Eccoti i risultati di combofix.
Comunque ora windows defender e spybot funzionano.
ComboFix 10-01-20.05 - Cami 22/01/2010 22.13.51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2037.1305 [GMT 1:00]
Eseguito da: c:\users\Cami\Downloads\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1000
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1001
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1004
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1005
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-500
c:\$recycle.bin\S-1-5-21-3172158568-1187208210-2442577599-500
c:\program files\Java\jre6\bin\jucheck.exe
c:\programdata\h8srtmainqt.dll
c:\users\Cami\AppData\Roaming\inst.exe
c:\windows\system32\ciadvs.exe
c:\windows\system32\copia_regedit.reg
c:\windows\system32\drivers\H8SRTYAUCBCBOQD.SYS.VIR
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTnbqnkpvicr.dat
c:\windows\system32\H8SRTnpnvukddvl.dll
c:\windows\system32\H8SRTofbppgpmiw.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwbecxbeven.dll
c:\windows\system32\H8SRTxvxspebrjr.dll
.
---- Esecuzione precedente -------
.
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1000
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1001
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1004
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-1005
c:\$recycle.bin\S-1-5-21-2117425737-3525717995-1239272366-500
c:\$recycle.bin\S-1-5-21-3172158568-1187208210-2442577599-500
c:\program files\Java\jre6\bin\jucheck.exe
c:\programdata\h8srtmainqt.dll
c:\users\Cami\AppData\Roaming\inst.exe
c:\windows\system32\ciadvs.exe
c:\windows\system32\copia_regedit.reg
c:\windows\system32\drivers\H8SRTYAUCBCBOQD.SYS.VIR
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTnbqnkpvicr.dat
c:\windows\system32\H8SRTnpnvukddvl.dll
c:\windows\system32\H8SRTofbppgpmiw.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTwbecxbeven.dll
c:\windows\system32\H8SRTxvxspebrjr.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys
((((((((((((((((((((((((( Files Creati Da 2009-12-22 al 2010-01-22 )))))))))))))))))))))))))))))))))))
.
2010-01-22 20:59 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 20:59 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-22 20:53 . 2010-01-22 20:53 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Spyware Terminator
2010-01-22 20:11 . 2010-01-22 20:11 -------- d-----w- c:\users\Gae e Linda\AppData\Local\Temp(10)
2010-01-22 20:11 . 2010-01-22 20:11 -------- d-----w- c:\users\Cami\AppData\Local\Temp(4)
2010-01-22 13:57 . 2010-01-22 15:04 3156 ----a-w- C:\prgmonsp.bin
2010-01-22 13:51 . 2010-01-22 20:20 -------- d-----w- C:\VEXPLite
2010-01-22 13:51 . 2010-01-22 13:51 -------- dc-h--w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}
2010-01-22 13:50 . 2010-01-22 13:50 -------- d-----w- c:\users\Cami\AppData\Local\PackageAware
2010-01-21 20:05 . 2010-01-22 20:20 -------- d-----w- c:\program files\WinClamAVShield
2010-01-21 20:04 . 2010-01-21 20:04 -------- d-----w- c:\program files\Crawler
2010-01-21 20:03 . 2010-01-22 12:51 -------- d-----w- c:\users\Cami\AppData\Roaming\Spyware Terminator
2010-01-21 20:03 . 2010-01-21 20:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-21 20:03 . 2010-01-22 21:06 -------- d-----w- c:\programdata\Spyware Terminator
2010-01-21 20:03 . 2010-01-22 20:20 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 19:49 . 2010-01-22 20:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-21 11:59 . 2010-01-21 11:59 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 22:31 . 2010-01-20 22:32 -------- d-----w- c:\program files\HiJack This
2010-01-20 14:12 . 2010-01-20 14:12 -------- d-----w- C:\$AVG
2010-01-20 14:12 . 2010-01-21 21:24 -------- d-----w- c:\programdata\avg9
2010-01-17 20:43 . 2010-01-17 20:43 -------- d-----w- c:\program files\NCH Software
2010-01-15 22:26 . 2010-01-15 22:26 -------- d-----w- c:\users\Cami\AppData\Roaming\Sibelius Software
2010-01-15 22:11 . 2010-01-15 22:11 -------- d-----w- c:\programdata\Musicnotes
2010-01-13 07:55 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 07:55 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 19:20 . 2010-01-22 20:53 -------- d-----w- c:\users\Gae e Linda\Tracing
2010-01-02 13:39 . 2010-01-03 23:54 -------- d-----w- c:\users\Cami\Tracing
2010-01-01 13:47 . 2010-01-01 13:47 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\WNR
2009-12-30 14:00 . 2009-12-30 14:00 -------- d-----w- c:\users\Cami\AppData\Local\Microsoft Games
2009-12-30 14:00 . 2010-01-22 15:03 1356 ----a-w- c:\users\Cami\AppData\Local\d3d9caps.dat
2009-12-25 23:48 . 2009-12-25 23:48 -------- d-----w- c:\program files\Veoh Networks
2009-12-24 23:52 . 2009-12-24 23:52 -------- d-----w- c:\users\Cami\AppData\Roaming\WNR
2009-12-24 23:52 . 2009-12-24 23:52 -------- d-----w- c:\programdata\WNR
