avviato comboFix è apparso un messaggio del tipo:
comboFix ha rilevato che questa macchina non ha la console di ripristino sarebbe bene installarla. Vuoi farlo ora?
ciò richiede una conessione internet.
cosa devo fare???
ecco la scanzione di combofix.
ComboFix 10-03-29.04 - Omar 2010-04-02 21:51:52.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1014.339 [GMT 2:00]
Eseguito da: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100402-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2010-03-02 al 2010-04-02 )))))))))))))))))))))))))))))))))))
.
2010-04-01 20:43 . 2010-04-02 15:24 -------- d-----w- c:\documents and settings\Omar\DoctorWeb
2010-04-01 20:10 . 2010-04-01 20:10 53136 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-01 20:10 . 2010-04-01 20:10 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-01 20:10 . 2010-04-01 20:10 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-01 20:10 . 2010-04-01 20:10 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-01 20:10 . 2010-04-01 20:10 -------- d-----w- c:\programmi\Prevx
2010-04-01 20:10 . 2010-04-01 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2010-04-01 17:34 . 2010-04-01 17:37 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Ready
2010-03-31 18:24 . 2010-03-31 18:24 77312 ----a-w- C:\mbr.exe
2010-03-29 18:22 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 18:22 . 2010-03-29 18:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-29 18:22 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-03-29 17:09 388096 ----a-r- c:\documents and settings\Omar\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 17:09 . 2010-03-29 17:09 -------- d-----w- c:\programmi\TrendMicro
2010-03-29 09:09 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 09:01 . 2010-03-29 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-28 21:04 . 2010-04-01 12:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-22 08:36 . 2010-03-22 08:36 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Search Settings
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\programmi\Application Updater
2010-03-20 15:22 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll
2010-03-20 15:22 . 2010-03-22 08:32 -------- d-----w- c:\programmi\Free Video Converter
2010-03-20 15:22 . 2010-03-20 15:22 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\FreeVideoConverter
2010-03-19 20:26 . 2010-03-19 20:26 -------- d-----w- C:\Program Files
2010-03-19 18:32 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\PCHealth
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\programmi\Windows Defender
2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Omar\.drdivx2
2010-03-09 19:28 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:37 . 2010-04-01 17:25 -------- d-----w- c:\programmi\ReadyFree
2010-03-28 07:53 . 2006-08-23 03:14 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 07:53 . 2006-08-23 03:14 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-03-22 08:31 . 2007-01-22 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-22 08:29 . 2007-01-22 18:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-10 21:08 . 2008-07-09 19:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-28 15:43 . 2006-08-23 15:50 -------- d-----w- c:\programmi\Google
2010-02-25 06:16 . 2006-08-23 03:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 17:44 . 2006-08-23 15:47 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:20 . 2010-02-19 20:20 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\3M
2010-02-19 20:19 . 2010-02-19 20:19 -------- d-----w- c:\programmi\3M
2010-02-19 16:48 . 2008-12-20 14:02 93640 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-19 08:11 . 2006-08-23 13:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 08:11 . 2009-10-03 13:15 -------- d-----w- c:\programmi\Alice MOBILE
2010-02-03 20:59 . 2006-12-25 18:05 -------- d-----w- c:\programmi\Microsoft Works
.
((((((((((((((((((((((((((((( SnapShot@2010-03-31_15.58.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 19:41 . 2010-04-02 19:41 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2010-04-02 19:42 . 2010-04-02 19:42 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat
+ 2010-04-01 17:25 . 1998-06-17 22:00 89360 c:\windows\system32\VB5DB.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 22016 c:\windows\system32\TABCTIT.DLL
+ 2010-04-01 17:25 . 2004-04-25 18:39 53248 c:\windows\system32\SSubTmr6.dll
+ 2010-04-01 17:25 . 2004-09-27 09:18 24576 c:\windows\system32\ReadyPPC.dll
+ 2010-04-01 17:25 . 2004-09-30 07:41 49152 c:\windows\system32\ReadyGraph.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 35328 c:\windows\system32\RCHTXIT.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 22528 c:\windows\system32\MSMPIIT.DLL
+ 2006-11-07 19:03 . 2010-02-25 06:16 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 19:03 . 2009-12-21 19:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 13824 c:\windows\system32\MSCOMIT.DLL
+ 2006-08-23 03:13 . 2010-02-25 06:16 25600 c:\windows\system32\jsproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 15872 c:\windows\system32\INETIT.DLL
- 2009-06-11 19:06 . 2009-12-21 19:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-11 19:06 . 2010-02-25 06:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-08-23 10:33 . 2008-12-01 14:51 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-23 10:33 . 2010-04-01 06:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-23 10:33 . 2010-04-01 06:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-08-23 10:33 . 2008-12-01 14:51 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2006-08-23 10:33 . 2008-12-01 14:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-04-01 06:24 . 2010-04-01 06:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-31 17:37 . 2009-12-21 19:06 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 1999-05-24 02:07 . 2000-10-01 22:00 122128 c:\windows\system32\VB6IT.DLL
- 1999-05-24 02:07 . 1999-05-24 02:07 122128 c:\windows\system32\vb6it.dll
+ 2010-04-01 17:25 . 2003-01-26 13:48 147456 c:\windows\system32\ReadyZip.dll
+ 2010-04-01 17:25 . 1998-12-02 07:11 143360 c:\windows\system32\ReadyUnzip.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 206848 c:\windows\system32\occache.dll
- 2006-08-23 03:14 . 2009-12-21 19:06 206848 c:\windows\system32\occache.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 611840 c:\windows\system32\mstime.dll
- 2006-08-23 03:14 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
- 2006-11-07 19:03 . 2009-12-21 19:06 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-07 19:03 . 2010-02-25 06:16 594432 c:\windows\system32\msfeeds.dll
+ 2010-04-01 17:25 . 1998-08-04 22:00 150528 c:\windows\system32\MSCMCIT.DLL
