Per quanto riguarda ComboFix ho fatto quanto indicatomi, e quindi allego il log. Per quanto riguarda il report dello scanner di Malwarebytes Anti-Malware occorre tempo. Mi sarebbe utile sapere se posso limitare lo scanner soltanto al disco C oppure se devo estendelo a tutto il sistema. Grazie.
ComboFix 09-02-12.03 - Keplero48 2009-02-13 13:14:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1792.1341 [GMT 1:00]
Eseguito da: c:\documents and settings\Keplero48\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Keplero48\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
FILE ::
c:\autorun.inf
c:\qquq.bat
c:\windows\
000001_.tmp
c:\windows\
003248_.tmp
c:\windows\setupapi.log.2.old
c:\windows\system32\480.tmp
c:\windows\system32\brbbwyvymsqnjcyzf.dll-uninst.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\
000001_.tmp
c:\windows\
003248_.tmp
c:\windows\setupapi.log.2.old
c:\windows\system32\480.tmp
c:\windows\system32\brbbwyvymsqnjcyzf.dll-uninst.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-01-13 al 2009-02-13 )))))))))))))))))))))))))))))))))))
.
2009-02-12 18:45 . 2009-02-12 18:46 <DIR> d-------- c:\programmi\PlayFLV
2009-02-12 02:15 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-12 02:15 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-12 02:15 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-12 02:15 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-11 22:54 . 2009-02-11 22:57 <DIR> d-------- C:\WIN
2009-02-11 22:03 . 2009-02-11 22:03 <DIR> d-------- c:\windows\SQLTools9_KB960089_ENU
2009-02-11 22:02 . 2009-02-11 22:02 <DIR> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-11 21:26 . 2009-02-11 21:26 <DIR> d-------- c:\programmi\uTorrent
2009-02-11 21:26 . 2009-02-11 21:40 <DIR> d-------- c:\documents and settings\Keplero48\Dati applicazioni\uTorrent
2009-02-11 15:15 . 2009-02-11 15:15 <DIR> d-------- c:\documents and settings\Keplero48\Dati applicazioni\DivX
2009-02-11 13:18 . 2009-02-11 17:33 <DIR> d-------- c:\programmi\Microsoft Works
2009-02-11 13:14 . 2009-02-11 13:21 <DIR> d-------- c:\windows\SHELLNEW
2009-02-11 12:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-11 12:04 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-10 22:23 . 2009-02-10 22:23 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\DivX
2009-02-10 22:19 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-10 22:19 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-10 22:17 . 2009-02-10 22:19 <DIR> d-------- c:\programmi\DivX
2009-02-09 10:58 . 2009-02-09 10:58 <DIR> d-------- C:\pebuilder3110a
2009-02-09 05:49 . 2009-02-09 05:49 <DIR> d-------- c:\documents and settings\Keplero48\Dati applicazioni\Babylon
2009-02-09 05:49 . 2009-02-09 05:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-02-08 08:32 . 2009-02-08 08:32 <DIR> d-------- c:\programmi\Convert AVI to MP4
2009-02-04 06:12 . 2009-02-04 06:12 <DIR> d-------- c:\programmi\7-Zip
2009-02-03 15:45 . 2009-02-03 15:45 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Apple Computer
2009-02-03 15:37 . 2009-02-03 15:42 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2009-02-02 19:34 . 2009-01-31 15:43 36,151,296 --a------ C:\Pontificie Opere Missionarie_1Backup_che funziona.mdb
2009-02-02 18:34 . 2009-02-02 18:34 <DIR> d-------- c:\programmi\AviSynth 2.5
2009-02-02 18:24 . 2009-02-02 18:35 <DIR> d-------- c:\programmi\Avi2Dvd
2009-02-02 12:03 . 2009-02-12 19:03 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-02 12:03 . 2009-02-12 19:03 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-02 09:41 . 2009-02-02 11:42 <DIR> d-------- c:\programmi\Winamp Remote
2009-02-02 09:29 . 2008-11-06 17:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-22 22:48 . 2009-02-02 19:33 <DIR> d-------- C:\Diocesi
2009-01-18 11:15 . 2009-01-18 15:16 <DIR> d-------- C:\Ufficio Missionario
2009-01-17 12:19 . 2002-12-27 04:41 26,880 --a------ c:\windows\system32\drivers\VIAAGP1.SYS
2009-01-17 12:05 . 2008-10-24 12:21 455,296 --a------ c:\windows\system32\drivers\mrxsmb.sys
