ecco di seguito il log di combo....aspetto tue nuove istruzioni
grazie
ComboFix 10-02-05.04 - Carolina 06/02/2010 19.34.33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.194 [GMT 1:00]
Eseguito da: c:\documents and settings\Carolina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\khq
c:\programmi\Dealio Toolbar
c:\programmi\Dealio Toolbar\FF\chrome.manifest
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\login.js
c:\programmi\Dealio Toolbar\FF\chrome\content\login.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\parser.js
c:\programmi\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\programmi\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\target.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\programmi\Dealio Toolbar\FF\components\config.ini
c:\programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\programmi\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\install.rdf
c:\programmi\Dealio Toolbar\IE\4.0.2\config.ini
c:\programmi\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\programmi\Dealio Toolbar\Res\amazon.gif
c:\programmi\Dealio Toolbar\Res\apple.gif
c:\programmi\Dealio Toolbar\Res\barnes.gif
c:\programmi\Dealio Toolbar\Res\bestbuy.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\Res\ebay.gif
c:\programmi\Dealio Toolbar\Res\icon_settings.gif
c:\programmi\Dealio Toolbar\Res\macys.gif
c:\programmi\Dealio Toolbar\Res\newegg.gif
c:\programmi\Dealio Toolbar\Res\overstock.gif
c:\programmi\Dealio Toolbar\Res\search-button-hover.gif
c:\programmi\Dealio Toolbar\Res\search-button.gif
c:\programmi\Dealio Toolbar\Res\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\Res\search-chevron.gif
c:\programmi\Dealio Toolbar\Res\search_amazon.gif
c:\programmi\Dealio Toolbar\Res\search_dealio.gif
c:\programmi\Dealio Toolbar\Res\search_ebay.gif
c:\programmi\Dealio Toolbar\Res\search_yahoo.gif
c:\programmi\Dealio Toolbar\Res\target.gif
c:\programmi\Dealio Toolbar\Res\walmart.gif
c:\programmi\Dealio Toolbar\Res\widgets.xml
c:\programmi\Dealio Toolbar\SearchSettings.dll
c:\programmi\Dealio Toolbar\SearchSettings.exe
c:\programmi\Dealio Toolbar\SearchSettingsRes409.dll
c:\programmi\Dealio Toolbar\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\chrome.manifest
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.xul
c:\programmi\Dealio Toolbar\SSFF\chrome\content\protection.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\utils.js
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\programmi\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\programmi\Dealio Toolbar\SSFF\components\SearchSettingsFF.dll
c:\programmi\Dealio Toolbar\SSFF\components\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\install.rdf
c:\programmi\Dealio Toolbar\WidgiHelper.exe
c:\windows\system32\MSVolumeRD.dll
c:\windows\system32\oem11.inf
c:\windows\system32\winlogon.bak
H:\khq
.
((((((((((((((((((((((((( Files Creati Da 2010-01-06 al 2010-02-06 )))))))))))))))))))))))))))))))))))
.
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 23:23 . 2010-02-06 02:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-05 23:03 . 2010-02-05 23:03 -------- d-----w- c:\programmi\Trend Micro
2010-02-05 16:56 . 2010-02-05 16:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-01-13 14:16 28640 ----a-w- c:\windows\system32\drivers\rvsmonn1.sys
2010-02-05 16:45 . 2010-01-13 14:16 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-02-05 16:45 . 2010-01-13 14:16 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-02-05 16:45 . 2010-02-05 16:45 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-05 16:45 . 2010-02-05 21:34 -------- d-----w- C:\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\windows\system32\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\programmi\Returnil
2010-02-05 14:34 . 2010-02-05 14:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-29 14:02 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-29 14:02 . 2008-04-13 18:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-23 19:18 . 2010-02-06 17:00 -------- d-----r- C:\Win
2010-01-19 14:51 . 2010-01-19 14:51 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Smith Micro
2010-01-19 14:44 . 2010-01-19 14:44 -------- d-----w- c:\programmi\Verizon Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\programmi\Novatel Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\windows\Downloaded Installations
2010-01-19 14:42 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-19 14:42 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 18:45 . 2009-09-16 14:57 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Skype
2010-02-05 14:35 . 2010-01-05 02:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-02-04 23:00 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-01-28 16:17 . 2009-09-21 15:33 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Nokia
2010-01-25 16:22 . 2008-04-14 12:00 49102 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 16:22 . 2008-04-14 12:00 348834 ----a-w- c:\windows\system32\perfh010.dat
2010-01-23 14:39 . 2009-11-22 16:28 79488 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 08:30 . 2009-12-28 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-08 07:19 . 2010-02-04 07:25 2066200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2010-01-06 15:17 . 2009-12-17 09:18 -------- d-----w- c:\programmi\Google
2010-01-02 19:37 . 2009-09-16 14:39 71176 -c--a-w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-01 14:12 . 2010-01-01 13:58 -------- d-----w- c:\programmi\StarFisher
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\IObit
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\programmi\IObit