+ 2010-04-01 17:25 . 1998-08-04 22:00 113152 c:\windows\system32\MSCH2IT.DLL
+ 2006-08-23 03:13 . 2010-02-25 06:16 184320 c:\windows\system32\iepeers.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 184320 c:\windows\system32\iepeers.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 387584 c:\windows\system32\iedkcs32.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 387584 c:\windows\system32\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 13:20 173056 c:\windows\system32\ie4uinit.exe
+ 2006-08-23 03:13 . 2010-02-24 09:56 173056 c:\windows\system32\ie4uinit.exe
+ 2006-08-23 12:21 . 2010-04-02 19:40 326704 c:\windows\system32\FNTCACHE.DAT
+ 2007-01-04 14:00 . 2010-02-25 06:16 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-01-04 14:00 . 2009-12-21 19:06 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 10:04 . 2009-12-21 19:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 10:04 . 2010-02-25 06:16 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-08-23 03:14 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-11 19:06 . 2010-02-25 06:16 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-08-23 03:13 . 2010-02-25 06:16 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 19:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-08-23 03:13 . 2009-12-21 13:20 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-08-23 03:13 . 2010-02-24 09:56 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-04-13 09:58 . 2010-03-10 21:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-13 09:58 . 2010-04-01 06:24 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-04-01 17:25 . 2004-12-15 14:57 503808 c:\windows\system32\ChilkatFTP.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-03-31 17:37 . 2009-05-26 11:41 402296 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-03-31 17:37 . 2009-05-26 11:41 233848 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-03-31 17:36 . 2009-12-21 19:06 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-03-31 17:36 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-03-31 17:37 . 2009-12-21 19:06 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-03-31 17:37 . 2009-12-21 19:06 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-03-31 17:37 . 2009-12-21 13:20 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2006-08-23 03:14 . 2010-02-25 06:16 1209344 c:\windows\system32\urlmon.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 5944832 c:\windows\system32\mshtml.dll
+ 2006-10-17 09:57 . 2010-02-25 06:16 1985536 c:\windows\system32\iertutil.dll
- 2006-10-17 09:57 . 2009-12-21 19:06 1985536 c:\windows\system32\iertutil.dll
+ 2007-01-25 12:28 . 2010-02-25 06:16 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-08-23 03:14 . 2010-02-25 06:16 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2007-05-10 15:28 . 2009-12-21 19:06 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-10 15:28 . 2010-02-25 06:16 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2006-11-07 19:03 . 2010-02-25 09:46 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-10 15:28 . 2010-02-25 09:46 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-31 17:36 . 2009-12-21 19:06 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wkcalrem.LNK.disabled [2007-1-22 909]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk.disabled [2006-12-27 1748]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 14:11 73728 ------w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk.disabled
backup=c:\windows\pss\Alice ti aiuta.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk.disabled
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk.disabled
backup=c:\windows\pss\BlueSoleil.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Stop Dialers.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Stop Dialers.lnk.disabled
backup=c:\windows\pss\Stop Dialers.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Utilità di avvio Click to DVD Modalità automatica.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Utilità di avvio Click to DVD Modalità automatica.lnk.disabled
backup=c:\windows\pss\Utilità di avvio Click to DVD Modalità automatica.lnk.disabledStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- d:\hp software update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13 267048 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 -c--a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 -c--a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 09:04 2879488 -c--a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-28 15:43 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\programmi\Windows Defender\MSASCui.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3788:TCP"= 3788:TCP:Services
"6076:TCP"= 6076:TCP:Services
"4849:TCP"= 4849:TCP:Services
"8198:TCP"= 8198:TCP:Services
"3537:TCP"= 3537:TCP:Services
"5574:TCP"= 5574:TCP:Services
"4084:TCP"= 4084:TCP:Services
"6668:TCP"= 6668:TCP:Services
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2006-12-27 5248]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-04-01 30280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 114768]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-25 20560]
R2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [2010-04-01 6259392]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-04-01 47664]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-04-01 24496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2006-12-27 160640]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\ndiskio.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys --> c:\windows\system32\drivers\SndTAudio.sys [?]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-02-11 3768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\Omar\IMPOST~1\Temp\671e2e63.nmc\nse\bin\unhookmbrs.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]
2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]
2010-04-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2010-04-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-01 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} -
hxxp://cainternetsecurity.net/scanner/cascanner.cab.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-02 21:57
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-126629373-1407123585-1270340193-1006\*! V*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f0,8e,b4,33,2e,53,c4,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\VESWinlogon.dll
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\MOUDL32A.DLL
.
Ora fine scansione: 2010-04-02 22:00:05
ComboFix-quarantined-files.txt 2010-04-02 20:00
Pre-Run: 12,925,419,520 byte disponibili
Post-Run: 12,996,009,984 byte disponibili
- - End Of File - - 260B737EE4F235A032B6447DCB1A7BCC