaddzar92516.bin
c:\windows\system32\66d9threat597z7.bin
c:\windows\system32\6835not-a-vir5s4ze9.exe
c:\windows\system32\691ethief1590z.exe
c:\windows\system32\6922downlzader6455.cpl
c:\windows\system32\6929vi52889z.dll
c:\windows\system32\697dst5alz85.dll
c:\windows\system32\69d4vir1z59.bin
c:\windows\system32\6b48sp5ware9z89.dll
c:\windows\system32\6bf5zo9nloader359.exe
c:\windows\system32\6c9aspa9sz9275.dll
c:\windows\system32\6cc9steal1z345.bin
c:\windows\system32\6d15addwzre3139.bin
c:\windows\system32\6d80backd5or19z.dll
c:\windows\system32\6d9a9aczdoor1058.ocx
c:\windows\system32\6e0bzckd5or359.dll
c:\windows\system32\6efcdoznload9r54.dll
c:\windows\system32\6zf9t9reat81055.dll
c:\windows\system32\7245s9arse2815z.dll
c:\windows\system32\7298hackzo9l4ea5.exe
c:\windows\system32\72z9thi5f1632.bin
c:\windows\system32\73a8tzrea5201229.ocx
c:\windows\system32\751csp9rze1017.ocx
c:\windows\system32\75c9zhreat21255.cpl
c:\windows\system32\75czdow9loader1884.ocx
c:\windows\system32\75eeszarse798.dll
c:\windows\system32\77565i9usz61.cpl
c:\windows\system32\779z5parse2792.ocx
c:\windows\system32\78735r9j19z.dll
c:\windows\system32\788t9zef24815.cpl
c:\windows\system32\79525ir2118z.bin
c:\windows\system32\7957spywar92704z.ocx
c:\windows\system32\7a479h5eat275z5.exe
c:\windows\system32\7c05vir29z9.exe
c:\windows\system32\7d59vir117z5.ocx
c:\windows\system32\7e35thie9121z.cpl
c:\windows\system32\7e425ownloadz92564.dll
c:\windows\system32\7e9csparse3z395.dll
c:\windows\system32\7ee9bac5d9oz582.exe
c:\windows\system32\7f935hreat570z.exe
c:\windows\system32\7z6fad5w9re3015.cpl
c:\windows\system32\7zc35hief498.cpl
c:\windows\system32\7zd1b59kdoor1577.cpl
c:\windows\system32\8299sp5mb9z364.exe
c:\windows\system32\83z4spamb594ed.bin
c:\windows\system32\8439spamb9tz685.dll
c:\windows\system32\8488troj3z95.exe
c:\windows\system32\8599spyzec9.dll
c:\windows\system32\869zspy6e5.cpl
c:\windows\system32\892zsp5536.dll
c:\windows\system32\8c2z95eat15003.bin
c:\windows\system32\905z4wor5252.bin
c:\windows\system32\90ccad5wzre1700.cpl
c:\windows\system32\94260vzrusa5.cpl
c:\windows\system32\9431s5arse32z7.dll
c:\windows\system32\947vi5z001.dll
c:\windows\system32\94a9do5nloader24z9.exe
c:\windows\system32\9514stealz217.dll
c:\windows\system32\9515wozm785.dll
c:\windows\system32\95452zpambot5e0.ocx
c:\windows\system32\9555bazkdoor3176.ocx
c:\windows\system32\9563backzoor1997.bin
c:\windows\system32\9565zpambot197.exe
c:\windows\system32\9592zir3265.exe
c:\windows\system32\9593doznloader459.cpl
c:\windows\system32\9607not-a-5zrus22d.dll
c:\windows\system32\963875pambotzde.bin
c:\windows\system32\9645zorm53e9.ocx
c:\windows\system32\96505spamzotd5.dll
c:\windows\system32\96b4zackdoo5348.dll
c:\windows\system32\974down5oazer3139.exe
c:\windows\system32\97510troj8z.exe
c:\windows\system32\9795ddwarz958.exe
c:\windows\system32\97z14worm1fa5.bin
c:\windows\system32\9984tro9355z.dll
c:\windows\system32\99e95dzare2459.ocx
c:\windows\system32\9ab3s5eal2737z.dll
c:\windows\system32\9acdownload5r766z.cpl
c:\windows\system32\9c29thzeat56582.exe
c:\windows\system32\9z55backdoor5214.ocx
c:\windows\system32\9z982spambot625.cpl
c:\windows\system32\a23downlo5dez24059.cpl
c:\windows\system32\ae7thzea58699.bin
c:\windows\system32\cd0backzoo92595.cpl
c:\windows\system32\cz0do5nl9ader2755.exe
c:\windows\system32\d25vi94z3.bin
c:\windows\system32\d39addwarz9589.bin
c:\windows\system32\dc69iz2555.bin
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\e305ackzoor1479.dll
c:\windows\system32\e5dthrezt39429.cpl
c:\windows\system32\eafd9wnloader25z6.cpl
c:\windows\system32\ESQULujyjfjyxanqombjoxpppaimppncjktpu.dll
c:\windows\system32\f9cthreatz775.cpl
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\uninstall.exe
c:\windows\system32\z091sp5ware3057.ocx
c:\windows\system32\z1a95ddware1919.exe
c:\windows\system32\z3909sp5603.dll
c:\windows\system32\z413vir19695.ocx
c:\windows\system32\z4194tr5j4ee.dll
c:\windows\system32\z459irus592.cpl
c:\windows\system32\z50cspyware289.cpl
c:\windows\system32\z527not5a-v9rus451.ocx
c:\windows\system32\z5477spy79f9.dll
c:\windows\system32\z558959rus7a9.dll
c:\windows\system32\z5904spambot505.cpl
c:\windows\system32\z5931spy751.ocx
c:\windows\system32\z59evir1019.bin
c:\windows\system32\z609wor9765.exe
c:\windows\system32\z6545virus59e.dll
c:\windows\system32\z75fs5e9l1106.bin
c:\windows\system32\z79w9rm59c.bin
c:\windows\system32\z8325not-5-virus5bc9.exe
c:\windows\system32\z8435h59ktool6ab.ocx
c:\windows\system32\z889spar5e2196.ocx
c:\windows\system32\z89f5o9nloader1695.cpl
c:\windows\system32\z92not-9-virus6665.bin
c:\windows\system32\z9395tro95e5.exe
c:\windows\system32\z976steal9265.bin
c:\windows\system32\zb62sp9ware395.dll
c:\windows\system32\zb8d9hreat50675.dll
c:\windows\system32\zc115ir2699.bin
c:\windows\system32\zdcft5ief529.ocx
c:\windows\system32\zde9v952045.ocx
c:\windows\system32\ze98threa51599.exe
c:\windows\z053backdoor2927.exe
c:\windows\z2185wo5m906.exe
c:\windows\z28download591615.cpl
c:\windows\z355vi91259.bin
c:\windows\z365th9ef289.bin
c:\windows\z3702h9cktool3495.dll
c:\windows\z37919ot-a-5irus74f.cpl
c:\windows\z39steal13035.exe
c:\windows\z433vi95175.exe
c:\windows\z5045spy59.ocx
c:\windows\z5199spambot6c5.cpl
c:\windows\z559back9oor257.dll
c:\windows\z711spamb9t7ea5.dll
c:\windows\z871spars91057.bin
c:\windows\z8941v5rus5e2.ocx
c:\windows\z9187spambot5.ocx
c:\windows\z9755troj7d.dll
c:\windows\z990downlo59er1150.exe
c:\windows\z99esteal195.ocx
c:\windows\z9ethi5f8.exe
c:\windows\za9fs5arse154.exe
c:\windows\zc39threa57801.ocx
c:\windows\zd5aaddwa9e1455.dll
c:\windows\zf56spyware891.cpl
E:\Autorun.inf

La copia infetta di c:\windows\system32\midimap.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\VistaMizer\old\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Creati Da 2009-12-06 al 2010-01-06 )))))))))))))))))))))))))))))))))))
.