2009-12-24 18:23 . 2002-07-17 09:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-12-24 18:23 . 2002-07-17 07:53 16877 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-12-24 10:58 . 2009-12-24 10:58 -------- d-----w- c:\users\Cami\AppData\Roaming\NCH Software
2009-12-24 10:46 . 2010-01-17 20:43 -------- d-----w- c:\programdata\NCH Swift Sound
2009-12-24 10:46 . 2010-01-17 20:43 -------- d-----w- c:\users\Cami\AppData\Roaming\NCH Swift Sound
2009-12-24 10:45 . 2010-01-17 20:43 -------- d-----w- c:\program files\NCH Swift Sound
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 21:06 . 2008-07-29 11:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-22 15:39 . 2009-12-13 14:17 1 ----a-w- c:\users\Cami\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-22 15:12 . 2010-01-22 15:12 721904 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2010-01-22 10:30 . 2009-11-05 20:53 141760 ----a-w- c:\users\Gae e Linda\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-21 22:00 . 2009-07-21 11:20 -------- d-----w- c:\programdata\avg8
2010-01-21 20:03 . 2010-01-21 20:03 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-01-21 20:03 . 2010-01-21 20:03 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-01-21 19:49 . 2009-12-13 13:23 -------- d-----w- c:\users\Cami\AppData\Roaming\BitTorrent
2010-01-21 14:55 . 2008-09-10 20:15 -------- d-----w- c:\program files\eMule
2010-01-21 14:54 . 2007-07-16 08:26 -------- d-----w- c:\program files\Microsoft Works
2010-01-20 22:49 . 2009-12-13 11:29 141760 ----a-w- c:\users\Cami\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-20 22:32 . 2010-01-20 22:32 388096 ----a-r- c:\users\Cami\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-19 21:19 . 2009-11-20 19:00 1 ----a-w- c:\users\Gae e Linda\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-18 22:22 . 2006-11-06 01:52 672620 ----a-w- c:\windows\system32\perfh010.dat
2010-01-18 22:22 . 2006-11-06 01:52 125054 ----a-w- c:\windows\system32\perfc010.dat
2010-01-14 10:12 . 2009-10-02 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 20:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-11 17:07 . 2010-01-22 13:51 2856026 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\vnlt6565.exe
2010-01-11 09:22 . 2010-01-22 13:51 352256 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-01-07 15:44 . 2010-01-22 13:51 274432 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2009-12-24 18:01 . 2007-07-16 08:08 -------- d-----w- c:\programdata\Roxio
2009-12-20 15:39 . 2009-12-20 15:39 0 ----a-w- c:\users\Cami\AppData\Roaming\wklnhst.dat
2009-12-20 15:39 . 2009-12-20 15:39 -------- d-----w- c:\users\Cami\AppData\Roaming\Template
2009-12-19 21:54 . 2009-12-16 17:23 -------- d-----w- c:\program files\XviD
2009-12-19 21:51 . 2009-12-19 21:51 -------- d-----w- c:\users\Cami\AppData\Roaming\FreeVideoConverter
2009-12-19 19:23 . 2009-12-19 19:23 407304 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 18:39 . 2009-12-19 18:39 -------- d-----w- c:\program files\ffdshow
2009-12-18 15:48 . 2009-12-18 15:48 -------- d-----w- c:\users\Cami\AppData\Roaming\HpUpdate
2009-12-18 10:18 . 2010-01-22 13:51 122880 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-17 16:15 . 2009-12-17 16:11 -------- d-----w- c:\users\Cami\AppData\Roaming\Orbit
2009-12-17 16:11 . 2009-12-17 16:11 -------- d-----w- c:\users\Cami\AppData\Roaming\GrabPro
2009-12-16 18:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-15 22:03 . 2009-12-15 22:03 -------- d-----w- c:\users\Cami\AppData\Roaming\Apple Computer
2009-12-15 15:22 . 2009-12-15 15:22 -------- d-----w- c:\users\Cami\AppData\Roaming\Nvu
2009-12-15 13:33 . 2009-12-15 13:32 -------- d-----w- c:\program files\DVD Decrypter
2009-12-15 13:20 . 2008-06-18 10:56 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-15 13:14 . 2009-12-13 15:12 -------- d-----w- c:\users\Cami\AppData\Roaming\Roxio
2009-12-13 22:14 . 2009-12-13 22:14 -------- d-----w- c:\users\Cami\AppData\Roaming\Media Player Classic
2009-12-13 22:07 . 2009-12-13 22:07 -------- d-----w- c:\users\Cami\AppData\Roaming\VistaCodecs
2009-12-13 22:07 . 2009-10-12 12:46 -------- d-----w- c:\programdata\VistaCodecs
2009-12-13 22:06 . 2009-12-13 22:06 -------- d-----w- c:\program files\VistaCodecPack
2009-12-13 21:58 . 2009-12-13 21:58 47360 ----a-w- c:\users\Cami\AppData\Roaming\pcouffin.sys
2009-12-13 21:58 . 2009-12-13 21:58 47360 ----a-w- c:\users\Cami\AppData\Roaming\pcouffin.sys
2009-12-13 21:58 . 2009-12-13 21:58 -------- d-----w- c:\users\Cami\AppData\Roaming\Vso
2009-12-13 21:10 . 2009-12-13 21:10 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\CyberLink
2009-12-13 21:09 . 2009-12-13 21:09 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\HP
2009-12-13 20:25 . 2009-12-13 20:25 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Roxio
2009-12-13 14:57 . 2009-12-13 14:57 -------- d-----w- c:\users\Cami\AppData\Roaming\CyberLink