2009-01-17 11:35 . 2008-09-10 02:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-01-17 11:35 . 2008-04-14 02:53 92,672 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-01-17 11:11 . 2008-06-14 18:32 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-17 11:10 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-17 11:09 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-17 11:08 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-17 11:08 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-17 11:08 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-17 11:08 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-17 11:03 . 2008-12-11 11:57 333,952 --a------ c:\windows\system32\drivers\srv.sys
2009-01-17 11:01 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-01-17 10:49 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-17 10:44 . 2008-12-11 11:57 333,952 --a--c--- c:\windows\system32\dllcache\srv.sys
2009-01-16 16:22 . 2008-12-20 23:30 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-16 16:22 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 16:22 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-16 16:22 . 2008-12-20 23:30 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-16 16:22 . 2008-12-20 23:30 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-16 16:22 . 2008-12-20 23:30 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-16 16:22 . 2008-12-20 23:30 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-16 16:22 . 2008-12-20 23:30 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-16 16:22 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-16 12:21 . 2009-01-27 06:38 139,530,240 --a------ C:\Pontificie Opere Missionarie_Backup.mdb
2009-01-16 12:21 . 2009-01-18 11:53 64 --a------ C:\Pontificie Opere Missionarie.ldb
2009-01-16 11:34 . 2004-08-19 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2009-01-16 11:33 . 2004-08-19 13:00 187,938 --a--c--- c:\windows\system32\dllcache\c_20005.nls
2009-01-16 11:32 . 2003-04-14 21:04 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll
2009-01-16 11:29 . 2004-08-19 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-16 11:29 . 2009-01-16 11:29 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-16 11:29 . 2009-01-16 11:29 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-16 11:29 . 2009-01-16 11:29 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-16 11:29 . 2009-01-16 11:29 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-01-16 11:29 . 2009-01-16 11:29 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-16 11:29 . 2009-01-16 11:29 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-16 10:38 . 2004-08-19 13:00 1,086,058 -ra------ c:\windows\SET83.tmp
2009-01-16 10:18 . 2004-08-19 13:00 3,374,598 --a--c--- c:\windows\system32\dllcache\tourW.exe
2009-01-16 10:16 . 2004-08-19 13:00 13,107,200 --a------ c:\windows\system32\oembios.bin
2009-01-16 10:15 . 2008-04-14 03:13 2,091,520 --a------ c:\windows\system32\cdosys.dll
2009-01-16 08:27 . 2007-10-04 09:01 66,048 --a------ c:\windows\ieResetIcons.exe
2009-01-15 13:38 . 2009-01-15 13:47 139,530,240 --a------ C:\Pontificie Opere Missionarie_Backup_Backup_Backup.mdb
2009-01-14 22:47 . 2009-01-14 22:48 1,802,240 --a------ C:\Conti.mdb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 12:09 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-02-13 09:06 --------- d-----w c:\programmi\Microsoft SQL Server
2009-02-13 07:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-02-12 21:27 --------- d-----w c:\programmi\Google
2009-02-12 00:57 --------- d-----w c:\programmi\Windows Media Connect 2
2009-02-11 22:09 --------- d-----w c:\programmi\FlashGet
2009-02-11 18:03 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\OfficeUpdate12
2009-02-11 12:08 --------- d-----w c:\programmi\Microsoft.NET
2009-02-09 14:53 --------- d-----w c:\programmi\BitTorrent Fastest Tool
2009-02-09 09:28 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-02-07 20:20 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\ZoomBrowser EX
2009-02-07 20:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2009-02-07 07:33 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-02-02 11:40 --------- d-----w c:\programmi\CyberLink DVD Solution
2009-01-14 15:03 --------- d-----w c:\programmi\File comuni\Autodesk Shared
2009-01-14 14:53 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\OpenOffice.org2
2009-01-14 14:23 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-12 17:22 --------- d-----w c:\programmi\Picasa2