2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-05 20:37 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 19:43 . 2010-01-06 16:55 763904 ----a-w- c:\windows\system32\drivers\dqmnru.sys
2010-01-05 19:43 . 2010-01-05 19:43 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-28 14:16 . 2009-12-28 14:17 -------- d-----w- c:\programmi\GfedEuroit73F
2009-12-27 12:23 . 2010-01-05 20:57 -------- d-----w- c:\programmi\Native Instruments
2009-12-24 17:26 . 2009-12-24 17:26 -------- d-----w- c:\programmi\ESET
2009-12-23 11:26 . 2009-12-23 11:26 -------- d-----w- c:\programmi\SlySoft
2009-12-22 16:08 . 2009-12-22 16:08 253952 ------w- c:\windows\Setup1.exe
2009-12-22 16:08 . 2009-12-22 16:08 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 15:44 . 2009-12-21 15:46 -------- d-----w- c:\programmi\Lame for Audacity

[stix]

ecco l'altra meta


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:43 . 2010-01-05 19:43 20 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\fvgqad.dat
2010-01-05 17:47 . 2009-03-24 18:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-01-05 15:30 . 2009-07-31 22:08 -------- d-----w- c:\programmi\File comuni\Nero
2010-01-05 15:29 . 2009-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-01-05 13:03 . 2008-03-23 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-29 19:43 . 2008-01-19 12:08 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2009-12-24 17:18 . 2009-11-18 10:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESET
2009-12-22 13:26 . 2009-06-28 19:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Audacity
2009-12-18 16:16 . 2009-03-21 21:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2009-12-18 16:14 . 2009-05-27 16:57 -------- d-----w- c:\programmi\GIMP-2.0
2009-12-17 16:08 . 2009-11-11 12:02 -------- d-----w- c:\programmi\VS Revo Group
2009-12-06 19:03 . 2009-12-06 19:03 7276 ----a-w- c:\windows\system32\5cs9arse3z.dll
2009-12-02 15:10 . 2009-12-02 15:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-30 14:28 . 2008-05-14 19:22 -------- d-----w- c:\programmi\Windows Live
2009-11-25 13:23 . 2009-11-25 13:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall
2009-11-10 12:50 . 2009-11-10 12:50 311053 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\xpiar.exe
2009-10-25 13:08 . 2004-08-30 10:50 81512 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 13:08 . 2004-08-30 10:50 468772 ----a-w- c:\windows\system32\perfh010.dat
2009-03-16 12:36 . 2009-03-16 12:36 13264160 ----a-w- c:\programmi\dxnt.cab
2009-03-16 12:36 . 2009-03-16 12:36 1155483 ----a-w- c:\programmi\BDANT.cab
2009-03-16 12:36 . 2009-03-16 12:36 975148 ----a-w- c:\programmi\BDAXP.cab
2009-03-16 12:36 . 2009-03-16 12:36 95296 ----a-w- c:\programmi\dxupdate.cab
2009-03-16 12:36 . 2009-03-16 12:36 1691464 ----a-w- c:\programmi\dsetup32.dll
2009-03-16 12:36 . 2009-03-16 12:36 44444 ----a-w- c:\programmi\dxdllreg_x86.cab
2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\programmi\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\programmi\DSETUP.dll
2008-07-18 18:42 . 2008-07-17 16:13 38860944 ----a-w- c:\programmi\GoogleSketchUpWIT.exe
2000-04-04 16:13 . 2009-01-07 21:12 13277 ----a-w- c:\programmi\FB63U.CAT
2000-04-04 16:12 . 2009-01-07 21:12 14605 ----a-w- c:\programmi\FB63UNT.CAT
2000-03-27 11:49 . 2009-01-07 21:12 5381 ----a-w- c:\programmi\FB63u.inf
2000-03-24 15:10 . 2009-01-07 21:12 2703 ----a-w- c:\programmi\Readme.txt
2009-06-05 10:31 . 2009-06-05 10:31 8 --sh--r- c:\windows\system32\6A317A8ED6.sys
2009-06-05 10:31 . 2009-06-05 10:30 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2009-04-29 . 92769488990F34EDB22157AF360B2312 . 3821056 . . [7.00.6000.16850] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-04-29 . 92769488990F34EDB22157AF360B2312 . 3821056 . . [7.00.6000.16850] . . c:\windows\system32\mshtml.dll
[-] 2009-04-29 . 92769488990F34EDB22157AF360B2312 . 3821056 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-04-29 . B49494080ED7D6D749D65786494ABD9A . 3596288 . . [7.00.6000.16850] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-20 . DE364398A00B79DD448874155977EC0B . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . 0FB585ED87F8D0B0F19934EE1D733B24 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[7] 2008-12-13 . CA3BD4783DC7CA85E949EA6FF5906617 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[7] 2008-10-17 . 6325783D4583E0EEBF26AA1286F26E70 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[7] 2008-08-27 . BBB7E4E7A8A232AD5B995B8049B56711 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[7] 2008-06-24 . 080DEB244585EB5772F6E6DEA75B4380 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 . 4BE72F3F57BF111BE500F6681006E3D4 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[7] 2008-04-23 . 3B3A745E1C92A877C3F237ADFBA8348C . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-02-16 . 8DFA721537D325795C6FA53911F3BCB7 . 3080704 . . [6.00.2900.3314] . . c:\windows\ie7\mshtml.dll
[-] 2008-02-16 . 7651992743B4FA4D3F361258CCE69076 . 3087872 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2006-02-01 . F3701B305DBD8A6CD781AC4DA76FF23B . 3035648 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[-] 2006-01-31 . 0FA644C92A6E8601CBD9497AA747D5E3 . 3033088 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 2005-07-20 . 2F50312900A9DD0DFFB5E72D26819A0C . 3014144 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[7] 2004-08-19 . B0D7B00D4FDC5BB8203E0A38D15CBAA2 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB896727$\mshtml.dll

[-] 2009-08-04 . B591BF7D603926A0465B42E93F6AA44D . 2192896 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 1A170E77374594CA4C5D4CA2AB1DE2FF . 2189696 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . 76E56DCF3A82E429115900175F235FB2 . 2184064 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP2GDR\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . AAC0F03E70F066D2E13FA2BA534BB2A8 . 2192768 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-09 . AA2688C803A7528C825184412DF97716 . 2406400 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-09 . AA2688C803A7528C825184412DF97716 . 2406400 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 . AA2688C803A7528C825184412DF97716 . 2406400 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\VistaMizer\old\ntoskrnl.exe
[7] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . ED4846E64DE6152FBE327FF720EF27BE . 2146304 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . 0F93D9366B222D63F9402F7ED45CF2A4 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 342E4C3B30464ACBE454693FC8A099A0 . 2141184 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2005-10-12 . 86D9C7EC538AD1CC6F81A91C4C7370C8 . 2139648 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-09-29 . 20006884C3930819DB5FA8766135ECA1 . 2139648 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
[-] 2005-03-02 . C120A33C71E706545CF26D6276BC0344 . 2183296 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2004-08-19 . 8AB08C18BED548F7A534E9650911F660 . 2151936 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2009-04-29 . 93F9E68FF045D1B569990C6AB6D9C9C2 . 928768 . . [7.00.6000.16850] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-04-29 . 93F9E68FF045D1B569990C6AB6D9C9C2 . 928768 . . [7.00.6000.16850] . . c:\windows\system32\wininet.dll
[-] 2009-04-29 . 93F9E68FF045D1B569990C6AB6D9C9C2 . 928768 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 . B7DFEFC4FC10B8AC464FCDCA309267B6 . 827392 . . [7.00.6000.16850] . . c:\windows\VistaMizer\old\wininet.dll
[7] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . 0F74B461F95EC8373FFF5990DC619A75 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . EF1520F95DD25F48C18502005F5EE995 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . A4C79606C0D9835E8A5A8E5E5804AE60 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 . D590241CADEC69A1BC157DC0452C92D1 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . 4B54220877703198E55F61CB7B87979E . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . FE184A2B736F216CCC22ABEEBB40787D . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 . C1089010BCC3FD01056D26E9A36BBB79 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-02-16 . 3CBCB268E9DCF7AC46B66559B3D7AF97 . 668672 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-02-16 . 0B53B6830E676391968768A29ACDF91F . 662016 . . [6.00.2900.3314] . . c:\windows\ie7\wininet.dll
[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2006-01-09 . B196C4C7C33B1233FA005490BE7D54F9 . 660992 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2006-01-09 . B404779B16EB2CD8C574FB343D277521 . 664576 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
[-] 2005-07-03 . 70133360C8BD14D3C8345F5EE54BAC5B . 662016 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2004-08-19 . 27966534A0820CD3BD988BD1517C8FF2 . 658944 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB896727$\wininet.dll