2009-12-13 14:56 . 2009-12-13 14:56 -------- d-----w- c:\users\Cami\AppData\Roaming\HP
2009-12-13 14:16 . 2009-12-13 14:16 -------- d-----w- c:\users\Cami\AppData\Roaming\OpenOffice.org
2009-12-13 13:23 . 2009-12-13 13:23 -------- d-----w- c:\program files\BitTorrent
2009-12-10 13:27 . 2009-11-27 18:59 264 ----a-w- c:\users\Gae e Linda\AppData\Roaming\wklnhst.dat
2009-12-10 13:19 . 2009-12-10 13:19 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Template
2009-12-10 12:26 . 2007-07-16 08:41 -------- d-----w- c:\program files\Google
2009-12-09 22:29 . 2007-07-16 07:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 22:25 . 2007-07-16 07:27 -------- d-----w- c:\program files\CONEXANT
2009-12-04 21:06 . 2008-07-24 17:52 -------- d-----w- c:\program files\Common Files\Real
2009-11-28 20:38 . 2009-11-28 20:38 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\Apple Computer
2009-11-27 14:10 . 2010-01-22 13:51 69632 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2010-01-22 13:51 815104 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
2009-11-26 17:04 . 2009-11-26 17:04 -------- d-----w- c:\users\Gae e Linda\AppData\Roaming\HpUpdate
2009-11-25 14:24 . 2009-11-25 14:24 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEC74.tmp.exe
2009-11-24 19:40 . 2009-11-24 19:40 -------- d-----w- c:\program files\iPodLibrary
2009-11-24 19:40 . 2009-11-24 19:40 286720 ------w- c:\windows\Setup1.exe
2009-11-24 19:40 . 2009-11-24 19:40 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-11 07:53 . 2010-01-22 13:51 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\931FE753\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2010-01-22 13:51 45312 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\277632B2\76AC2E42\VIRAGTLT.sys
2009-11-11 07:53 . 2009-11-11 07:53 45312 --s-a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2009-11-09 12:31 . 2009-12-11 22:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-11 22:54 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-11 22:54 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-08 15:40 . 2010-01-22 13:51 49152 -c--a-w- c:\programdata\{14B08FC8-7FFE-45EA-90F3-8A7CA5EE54C7}\OFFLINE\22028FD3\76AC2E42\tgdlg.dll
2009-10-29 09:17 . 2009-11-26 17:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-21 3037696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-04 198160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-21 2166784]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-01-07 274432]
c:\users\Cami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\users\Gae e Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-16 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Camilla^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Camilla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
2003-01-30 07:48 143360 ----a-w- c:\windows\autoclk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 11:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-09 11:55 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 14:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,1d,50,49,af,58,ca,01
R0 vburner;vburner;c:\windows\System32\drivers\vburner.sys [20/09/2008 14.05.35 15872]
R0 VIRAGTLT;VIRAGTLT;c:\windows\System32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [21/01/2010 21.03.58 142592]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\viritsvc.exe [27/11/2009 15.10.32 69632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [21/01/2010 20.49.44 1153368]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/06/2008 13.58.42 21504]
S3 MusCDriverV32;MusCDriverV32;c:\windows\System32\drivers\MusCDriverV32.sys [19/09/2008 21.11.40 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\System32\drivers\MusCVideo32.sys [19/09/2008 21.11.40 3768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-22 c:\windows\Tasks\User_Feed_Synchronization-{CA4C5C0E-EB80-4FDE-A704-0566AD934C09}.job
- c:\windows\system32\msfeedssync.exe [2008-06-14 07:33]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Cami\AppData\Roaming\Mozilla\Firefox\Profiles\fc2uunsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL -
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-cliconfg64 - c:\users\Cami\AppData\Local\Temp\cliconfg64.exe
AddRemove-Works2006Setup - c:\program files\Microsoft Works Suite 2006\Setup\Launcher.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-22 22:31
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spdp.sys >>UNKNOWN [0x851D5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x885a5d24
\Driver\ACPI -> acpi.sys @ 0x82e12d68
\Driver\atapi -> 0x8521e1f8
\Driver\iaStor -> iaStor.sys @ 0x82f696d0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-22 22:40:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-22 21:40
Pre-Run: 41.132.322.816 byte disponibili
Post-Run: 41.179.287.552 byte disponibili
- - End Of File - - 06A3784E27CA9C9C90D29EAFE6C33E7B