ciao al primo tentativo combo non mi dava il report ,ho atteso quasi un ora poi l'ho interrotto e riavviato il pc ci sono riuscita in 15 min circa .
ecco il report:
ComboFix 10-02-20.03 - Carolina 21/02/2010 5.44.33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.125 [GMT 1:00]
Eseguito da: c:\documents and settings\Carolina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\system32\SHELLLNK.TLB
.
((((((((((((((((((((((((( Files Creati Da 2010-01-21 al 2010-02-21 )))))))))))))))))))))))))))))))))))
.
2010-02-19 22:35 . 2003-03-19 10:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-02-19 22:35 . 2006-09-16 18:44 314368 ----a-w- c:\windows\system32\avisynth.dll
2010-02-19 22:35 . 2004-05-26 20:37 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-19 22:35 . 2010-02-20 08:02 -------- d-----w- c:\programmi\Magic Video Converter
2010-02-19 22:34 . 2009-09-18 02:51 -------- d-----w- c:\programmi\Magic Video Converter 8.0.2.18
2010-02-19 21:46 . 2010-02-19 21:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVSMedia
2010-02-19 21:41 . 2007-02-27 18:36 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-19 21:41 . 2007-02-27 18:36 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-19 21:41 . 2007-02-27 18:36 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-19 21:41 . 2007-02-27 18:36 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-19 21:41 . 2007-02-27 18:36 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-19 04:23 . 2010-02-19 04:23 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2010-02-19 00:53 . 2010-02-21 02:28 -------- d-----w- C:\MioLavoro19FEB
2010-02-18 00:07 . 2010-02-20 00:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\VSO
2010-02-18 00:07 . 2010-02-18 00:07 -------- d-----w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\VSO
2010-02-18 00:05 . 2010-02-18 00:05 -------- d-----w- c:\programmi\VSO
2010-02-17 23:16 . 2010-02-17 23:16 -------- d-----w- c:\programmi\File comuni\McAfee
2010-02-17 23:16 . 2010-02-18 16:25 -------- d-----w- c:\programmi\McAfee
2010-02-17 02:33 . 2010-02-19 00:21 -------- d-----w- C:\MioLavoro
2010-02-17 01:05 . 2010-02-18 01:51 -------- d-----w- c:\programmi\WebSite X5 v8 - Evolution
2010-02-17 01:03 . 1997-01-15 23:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-02-17 01:03 . 2009-01-27 10:09 204288 ----a-w- c:\windows\system32\iwpsetup.exe
2010-02-15 21:28 . 2010-02-15 21:31 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\ooVoo Details
2010-02-11 18:57 . 2010-02-11 18:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-11 04:21 . 2010-02-19 04:22 -------- d-----w- c:\programmi\McAfee Security Scan
2010-02-08 19:31 . 2010-02-15 20:15 -------- d-----w- c:\programmi\Unlocker
2010-02-08 18:59 . 2010-02-08 18:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2010-02-08 00:47 . 2010-02-08 00:48 -------- dc-h--w- c:\windows\ie8
2010-02-07 16:56 . 2010-02-07 17:08 -------- d-----w- c:\programmi\eMule
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 23:23 . 2010-02-06 02:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-05 23:03 . 2010-02-05 23:03 -------- d-----w- c:\programmi\Trend Micro
2010-02-05 16:56 . 2010-02-05 16:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-01-13 14:16 28640 ----a-w- c:\windows\system32\drivers\rvsmonn1.sys
2010-02-05 16:45 . 2010-01-13 14:16 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-02-05 16:45 . 2010-01-13 14:16 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-02-05 16:45 . 2010-02-05 16:45 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-05 16:45 . 2010-02-07 04:43 -------- d-----w- C:\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\windows\system32\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\programmi\Returnil
2010-02-05 14:34 . 2010-02-05 14:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-29 14:02 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-29 14:02 . 2008-04-13 18:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-23 19:18 . 2010-02-16 14:37 -------- d-----r- C:\Win
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 04:40 . 2009-09-16 14:57 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Skype
2010-02-20 02:52 . 2009-09-16 14:39 71568 -c--a-w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-19 22:26 . 2009-12-26 19:40 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-02-19 22:26 . 2009-12-26 19:40 -------- d-----w- c:\programmi\AVS4YOU
2010-02-18 06:58 . 2009-12-26 19:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVS4YOU
2010-02-17 23:16 . 2009-11-12 16:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-02-16 15:16 . 2009-09-16 10:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-09 22:32 . 2009-12-17 09:18 -------- d-----w- c:\programmi\Google
2010-02-08 19:18 . 2009-12-29 23:49 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\IObit
2010-02-08 18:59 . 2009-12-29 23:49 -------- d-----w- c:\programmi\IObit
2010-02-07 13:13 . 2009-09-21 15:49 -------- d-----w- c:\programmi\WinMX
2010-02-05 14:35 . 2010-01-05 02:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-02-04 23:00 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-02-04 17:46 . 2010-02-09 05:07 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-04 17:46 . 2010-02-09 05:07 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-28 16:17 . 2009-09-21 15:33 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Nokia
2010-01-25 16:22 . 2008-04-14 12:00 49102 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 16:22 . 2008-04-14 12:00 348834 ----a-w- c:\windows\system32\perfh010.dat
2010-01-23 14:39 . 2009-11-22 16:28 79488 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 16:08 . 2010-02-11 14:21 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2010-01-21 16:08 . 2010-02-11 14:21 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2010-01-19 14:51 . 2010-01-19 14:51 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Smith Micro
2010-01-19 14:44 . 2010-01-19 14:44 -------- d-----w- c:\programmi\Verizon Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\programmi\Novatel Wireless