[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\bak\ctfmon.exe

[-] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7DF79C43603FBDB4399841FD7FC4C50A . 2069760 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 050E3F721A57B5B33313F3EB202EDC30 . 2066688 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 5756F58B3B4C1285969EDB847D559F18 . 2061440 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\dc391c8477770a35114bb8ac1f9d4164\SP2GDR\ntkrnlpa.exe
[7] 2009-02-10 . 310B4DD8E34D9281D609B5EBDFDE34A7 . 2069760 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-09 . 883A042A1658B37C9AB4ECB2B2624CE4 . 2285056 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-09 . 883A042A1658B37C9AB4ECB2B2624CE4 . 2285056 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 . 883A042A1658B37C9AB4ECB2B2624CE4 . 2285056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 158FC15417E99D04ECB58A7BB34201A8 . 2024448 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 93FB9D817B37DF1191B73DB7BC2F4006 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 . 7EDDC44BFACB2CDC0AE4D555D7FFDF8E . 2020864 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2005-10-12 . 471DFE4FB561DE9CBAAD45FF3A13DFB8 . 2018816 . . [5.1.2600.2774] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2005-09-29 . ADFCEEF3FEE09B2C0FFC8C8BFEFE6D13 . 2019328 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
[-] 2005-03-02 . DE16030E8209FD96EEB06D9E3D8C84A8 . 2060672 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2004-08-19 . 4B42A1C0085CE18E4BE81A25A3D1C9CF . 2018816 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-20 08:11 . 2005-05-20 08:11 925696 c:\programmi\Analog Devices\Core\bak\smax4pnp.exe

2006-08-21 18:08 . 2005-05-06 12:06 716800 c:\programmi\Analog Devices\SoundMAX\bak\Smax4.exe

2007-02-25 16:52 . 2004-01-14 01:10 409600 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE

2003-11-28 01:19 . 2003-11-28 01:19 733184 c:\programmi\Corel\Corel Graphics 12\Languages\IT\Programs\bak\Registration.exe

2007-02-09 16:00 . 2007-02-09 16:00 406016 c:\programmi\Grisoft\AVG Free\bak\avgcc.exe

2005-02-16 21:11 . 2005-02-16 21:11 49152 c:\programmi\Hp\HP Software Update\bak\HPWuSchd2.exe

2006-08-21 18:33 . 2006-02-22 06:03 40960 c:\programmi\HPQ\Default Settings\bak\cpqset.exe

2006-08-21 18:20 . 2006-02-14 09:56 122880 c:\programmi\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE

2007-02-09 13:01 . 2005-11-08 10:59 184320 c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe

2006-08-21 18:13 . 2005-11-10 11:03 36975 c:\programmi\Java\jre1.5.0_06\bin\bak\jusched.exe

2006-06-15 11:36 . 2006-06-15 11:36 229376 c:\programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE

2006-06-27 15:21 . 2006-06-27 15:21 1449984 c:\programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe

2007-02-16 08:54 . 2007-02-16 08:54 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-01-05 14:18 . 2009-01-05 14:18 413696 c:\programmi\QuickTime\QTTask.exe

2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

2007-02-13 21:30 . 2007-02-13 21:30 40960 c:\windows\bak\NCLAUNCH.EXe
2007-02-13 21:30 . 2008-05-23 12:06 40960 c:\windows\NCLAUNCH.EXe

2006-08-21 18:41 . 2006-01-23 14:11 802816 c:\windows\CREATOR\bak\Remind_XP.exe

2006-08-21 18:40 . 2005-12-20 13:51 1187840 c:\windows\SMINST\bak\Recguard.exe

2006-08-21 18:41 . 2006-02-15 13:43 892928 c:\windows\SMINST\bak\Scheduler.exe

2004-08-19 08:00 . 2004-08-19 08:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 08:00 . 2008-04-14 02:14 25088 c:\windows\system32\ctfmon.exe

2006-03-23 12:13 . 2006-03-23 12:13 77824 c:\windows\system32\bak\hkcmd.exe

2006-03-23 12:17 . 2006-03-23 12:17 118784 c:\windows\system32\bak\igfxpers.exe

2006-03-23 12:17 . 2006-03-23 12:17 94208 c:\windows\system32\bak\igfxtray.exe

2007-02-09 13:11 . 2001-07-09 10:50 155648 c:\windows\system32\bak\NeroCheck.exe

2006-08-21 18:22 . 2005-08-31 03:20 122940 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{daea5450-a4f3-4d85-a790-f8cda835546a}"= "c:\programmi\Download-ES\tbDown.dll" [2009-01-07 1880600]

[HKEY_CLASSES_ROOT\clsid\{daea5450-a4f3-4d85-a790-f8cda835546a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{daea5450-a4f3-4d85-a790-f8cda835546a}]
2009-01-07 12:51 1880600 ----a-w- c:\programmi\Download-ES\tbDown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{daea5450-a4f3-4d85-a790-f8cda835546a}"= "c:\programmi\Download-ES\tbDown.dll" [2009-01-07 1880600]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{daea5450-a4f3-4d85-a790-f8cda835546a}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DAEA5450-A4F3-4D85-A790-F8CDA835546A}"= "c:\programmi\Download-ES\tbDown.dll" [2009-01-07 1880600]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{daea5450-a4f3-4d85-a790-f8cda835546a}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-05-23 40960]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"GetChristmas"="c:\documents and settings\Administrator\Desktop\GetChristmas.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe" [2005-11-08 184320]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 66864]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-2-9 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2fe0bbd7]
c:\windows\system32\jafotemu.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM2cd3884b]
c:\windows\system32\geyufede.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crtfmon]
c:\docume~1\ADMINI~1\IMPOST~1\Temp\1189326549.dat.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ksiysyk]
c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ksiysyk.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\latotuwisu]
c:\windows\system32\repeseza.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
c:\windows\system32\drivers\svchost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Programmi\\iPod\\bin\\iPodService.exe"=
"c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\WIDCOMM\\Software Bluetooth\\bin\\btwdins.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\BitLord2\\BitLord.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\stefano\\utorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4760:TCP"= 4760:TCP:htivodh

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20.53.28 34824]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11.03.18 169312]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 9.00.00 14336]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20.51.16 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/01/2009 21.50.43 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
S2 gupdate1ca2240a5d49d0a;Servizio di Google Update (gupdate1ca2240a5d49d0a);c:\programmi\Google\Update\GoogleUpdate.exe [21/08/2009 10.20.30 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 9.00.00 25600]
S2 reitohvq;Network Windows;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 9.00.00 14336]
S2 zbxuvxlfw;Task Shell;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 9.00.00 14336]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - dqmnru

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lhptkinq
zbxuvxlfw
reitohvq
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: whataboutadog.com
Trusted Zone: whataboutarabit.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
AddRemove-nmtcab - c:\documents and settings\administrator\impostazioni locali\dati applicazioni\nmtcab.exe
AddRemove-{26fb76a7-4b1e-442d-8b9d-7704cbb56b2a} - c:\programmi\File comuni\Nero\Nero ProductInstaller 4\SetupX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqmnru]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\reitohvq]
"ServiceDll"="c:\windows\system32\xrzikwje.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zbxuvxlfw]
"ServiceDll"="c:\windows\system32\xrzikwje.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1987944545-1339218757-4151644466-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(8968)
c:\windows\system32\SHDOCVW.dll
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\COMRes.dll
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\ICO.EXE
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\iPod\bin\iPodService.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-06 18:06:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-06 17:06

Pre-Run: 5.737.410.560 byte disponibili
Post-Run: 7.241.953.280 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1C5E4D4E17485D10277D2C9CE97AAF1F