2009-12-29 23:32 . 2009-12-29 23:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-28 17:08 . 2009-12-28 17:01 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-28 14:31 . 2009-12-28 14:22 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 14:31 . 2009-12-28 14:18 117760 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 14:17 . 2009-12-28 14:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:15 . 2009-12-28 14:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-27 01:30 . 2009-12-27 01:30 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Dealio
2009-12-26 20:15 . 2009-12-26 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2009-12-26 20:14 . 2009-12-26 20:14 -------- d-----w- c:\programmi\Application Updater
2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\programmi\YouTube Downloader
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\AVS4YOU
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-12-26 20:01 . 2009-12-14 22:34 -------- d-----w- c:\programmi\AviSynth 2.5
2009-12-26 19:48 . 2009-12-26 19:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVS4YOU
2009-12-26 19:47 . 2009-12-26 19:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-12-23 17:58 . 2009-12-29 23:49 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-12-23 17:58 . 2009-12-29 23:49 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2009-12-21 19:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:12 . 2009-09-16 10:50 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-17 00:37 . 2009-12-06 14:05 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVP 2009
2009-12-16 19:32 . 2009-12-16 19:32 766 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-16 19:32 . 2009-12-16 19:32 2550 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F9F64C4780432EA36BC3FE.exe
2009-12-16 19:32 . 2009-12-16 19:32 1518 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_04065E8B24270056FDCAEC.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_986D1997DEEE761AC61E6A.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0444D84993723DEE1E9C73.exe
2009-12-16 19:32 . 2009-12-16 19:32 10134 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F10B5B738A2B59884A72F5.exe
2009-12-16 19:32 . 2009-12-16 19:32 -------- d-----w- c:\programmi\MP3 Player Utilities 4.17
2009-12-16 19:30 . 2009-12-14 22:41 -------- d-----w- c:\programmi\MP3 Player Utilities 3.57
2009-12-16 19:29 . 2009-12-16 19:29 -------- d-----w- c:\programmi\MP3
2009-12-15 23:42 . 2009-12-15 23:42 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\dvdcss
2009-11-21 15:54 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 14:56 . 2009-12-02 23:46 607544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!\YUpdater\yupdater.exe
2009-11-09 18:11 . 2009-11-09 18:11 628706 ----a-w- c:\windows\system32\takefive.exe
2009-10-04 17:19 . 2009-10-04 17:19 7888848 ----a-w- c:\programmi\Firefox Setup 3.5.3.exe
2010-01-05 02:05 . 2010-01-05 02:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2009-09-16 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-04-23 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-11-11 23:07 2166296 ----a-w- c:\programmi\Search_USA\tbSea0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-07-27 1644784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RVS 2010.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\RVS 2010.lnk
backup=c:\windows\pss\RVS 2010.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Carolina^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Carolina\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-12-26 12:48 2335952 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-05 02:04 30192 ----a-w- c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-16 14:35 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-05 02:00 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\Carolina\\Documenti\\vlc-0.8.6i\\vlc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [05/02/2010 17.45.46 45136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 15.38.17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 15.38.21 108552]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [05/02/2010 17.45.51 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [05/02/2010 17.46.00 28640]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 15.38.08 297752]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [22/01/2010 17.52.30 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [05/02/2010 17.45.59 1034696]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/09/2009 11.38.37 193840]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [16/09/2009 16.42.02 951284]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/12/2009 18.07.10 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2010 3.04.30 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/09/2009 16.30.44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/09/2009 16.30.45 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [07/07/2008 12.23.56 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [09/05/2008 11.08.40 174336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 14:34]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://search.conduit.com?SearchSource= ... =CT2304564uDefault_Search_URL =
hxxp://www.google.com/ieuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425} = 10.128.50.1
FF - ProfilePath - c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage -
hxxp://search.conduit.com/?ctid=CT23841 ... hSource=13FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Explorer_Run-HP Online Support - c:\windows\system32\ConSvc.exe
AddRemove-RegistryDoktor 2009_is1 - c:\programmi\RegistryDoktor 4.1\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-06 19:44
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\wudfhost.exe
c:\programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-06 19:53:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-06 18:53
Pre-Run: 53.568.970.752 byte disponibili
Post-Run: 53.448.990.720 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 723FDC2AE57E0852BA18A97FB174AFED