2010-01-11 08:30 . 2009-12-28 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-01 14:12 . 2010-01-01 13:58 -------- d-----w- c:\programmi\StarFisher
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 23:32 . 2009-12-29 23:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-28 17:08 . 2009-12-28 17:01 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-28 14:31 . 2009-12-28 14:22 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 14:31 . 2009-12-28 14:18 117760 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 14:17 . 2009-12-28 14:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:15 . 2009-12-28 14:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-27 01:30 . 2009-12-27 01:30 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Dealio
2009-12-26 20:15 . 2009-12-26 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\programmi\YouTube Downloader
2009-12-26 20:01 . 2009-12-14 22:34 -------- d-----w- c:\programmi\AviSynth 2.5
2009-12-26 19:47 . 2009-12-26 19:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-12-21 19:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2009-09-16 10:18 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 19:32 . 2009-12-16 19:32 766 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-16 19:32 . 2009-12-16 19:32 2550 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F9F64C4780432EA36BC3FE.exe
2009-12-16 19:32 . 2009-12-16 19:32 1518 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_04065E8B24270056FDCAEC.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_986D1997DEEE761AC61E6A.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0444D84993723DEE1E9C73.exe
2009-12-16 19:32 . 2009-12-16 19:32 10134 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F10B5B738A2B59884A72F5.exe
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-14 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2008-04-14 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2008-04-13 19:13 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2008-04-14 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-13 19:13 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-10-04 17:19 . 2009-10-04 17:19 7888848 ----a-w- c:\programmi\Firefox Setup 3.5.3.exe
2010-01-05 02:05 . 2010-01-05 02:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.
------- Sigcheck -------
[-] 2009-09-16 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2009-04-23 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-11-11 23:07 2166296 ----a-w- c:\programmi\Search_USA\tbSea0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-12-26 2335952]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"IObit Security 360"="c:\programmi\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
McAfee Security Scan Plus.lnk - c:\programmi\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
RVS 2010.lnk - c:\programmi\Returnil\RVS3\rvsgui.exe [2010-1-22 7090256]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Carolina^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Carolina\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-05 02:04 30192 ----a-w- c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-02-26 06:36 177456 ----a-w- c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-16 14:35 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-05 02:00 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\Carolina\\Documenti\\vlc-0.8.6i\\vlc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675
R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [05/02/2010 17.45.46 45136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 15.38.17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 15.38.21 108552]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [05/02/2010 17.45.51 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [05/02/2010 17.46.00 28640]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 15.38.08 297752]
R2 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [08/02/2010 19.59.21 311568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [18/02/2010 0.16.11 93320]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [22/01/2010 17.52.30 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [05/02/2010 17.45.59 1034696]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [16/09/2009 16.42.02 951284]
S0 jhxdyus;jhxdyus;c:\windows\system32\drivers\dcns.sys --> c:\windows\system32\drivers\dcns.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/12/2009 18.07.10 135664]
S3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/09/2009 11.38.37 193840]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2010 3.04.30 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13.49.20 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/09/2009 16.30.44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/09/2009 16.30.45 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [07/07/2008 12.23.56 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [09/05/2008 11.08.40 174336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
S4 Application Updater;Application Updater;"c:\programmi\Application Updater\ApplicationUpdater.exe" --> c:\programmi\Application Updater\ApplicationUpdater.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 14:34]
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL =
hxxp://www.google.com/ieuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425} = 10.128.50.1
FF - ProfilePath - c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage -
hxxp://search.conduit.com/?ctid=CT15723 ... hSource=13FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-eBay Icon - c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-21 05:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
.
Ora fine scansione: 2010-02-21 05:57:29
ComboFix-quarantined-files.txt 2010-02-21 04:57
Pre-Run: 50.276.630.528 byte disponibili
Post-Run: 50.242.560.000 byte disponibili
- - End Of File - - 5C1B4478C36931D8AC4E59AEDDFE8166