[stix]

ecco c'è l'ho fatta

ComboFix.txt

[Luke57]

Ciao, Copia questo codice:

Codice: Seleziona tutto

NetSvcs::
lhptkinq
zbxuvxlfw
reitohvq

Driver::
lhptkinq
zbxuvxlfw
reitohvq

AWF::
c:\programmi\Analog Devices\Core\bak\smax4pnp.exe
c:\programmi\Analog Devices\SoundMAX\bak\Smax4.exe
c:\programmi\Canon\Easy-PrintTo[code][/code]olBox\bak\BJPSMAIN.EXE
c:\programmi\Corel\Corel Graphics 12\Languages\IT\Programs\bak\Registration.exe
c:\programmi\Grisoft\AVG Free\bak\avgcc.exe
c:\programmi\Hp\HP Software Update\bak\HPWuSchd2.exe
c:\programmi\HPQ\Default Settings\bak\cpqset.exe
c:\programmi\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE
20 c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe
c:\programmi\Java\jre1.5.0_06\bin\bak\jusched.exe
c:\programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE
c:\programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe
c:\programmi\QuickTime\bak\qttask.exe
c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
c:\windows\bak\NCLAUNCH.EXe
c:\windows\CREATOR\bak\Remind_XP.exe
c:\windows\SMINST\bak\Recguard.exe
c:\windows\SMINST\bak\Scheduler.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\igfxpers.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\bak\NeroCheck.exe
c:\windows\system32\DLA\bak\DLACTRLW.EXE


File::
c:\windows\system32\5cs9arse3z.dll
c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\xpiar.exe
c:\programmi\Download-ES\tbDown.dll
c:\windows\system32\jafotemu.dll
c:\windows\system32\xrzikwje.dll


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{daea5450-a4f3-4d85-a790-f8cda835546a}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{daea5450-a4f3-4d85-a790-f8cda835546a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{daea5450-a4f3-4d85-a790-f8cda835546a}"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqmnru]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\reitohvq]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zbxuvxlfw]

apri un file di testo (start>esegui>notepad.exe>OK) ci incolli il codice, lo salvi chiamandolo obbligatoriamente CFScrip.txt

Lo trascini con il puntatore del mouse sull'icona di combofix e attendi una nuova scansione + eventuale riavvio. Posta il nuvo report

[stix]

mi dice che il nome CFScrip è ortograficamente non corretto..

ho riprovato piu volte ma non va..

[Luke57]

mi dice che il nome CFScrip è ortograficamente non corretto..

ho riprovato piu volte ma non va..

E' vero, scusami, ma nel copia e incolla ho saltato una "t"". Il file è

CFScript.txt

quindi rinominalo con questo nome e poi esegui la procedura.

[stix]

grazie mille... ecco quello nuovo

ComboFix 10-01-04.01 - Administrator 07/01/2010 19.58.49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1453 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\xpiar.exe"
"c:\programmi\Download-ES\tbDown.dll"
"c:\windows\system32\5cs9arse3z.dll"
"c:\windows\system32\jafotemu.dll"
"c:\windows\system32\xrzikwje.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\xpiar.exe
c:\programmi\Download-ES\tbDown.dll
c:\windows\system32\5cs9arse3z.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LHPTKINQ
-------\Legacy_REITOHVQ
-------\Legacy_ZBXUVXLFW
-------\Service_reitohvq
-------\Service_zbxuvxlfw


((((((((((((((((((((((((( Files Creati Da 2009-12-07 al 2010-01-07 )))))))))))))))))))))))))))))))))))
.

2010-01-07 16:51 . 2010-01-07 18:57 -------- d-----w- C:\ComboFix
2010-01-07 16:45 . 2010-01-07 16:46 -------- d-----w- C:\abc27347a
2010-01-07 16:44 . 2010-01-07 16:44 -------- d-----w- C:\abc295a
2010-01-07 16:40 . 2010-01-07 16:40 -------- d-----w- C:\abc21603a
2010-01-07 16:39 . 2010-01-07 16:39 -------- d-----w- C:\abc21075a
2010-01-07 16:38 . 2010-01-07 16:38 -------- d-----w- C:\abc
2010-01-07 12:47 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-06 17:08 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-05 20:37 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 19:43 . 2010-01-07 19:09 763904 ----a-w- c:\windows\system32\drivers\dqmnru.sys
2010-01-05 19:43 . 2010-01-05 19:43 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-28 14:16 . 2009-12-28 14:17 -------- d-----w- c:\programmi\GfedEuroit73F
2009-12-27 12:23 . 2010-01-07 15:45 -------- d-----w- c:\programmi\Native Instruments
2009-12-24 17:26 . 2009-12-24 17:26 -------- d-----w- c:\programmi\ESET
2009-12-23 11:26 . 2009-12-23 11:26 -------- d-----w- c:\programmi\SlySoft
2009-12-22 16:08 . 2009-12-22 16:08 253952 ------w- c:\windows\Setup1.exe
2009-12-22 16:08 . 2009-12-22 16:08 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 15:44 . 2009-12-21 15:46 -------- d-----w- c:\programmi\Lame for Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 19:05 . 2009-02-05 19:38 -------- d-----w- c:\programmi\Download-ES
2010-01-07 16:45 . 2008-03-23 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 16:38 . 2009-03-24 18:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-01-07 13:17 . 2009-02-21 13:11 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-07 12:54 . 2004-08-30 10:50 81512 ----a-w- c:\windows\system32\perfc010.dat
2010-01-07 12:54 . 2004-08-30 10:50 468772 ----a-w- c:\windows\system32\perfh010.dat
2010-01-05 19:43 . 2010-01-05 19:43 20 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\fvgqad.dat
2010-01-05 15:30 . 2009-07-31 22:08 -------- d-----w- c:\programmi\File comuni\Nero
2010-01-05 15:29 . 2009-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-12-29 19:43 . 2008-01-19 12:08 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2009-12-24 17:18 . 2009-11-18 10:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESET
2009-12-22 13:26 . 2009-06-28 19:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Audacity
2009-12-18 16:16 . 2009-03-21 21:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2009-12-18 16:14 . 2009-05-27 16:57 -------- d-----w- c:\programmi\GIMP-2.0
2009-12-17 16:08 . 2009-11-11 12:02 -------- d-----w- c:\programmi\VS Revo Group
2009-12-02 15:10 . 2009-12-02 15:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-30 14:28 . 2008-05-14 19:22 -------- d-----w- c:\programmi\Windows Live
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001900003i\ngen.exe
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001100002i\mscorsvw.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001f00002i\crashreporter.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000df00002i\firefox.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000800002i\wlcomm.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\18000001d00003i\netsh.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000013800002i\WindowsLiveSync.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001700003i\taskkill.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000007900002i\DXSETUP.exe
2009-11-25 14:00 . 2009-11-25 14:00 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001e00002i\WindowsXP-KB954708-x86-ENU.exe
2009-11-25 13:30 . 2009-11-25 13:30 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\1000000600002i\svchost.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001b00002i\msiexec.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000022b100002i\nd34f5.exe
2009-11-25 13:23 . 2009-11-25 13:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall
2009-10-29 07:42 . 2004-08-19 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2009-04-18 12:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2004-08-19 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-13 10:33 . 2004-08-19 08:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-19 08:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-19 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-16 12:36 . 2009-03-16 12:36 13264160 ----a-w- c:\programmi\dxnt.cab
2009-03-16 12:36 . 2009-03-16 12:36 1155483 ----a-w- c:\programmi\BDANT.cab
2009-03-16 12:36 . 2009-03-16 12:36 975148 ----a-w- c:\programmi\BDAXP.cab
2009-03-16 12:36 . 2009-03-16 12:36 95296 ----a-w- c:\programmi\dxupdate.cab
2009-03-16 12:36 . 2009-03-16 12:36 1691464 ----a-w- c:\programmi\dsetup32.dll
2009-03-16 12:36 . 2009-03-16 12:36 44444 ----a-w- c:\programmi\dxdllreg_x86.cab
2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\programmi\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\programmi\DSETUP.dll
2008-07-18 18:42 . 2008-07-17 16:13 38860944 ----a-w- c:\programmi\GoogleSketchUpWIT.exe
2000-04-04 16:13 . 2009-01-07 21:12 13277 ----a-w- c:\programmi\FB63U.CAT
2000-04-04 16:12 . 2009-01-07 21:12 14605 ----a-w- c:\programmi\FB63UNT.CAT
2000-03-27 11:49 . 2009-01-07 21:12 5381 ----a-w- c:\programmi\FB63u.inf
2000-03-24 15:10 . 2009-01-07 21:12 2703 ----a-w- c:\programmi\Readme.txt
2009-06-05 10:31 . 2009-06-05 10:31 8 --sh--r- c:\windows\system32\6A317A8ED6.sys
2009-06-05 10:31 . 2009-06-05 10:30 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-02-25 16:52 . 2004-01-14 01:10 409600 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE

2007-02-09 13:01 . 2005-11-08 10:59 184320 c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe

2006-06-15 11:36 . 2006-06-15 11:36 229376 c:\programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE

2007-02-16 08:54 . 2007-02-16 08:54 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-01-05 14:18 . 2009-01-05 14:18 413696 c:\programmi\QuickTime\QTTask.exe

2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

2007-02-13 21:30 . 2007-02-13 21:30 40960 c:\windows\bak\NCLAUNCH.EXe
2007-02-13 21:30 . 2008-05-23 12:06 40960 c:\windows\NCLAUNCH.EXe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-05-23 40960]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"GetChristmas"="c:\documents and settings\Administrator\Desktop\GetChristmas.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe" [2005-11-08 184320]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 66864]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-2-9 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2fe0bbd7]
c:\windows\system32\jafotemu.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM2cd3884b]
c:\windows\system32\geyufede.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crtfmon]
c:\docume~1\ADMINI~1\IMPOST~1\Temp\1189326549.dat.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ksiysyk]
c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ksiysyk.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\latotuwisu]
c:\windows\system32\repeseza.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
c:\windows\system32\drivers\svchost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Programmi\\iPod\\bin\\iPodService.exe"=
"c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\WIDCOMM\\Software Bluetooth\\bin\\btwdins.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\BitLord2\\BitLord.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\stefano\\utorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4760:TCP"= 4760:TCP:htivodh

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20.53.28 34824]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11.03.18 169312]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 9.00.00 14336]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20.51.16 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/01/2009 21.50.43 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
S2 gupdate1ca2240a5d49d0a;Servizio di Google Update (gupdate1ca2240a5d49d0a);c:\programmi\Google\Update\GoogleUpdate.exe [21/08/2009 10.20.30 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 9.00.00 25600]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - dqmnru

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 20:09
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqmnru]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1987944545-1339218757-4151644466-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(920)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\COMRes.dll
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\ICO.EXE
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2010-01-07 20:15:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-07 19:15
ComboFix2.txt 2010-01-06 17:06

Pre-Run: 15.358.664.704 byte disponibili
Post-Run: 15.344.590.848 byte disponibili

- - End Of File - - FDC9EFFFBF35121CD83A3CF85BD259DA

[Luke57]

Ciao, stavolta copia il seguente testo che sostituirà l'altro nel file CFScript.txt, poi solita manovra di trascinamento

Codice: Seleziona tutto

Driver::
dqmnru
eitohvq
zbxuvxlfw


File::
c:\windows\system32\drivers\dqmnru.sys
:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\config\systemprofile\Dati applicazioni\fvgqad.dat
c:\windows\system32\jafotemu.dll
c:\windows\system32\geyufede.dll
c:\docume~1\ADMINI~1\IMPOST~1\Temp\1189326549.dat.ex
c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ksiysyk.exe
c:\windows\system32\repeseza.dll
c:\windows\system32\xrzikwje.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2fe0bbd7]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM2cd3884b]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\crtfmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ksiysyk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\latotuwisu]

Poi aggiorna malwarebytse, fai una scansione completa postando il suo report.

[stix]

Ecco il reporter:

Malwarebytes' Anti-Malware 1.44
Versione del database: 3515
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

08/01/2010 14.20.13
mbam-log-2010-01-08 (14-20-06).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 240293
Tempo trascorso: 1 hour(s), 33 minute(s), 46 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 24

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Administrator\Desktop\stefano\donalds\Official-eMule_setup.exe (Adware.NaviPromo) -> No action taken.
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\25184.exe (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\38056.exe (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\90799.exe (Trojan.DNSChanger) -> No action taken.
C:\Programmi\Alfaseeker\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Dati applicazioni\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> No action taken.
C:\Qoobox\Quarantine\C\Programmi\Download-ES\tbDown.dll.vir (Adware.NetPumper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\dqmnru.sys.vir (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP3\A0000802.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP3\A0001914.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP3\A0001996.exe (Adware.ADON) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP3\A0002643.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003370.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003437.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003504.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003571.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003638.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003704.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003772.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP4\A0003840.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP5\A0004040.dll (Adware.NetPumper) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP5\A0004132.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP6\A0004594.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{46616198-43C1-410E-A2C1-948CCBD25CB5}\RP6\A0004695.sys (Malware.Trace) -> No action taken.

[Luke57]

Ciao, seleziona gli elementi trovati da malwarebytes e premi "Rimuovi elementi selezionati". Puoi postare anche il report della seconda scansione di combofix?

[stix]

si eccolo

ComboFix 10-01-04.01 - Administrator 08/01/2010 12.24.36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1394 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\abc.exe
Opzioni usate :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\docume~1\ADMINI~1\IMPOST~1\Temp\1189326549.dat.ex"
"c:\documents and settings\administrator\impostazioni locali\dati applicazioni\ksiysyk.exe"
"c:\windows\system32\config\systemprofile\Dati applicazioni\fvgqad.dat"
"c:\windows\system32\drivers\dqmnru.sys"
"c:\windows\system32\geyufede.dll"
"c:\windows\system32\jafotemu.dll"
"c:\windows\system32\repeseza.dll"
"c:\windows\system32\xrzikwje.dll"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Dati applicazioni\fvgqad.dat
c:\windows\system32\drivers\dqmnru.sys

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DQMNRU
-------\Service_dqmnru


((((((((((((((((((((((((( Files Creati Da 2009-12-08 al 2010-01-08 )))))))))))))))))))))))))))))))))))
.

2010-01-08 11:16 . 2010-01-08 11:16 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-08 11:16 . 2010-01-08 11:16 -------- d-----w- c:\programmi\MSBuild
2010-01-08 11:15 . 2010-01-08 11:15 -------- d-----w- c:\programmi\Reference Assemblies
2010-01-08 11:15 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-08 11:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-08 11:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-08 11:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-08 11:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-08 11:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-08 11:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-08 11:14 . 2010-01-08 11:15 -------- d-----w- C:\5520caff0b684e20f7b72e75b18c
2010-01-08 11:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-08 11:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-07 16:51 . 2010-01-07 18:57 -------- d-----w- C:\ComboFix
2010-01-07 16:45 . 2010-01-07 16:46 -------- d-----w- C:\abc27347a
2010-01-07 16:44 . 2010-01-07 16:44 -------- d-----w- C:\abc295a
2010-01-07 16:40 . 2010-01-07 16:40 -------- d-----w- C:\abc21603a
2010-01-07 16:39 . 2010-01-07 16:39 -------- d-----w- C:\abc21075a
2010-01-07 16:38 . 2010-01-07 16:38 -------- d-----w- C:\abc
2010-01-07 12:47 . 2009-07-10 13:26 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-06 17:08 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-05 20:37 . 2010-01-05 20:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-05 20:37 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 19:43 . 2010-01-05 19:43 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-28 14:16 . 2009-12-28 14:17 -------- d-----w- c:\programmi\GfedEuroit73F
2009-12-27 12:23 . 2010-01-07 15:45 -------- d-----w- c:\programmi\Native Instruments
2009-12-24 17:26 . 2009-12-24 17:26 -------- d-----w- c:\programmi\ESET
2009-12-23 11:26 . 2009-12-23 11:26 -------- d-----w- c:\programmi\SlySoft
2009-12-22 16:08 . 2009-12-22 16:08 253952 ------w- c:\windows\Setup1.exe
2009-12-22 16:08 . 2009-12-22 16:08 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-12-21 15:44 . 2009-12-21 15:46 -------- d-----w- c:\programmi\Lame for Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 11:22 . 2007-02-09 15:59 138296 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-08 11:21 . 2004-08-30 10:50 88896 ----a-w- c:\windows\system32\perfc010.dat
2010-01-08 11:21 . 2004-08-30 10:50 504052 ----a-w- c:\windows\system32\perfh010.dat
2010-01-07 20:24 . 2009-03-24 18:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-01-07 19:05 . 2009-02-05 19:38 -------- d-----w- c:\programmi\Download-ES
2010-01-07 16:45 . 2008-03-23 11:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 13:17 . 2009-02-21 13:11 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-05 15:30 . 2009-07-31 22:08 -------- d-----w- c:\programmi\File comuni\Nero
2010-01-05 15:29 . 2009-07-31 22:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-12-29 19:43 . 2008-01-19 12:08 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2009-12-24 17:18 . 2009-11-18 10:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ESET
2009-12-22 13:26 . 2009-06-28 19:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Audacity
2009-12-18 16:16 . 2009-03-21 21:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2009-12-18 16:14 . 2009-05-27 16:57 -------- d-----w- c:\programmi\GIMP-2.0
2009-12-17 16:08 . 2009-11-11 12:02 -------- d-----w- c:\programmi\VS Revo Group
2009-12-02 15:10 . 2009-12-02 15:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-12-02 13:44 . 2009-12-02 13:44 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-30 14:28 . 2008-05-14 19:22 -------- d-----w- c:\programmi\Windows Live
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001900003i\ngen.exe
2009-11-25 14:05 . 2009-11-25 14:05 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001100002i\mscorsvw.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\4000001f00002i\crashreporter.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000df00002i\firefox.exe
2009-11-25 14:04 . 2009-11-25 14:04 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\400000800002i\wlcomm.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\18000001d00003i\netsh.exe
2009-11-25 14:02 . 2009-11-25 14:02 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000013800002i\WindowsLiveSync.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001700003i\taskkill.exe
2009-11-25 14:01 . 2009-11-25 14:01 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000007900002i\DXSETUP.exe
2009-11-25 14:00 . 2009-11-25 14:00 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001e00002i\WindowsXP-KB954708-x86-ENU.exe
2009-11-25 13:30 . 2009-11-25 13:30 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\1000000600002i\svchost.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\10000001b00002i\msiexec.exe
2009-11-25 13:29 . 2009-11-25 13:29 39936 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall\WLM Lite\40000022b100002i\nd34f5.exe
2009-11-25 13:23 . 2009-11-25 13:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thinstall
2009-10-29 07:42 . 2004-08-19 08:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2009-04-18 12:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2004-08-19 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-13 10:33 . 2004-08-19 08:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-19 08:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-19 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-03-16 12:36 . 2009-03-16 12:36 13264160 ----a-w- c:\programmi\dxnt.cab
2009-03-16 12:36 . 2009-03-16 12:36 1155483 ----a-w- c:\programmi\BDANT.cab
2009-03-16 12:36 . 2009-03-16 12:36 975148 ----a-w- c:\programmi\BDAXP.cab
2009-03-16 12:36 . 2009-03-16 12:36 95296 ----a-w- c:\programmi\dxupdate.cab
2009-03-16 12:36 . 2009-03-16 12:36 1691464 ----a-w- c:\programmi\dsetup32.dll
2009-03-16 12:36 . 2009-03-16 12:36 44444 ----a-w- c:\programmi\dxdllreg_x86.cab
2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\programmi\DXSETUP.exe
2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\programmi\DSETUP.dll
2008-07-18 18:42 . 2008-07-17 16:13 38860944 ----a-w- c:\programmi\GoogleSketchUpWIT.exe
2000-04-04 16:13 . 2009-01-07 21:12 13277 ----a-w- c:\programmi\FB63U.CAT
2000-04-04 16:12 . 2009-01-07 21:12 14605 ----a-w- c:\programmi\FB63UNT.CAT
2000-03-27 11:49 . 2009-01-07 21:12 5381 ----a-w- c:\programmi\FB63u.inf
2000-03-24 15:10 . 2009-01-07 21:12 2703 ----a-w- c:\programmi\Readme.txt
2009-06-05 10:31 . 2009-06-05 10:31 8 --sh--r- c:\windows\system32\6A317A8ED6.sys
2009-06-05 10:31 . 2009-06-05 10:30 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2006-08-25 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 9DAA2190A18739B657B58F794ACF2E47 . 578560 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 488019BFE2B0F9F8CD8394276D5B664A . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 14B5D6B20467DBA209853D65D1F6A124 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-19 . 08447BDFCE5D1B1956F962602381F5C1 . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2007-06-13 . 7E2817A623E16F830B660F81C0FD63DA . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-02-25 16:52 . 2004-01-14 01:10 409600 c:\programmi\Canon\Easy-PrintToolBox\bak\BJPSMAIN.EXE

2007-02-09 13:01 . 2005-11-08 10:59 184320 c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe

2006-06-15 11:36 . 2006-06-15 11:36 229376 c:\programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE

2007-02-16 08:54 . 2007-02-16 08:54 282624 c:\programmi\QuickTime\bak\qttask.exe
2009-01-05 14:18 . 2009-01-05 14:18 413696 c:\programmi\QuickTime\QTTask.exe

2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\bak\SynTPEnh.exe
2006-08-21 18:24 . 2005-11-10 18:04 761945 c:\programmi\Synaptics\SynTP\SynTPEnh.exe

2007-02-13 21:30 . 2007-02-13 21:30 40960 c:\windows\bak\NCLAUNCH.EXe
2007-02-13 21:30 . 2008-05-23 12:06 40960 c:\windows\NCLAUNCH.EXe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 11:37 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-05-23 40960]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"GetChristmas"="c:\documents and settings\Administrator\Desktop\GetChristmas.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\programmi\InterVideo\DVD Check\bak\DVDCheck.exe" [2005-11-08 184320]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2006-2-15 581693]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 66864]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-2-9 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
c:\windows\system32\drivers\svchost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 20:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\Programmi\\File comuni\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Programmi\\iPod\\bin\\iPodService.exe"=
"c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\WIDCOMM\\Software Bluetooth\\bin\\btwdins.exe"=
"c:\\Programmi\\File comuni\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Programmi\\BitLord2\\BitLord.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\stefano\\utorrent.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4760:TCP"= 4760:TCP:htivodh

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20.53.28 34824]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11.03.18 169312]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [19/08/2004 9.00.00 14336]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20.51.16 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/01/2009 21.50.43 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18.08.58 533360]
S2 gupdate1ca2240a5d49d0a;Servizio di Google Update (gupdate1ca2240a5d49d0a);c:\programmi\Google\Update\GoogleUpdate.exe [21/08/2009 10.20.30 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [19/08/2004 9.00.00 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-21 09:20]

2010-01-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-01-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-05-19 11:37]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\wy1yafqv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 12:35
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1987944545-1339218757-4151644466-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,a6,58,1b,cb,6a,77,4b,b1,8f,f7,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(7200)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\programmi\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\COMRes.dll
c:\programmi\HPQ\IAM\Bin\SFSShell.dll
c:\programmi\HPQ\IAM\bin\ItMsg.dll
c:\programmi\HPQ\IAM\bin\1040\SFSShell.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DllHost.exe
c:\programmi\HPQ\IAM\bin\asghost.exe
c:\windows\system32\msdtc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\mqsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\mqtgsvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-08 12:41:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-08 11:41
ComboFix2.txt 2010-01-06 17:06

Pre-Run: 14.795.337.728 byte disponibili
Post-Run: 14.763.769.856 byte disponibili

- - End Of File - - 82D4FB8880F7E5583F8B07B3A15417AD

[silvia.markovina]

Grazie 1000!! Problema risolto
Ciao

Ciao, anch'io non riesco a collegarmi al sito di avast, avg e ad altri siti di antivirus, né con firefox né con explorer e nemmeno ai siti microsoft. Gli altri siti funzionano regolarmente.
Mi sono permessa di inviarvi il file di log di Combofix. Potete darmi una mano?
Grazie 1000!!



ComboFix 10-01-03.05 - Proprietario 04/01/2010 21.55.43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.688 [GMT 1:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-04 al 2010-01-04 )))))))))))))))))))))))))))))))))))
.

2010-01-02 18:37 . 2010-01-02 18:40 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Temp
2010-01-02 18:37 . 2010-01-02 18:37 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Deployment
2010-01-02 18:14 . 2010-01-04 20:55 -------- d-----w- c:\windows\system32\CatRoot2
2009-12-17 19:36 . 2009-12-17 19:36 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Help
2009-12-10 20:19 . 2008-12-08 16:21 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys
2009-12-10 20:19 . 2008-12-08 16:21 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-12-10 20:19 . 2008-12-08 16:21 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Vodafone
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-12-10 20:19 . 2009-12-10 20:19 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2009-12-10 20:19 . 2008-12-08 16:21 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\programmi\Vodafone
2009-12-10 20:18 . 2009-12-10 20:18 -------- d-----w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\{90DDF577-6237-4218-85BC-4261AC7E443B}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 17:20 . 2007-09-26 22:31 1 ----a-w- c:\documents and settings\Proprietario\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-04 17:20 . 2007-09-26 22:30 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\OpenOffice.org2
2009-12-10 20:18 . 2006-12-21 15:57 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-10 20:18 . 2006-03-02 12:00 74210 ----a-w- c:\windows\system32\perfc010.dat
2009-12-10 20:18 . 2006-03-02 12:00 447502 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 20:03 . 2009-04-21 18:21 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\HP
2009-11-15 11:27 . 2007-11-22 23:06 -------- d-----w- c:\programmi\eMule
2009-11-08 15:40 . 2009-11-08 15:36 -------- d-----w- c:\programmi\SopCast
2009-11-08 15:36 . 2009-11-08 15:36 -------- d-----w- c:\programmi\Ask.com
2009-04-20 18:29 . 2009-04-20 18:29 82432 --sha-r- c:\windows\system32\qmldkr.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 17:04 1144712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 68856]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Google Update"="c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-01-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"SMSTray"="c:\programmi\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 32768]

c:\documents and settings\Proprietario\Menu Avvio\Programmi\Esecuzione automatica\
Monitor Apache Servers.lnk - c:\web\WebServer\Apache2\bin\ApacheMonitor.exe [2006-7-27 41042]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ATI CATALYST System Tray.lnk - c:\programmi\ATI Technologies\ATI.ACE\CLI.exe [2004-11-25 32768]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-6-21 67128]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-1-2 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/01/2007 19.13.30 646392]
R0 vburner;vburner;c:\windows\system32\drivers\vburner.sys [16/01/2008 17.55.17 17408]
R2 pgsql-8.1;PostgreSQL Database Server 8.1;c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N "pgsql-8.1" -D "c:\programmi\PostgreSQL\8.1\data\" --> c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N pgsql-8.1 [?]
R2 Tomcat5;Apache Tomcat;c:\programmi\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe [29/08/2004 1.06.16 94208]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/11/2008 11.39.20 14336]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [06/01/2007 19.20.49 59466]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [06/01/2007 19.20.49 538925]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 Remotesvc;Support Center;c:\windows\system32\svchost.exe -k netsvcs [02/03/2006 13.00.00 14336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/12/2009 21.19.03 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [10/12/2009 21.19.54 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [10/12/2009 21.19.36 104960]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Remotesvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34e80a12-9a8d-11db-a5b1-e41825dd69fa}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-839522115-1003Core.job
- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-02 18:37]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-838170752-839522115-1003UA.job
- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-01-02 18:37]

2010-01-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2009-06-04 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\o18inczb.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npitunes.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-LDM - c:\programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 22:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D41E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7893fc3
\Driver\ACPI -> ACPI.sys @ 0xf76f4cb8
\Driver\atapi -> 0x867661e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0004
ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programmi\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remotesvc]
"ServiceDll"="c:\windows\system32\qmldkr.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\programmi\PostgreSQL\8.1\bin\pg_ctl.exe
c:\programmi\PostgreSQL\8.1\bin\postmaster.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\programmi\PostgreSQL\8.1\bin\postgres.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-04 22:11:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-04 21:11

Pre-Run: 92.597.506.048 byte disponibili
Post-Run: 92.923.551.744 byte disponibili

- - End Of File - - 97E08CAE64E70214A3DD81E3D852F130

[Quikka]

ciao Luke, stesso problema, non è che saresti così gentile da aiutare anche me? Ti riporto qui sotto il log di combofix!

ComboFix 10-02-01.03 - Alessia 02/02/2010 13.39.36.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.684 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessia\desktop\abc.exe
Opzioni usate :: /killall

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\9fo3ar0j.exe
D:\y.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-01-02 al 2010-02-02 )))))))))))))))))))))))))))))))))))
.

2047-12-31 23:00 . 2010-01-31 21:27 -------- d-----w- C:\! Lost & Found !
2010-02-01 22:58 . 2010-02-01 22:57 90624 --sh--r- C:\9d6tpg.exe
2010-02-01 11:17 . 2010-02-01 11:18 -------- d-----w- c:\programmi\FLAC
2010-01-30 10:25 . 2010-01-30 10:25 97280 --sh--r- C:\mvmdh.exe
2010-01-27 19:50 . 2010-02-02 10:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-01-27 19:50 . 2010-01-27 19:50 -------- d-----w- c:\programmi\Active Data Recovery Software
2010-01-27 19:10 . 2010-01-27 19:10 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Apple Computer
2010-01-26 20:16 . 2010-01-26 20:15 100864 --sh--r- C:\df.exe
2010-01-26 11:14 . 2010-01-26 11:16 -------- d-----w- c:\windows\ShellNew
2010-01-24 17:45 . 2010-01-24 18:06 126464 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\ss.exe
2010-01-24 17:22 . 2004-08-19 13:00 93184 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\server.exe
2010-01-21 13:07 . 2010-01-21 13:08 -------- d-----w- c:\programmi\VirtualDJ
2010-01-21 12:53 . 2010-01-21 12:53 57344 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-01-21 12:53 . 2010-01-21 12:53 57344 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut1_B56E5B51EA954C948003CC703E2AFAD5.exe
2010-01-21 12:52 . 2010-01-21 12:52 -------- d-----w- c:\programmi\Serato
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7DA8B262C7C0B2B5E2561D.exe
2010-01-18 23:21 . 2010-01-18 23:21 454838 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_7D2C132C50CCB86BED182C.exe
2010-01-18 23:21 . 2010-01-18 23:21 -------- d-----w- c:\programmi\AutomationLabs
2010-01-18 01:05 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-18 01:03 . 2010-01-18 01:03 -------- d-----w- c:\windows\system32\it-IT
2010-01-18 01:00 . 2010-01-18 01:00 63904 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-18 01:00 . 2010-01-18 01:00 -------- d-----w- c:\programmi\MSBuild
2010-01-18 00:59 . 2010-01-18 00:59 -------- d-----w- c:\programmi\Reference Assemblies
2010-01-18 00:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-18 00:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-18 00:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-18 00:44 . 2010-01-18 00:44 -------- d-----w- c:\programmi\MSXML 6.0
2010-01-11 23:04 . 2010-01-11 23:04 -------- d-----w- c:\windows\system32\LogFiles
2010-01-06 16:30 . 2010-01-08 13:47 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-06 16:29 . 2010-01-06 16:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-06 16:29 . 2010-01-06 16:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:57 . 2009-12-09 20:19 18496 ----a-w- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-24 17:43 . 2010-01-18 23:26 341 ----a-w- c:\documents and settings\Alessia\Dati applicazioni\settings.dat
2010-01-18 01:01 . 2004-09-16 14:31 79712 ----a-w- c:\windows\system32\perfc010.dat
2010-01-18 01:01 . 2004-09-16 14:31 479418 ----a-w- c:\windows\system32\perfh010.dat
2010-01-11 12:38 . 2009-12-09 21:47 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-01 17:15 . 2009-12-09 19:41 -------- d-----w- c:\programmi\Intel
2009-12-31 17:24 . 2009-12-31 17:24 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\SharePod
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\programmi\Free Audio Pack
2009-12-31 01:35 . 2009-12-31 01:35 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\FreeAudioPack
2009-12-30 15:59 . 2009-12-30 15:59 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Toshiba
2009-12-30 15:54 . 2009-12-30 15:54 -------- d-----w- c:\programmi\Toshiba
2009-12-29 22:29 . 2009-12-29 22:29 -------- d-----w- c:\programmi\Panda Security
2009-12-29 20:13 . 2009-12-29 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-29 11:53 . 2009-12-29 11:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-27 17:51 . 2009-12-27 17:44 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\PhotoFiltre
2009-12-27 17:44 . 2009-12-27 17:44 -------- d-----w- c:\programmi\PhotoFiltre
2009-12-26 14:09 . 2009-12-26 14:06 175080 ------w- c:\windows\hpoins29.dat
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\File comuni\HP
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-26 14:09 . 2009-12-26 14:09 -------- d-----w- c:\programmi\File comuni\Hewlett-Packard
2009-12-26 14:08 . 2009-12-26 14:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-12-26 14:07 . 2009-12-26 14:07 -------- d-----w- c:\programmi\HP
2009-12-24 00:31 . 2009-12-24 00:31 -------- d-----w- c:\programmi\Google
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\programmi\QuickTime
2009-12-10 10:47 . 2009-12-10 10:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\File comuni\Apple
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\programmi\Apple Software Update
2009-12-10 10:46 . 2009-12-10 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-12-09 23:11 . 2009-12-09 23:11 -------- d-----w- c:\programmi\MSN BackUp
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\vlc
2009-12-09 22:55 . 2009-12-09 22:55 -------- d-----w- c:\programmi\VideoLAN
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut2_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 69632 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\NewShortcut1_B358DA4D0918436EA0E64813B1E5965A.exe
2009-12-09 22:52 . 2009-12-09 22:52 10134 ----a-r- c:\documents and settings\Alessia\Dati applicazioni\Microsoft\Installer\{B358DA4D-0918-436E-A0E6-4813B1E5965A}\ARPPRODUCTICON.exe
2009-12-09 22:30 . 2009-12-09 22:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-12-09 22:29 . 2009-12-09 22:29 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\ACD Systems
2009-12-09 22:27 . 2009-12-09 22:27 -------- d-----w- c:\programmi\Yahoo!
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\File comuni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ACD Systems
2009-12-09 22:24 . 2009-12-09 22:24 -------- d-----w- c:\programmi\ACD Systems
2009-12-09 22:23 . 2009-12-09 22:23 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-12-09 22:15 . 2009-12-09 22:10 -------- d-----w- c:\programmi\File comuni\Ahead
2009-12-09 22:14 . 2009-12-09 22:14 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Ahead
2009-12-09 22:10 . 2009-12-09 22:10 -------- d-----w- c:\programmi\Nero
2009-12-09 22:05 . 2009-12-09 22:05 -------- d-----w- c:\programmi\AC3Filter
2009-12-09 22:04 . 2009-12-09 22:04 -------- d-----w- c:\programmi\Xvid
2009-12-09 21:53 . 2009-12-09 21:53 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Microsoft
2009-12-09 21:46 . 2009-12-09 21:45 -------- d-----w- c:\programmi\Windows Live
2009-12-09 21:46 . 2009-12-09 21:46 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-12-09 21:40 . 2009-12-09 21:40 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-12-09 20:48 . 2009-12-09 20:48 -------- d-----w- c:\programmi\eMule
2009-12-09 20:37 . 2009-12-09 20:37 0 ----a-w- c:\windows\nsreg.dat
2009-12-09 20:26 . 2009-12-09 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-12-09 20:25 . 2009-12-09 19:36 -------- d-----w- c:\programmi\ASUS
2009-12-09 20:04 . 2009-12-09 20:04 -------- d-----w- c:\programmi\CONEXANT
2009-12-09 20:00 . 2009-12-09 20:00 -------- d-----w- c:\programmi\ATI Technologies
2009-12-09 20:00 . 2009-12-09 19:34 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-09 19:44 . 2009-12-09 20:09 -------- d-----w- c:\documents and settings\Alessia\Dati applicazioni\Symantec
2009-12-09 19:39 . 2009-12-09 19:39 -------- d-----w- c:\programmi\Synaptics
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\Realtek
2009-12-09 19:34 . 2009-12-09 19:34 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-12-09 19:32 . 2009-12-09 19:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SBSI
2009-12-09 19:32 . 2009-12-09 19:26 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-09 19:27 . 2009-12-09 19:27 -------- d-----w- c:\programmi\microsoft frontpage
2009-12-09 19:25 . 2009-12-09 19:25 -------- d-----w- c:\programmi\Servizi in linea
2009-12-09 19:24 . 2009-12-09 19:24 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-21 14:18 . 2004-09-16 14:31 162569 --sha-r- c:\windows\system32\lcebzg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-09 133104]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-05-11 102400]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-24 14477312]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-03-02 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\Msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"svchost.exe"= c:\windows\\svchost.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2736:TCP"= 2736:TCP:ffncq

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/12/2009 23.31.19 28552]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [09/12/2009 20.04.01 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [09/12/2009 20.04.01 27264]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/01/2010 17.29.31 691696]
S2 cfxgsqp;Update Network;c:\windows\system32\svchost.exe -k netsvcs [16/09/2004 15.31.20 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cfxgsqp
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005Core.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-180221306-2647937500-2557348874-1005UA.job
- c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-09 20:38]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {F3BD2A21-8407-48C9-9E30-5549CEBE21F9} = 62.149.128.4,62.149.132.4
FF - ProfilePath - c:\documents and settings\Alessia\Dati applicazioni\Mozilla\Firefox\Profiles\y06ax6ns.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 13:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F6D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75c0fc3
\Driver\ACPI -> ACPI.sys @ 0xf7328cb8
\Driver\atapi -> 0x86f6d1f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cfxgsqp]
"ServiceDll"="c:\windows\system32\lcebzg.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-02 13:47:28 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-02 12:47
ComboFix2.txt 2010-02-02 12:12

Pre-Run: 32.706.200.064 byte disponibili
Post-Run: 32.671.122.432 byte disponibili

- - End Of File - - 0B6CFC3D68CE6070217F06CE98932902

p.s: come faccio ad allegare un file in questo forum? O_o

[gahan]

Ciao, apri un file di testo (dal blocco note), ed inserisci il seguente script:

Codice: Seleziona tutto

NetSvcs::
cfxgsqp

Driver::
cfxgsqp

File::

C:\9d6tpg.exe
C:\mvmdh.exe
C:\df.exe
c:\documents and settings\Alessia\Impostazioni locali\Dati applicazioni\server.exe
c:\windows\system32\emptyregdb.dat
c:\windows\system32\lcebzg.dll

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cfxgsqp]


salva il file nella stessa directory dove hai salvato combofix chiamandolo

obbligatoriamente CFScript.txt
quindi con il puntatore del mouse trascina il file sull'icona di combofix.

Il programma effettuerà una nuova scansione....attendi la fine senza fare nulla e al termine

riavvia il PC (dovrebbe farlo in automatico).
Posta sul forum il nuovo log situato sempre in c:\combofix.txt.

[gahan]

Successivamente scarica mbr.exe e salvalo nella Directory C:\

http://www2.gmer.net/mbr/mbr.exe

Riavvia il PC e avvialo in modalità provvisoria, premendo ripetutamente F5 durante l'accensione del pc finchè non compare una schermata in nero con delle opzioni in bianco.

Da Start --> Esegui --> digita C:\mbr.exe -f e clicca su OK

NB - C'è uno spazio tra "C:\mbr.exe" e "-f"

La scansione durerà pochi secondi.
Posta il log situato in C:\ come mbr.log