2009-01-10 22:14 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-10 15:57 --------- d-----w c:\programmi\Lavasoft
2009-01-10 15:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-01-10 15:49 --------- d-----w c:\programmi\lg_fwupdate
2009-01-10 14:17 --------- d-----w c:\programmi\Web Publish
2009-01-08 20:33 --------- d-----w c:\programmi\ElcomSoft
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-30 20:12 --------- d-----w c:\programmi\a-squared HiJackFree
2008-12-28 19:30 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\Autodesk
2008-12-28 19:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Autodesk
2008-12-27 19:50 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\Talkback
2008-12-27 19:50 --------- d-----w c:\documents and settings\Administrator\Dati applicazioni\Talkback
2008-12-27 19:45 --------- d-----w c:\programmi\iTunes
2008-12-27 14:20 --------- d-----w c:\programmi\eMule
2008-12-26 20:55 --------- d-----w c:\programmi\FreeMeter
2008-12-26 20:55 --------- d-----w c:\programmi\DNA
2008-12-26 14:11 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\BitTorrent
2008-12-25 09:28 --------- d-----w c:\programmi\MyCAD
2008-12-22 06:46 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\DAEMON Tools Pro
2008-12-22 06:46 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\DAEMON Tools
2008-12-22 06:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-22 06:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-22 06:34 --------- d-----w c:\documents and settings\Keplero48\Dati applicazioni\DAEMON Tools Lite
2008-12-21 20:39 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-21 20:08 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2008-12-21 20:07 --------- d-----w c:\programmi\NOS
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 14:38 --------- d-----w c:\programmi\File comuni\HydroComp Shared
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-24 21:31 2,248,544 ----a-w c:\windows\system32\sqlncli.dll
2007-01-11 22:11 87,608 ----a-w c:\documents and settings\Keplero48\Dati applicazioni\ezpinst.exe
2007-01-11 22:11 47,360 ----a-w c:\documents and settings\Keplero48\Dati applicazioni\pcouffin.sys
2006-12-23 13:39 84,418 ----a-w c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2004-10-01 14:00 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
2003-07-17 08:26 448,640 ----a-w c:\windows\inf\EL2K_N64.sys
2003-07-17 08:22 147,328 ----a-w c:\windows\inf\EL2K_XP.sys
2003-06-03 13:47 147,328 ----a-w c:\windows\inf\EL2K_2K.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-13_ 8.46.07.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 11:17:45 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-02-13 09:14:49 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-02-12 11:17:47 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-02-13 09:14:51 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-02-13 09:16:13 118,784 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_67099e9b\CustomMarshalers.dll
+ 2009-02-13 09:15:10 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a587e4b6\CustomMarshalers.dll
+ 2009-02-13 09:16:03 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_434fd181\mscorlib.dll
+ 2009-02-13 09:16:43 8,908,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_50768d4f\mscorlib.dll
+ 2009-02-13 09:16:32 3,395,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_94611885\System.Design.dll
+ 2009-02-13 09:15:53 1,466,368 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fa34ca8c\System.Design.dll
+ 2009-02-13 09:16:14 192,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_28f089ef\System.Drawing.Design.dll
+ 2009-02-13 09:15:15 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d887d31f\System.Drawing.Design.dll
+ 2009-02-13 09:16:36 2,244,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0c367db3\System.Drawing.dll
+ 2009-02-13 09:15:56 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_41925575\System.Drawing.dll
+ 2009-02-13 09:16:22 7,884,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_40b3eac5\System.Windows.Forms.dll
+ 2009-02-13 09:15:32 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ec07b18e\System.Windows.Forms.dll
+ 2009-02-13 09:16:28 5,513,216 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3234309c\System.Xml.dll
+ 2009-02-13 09:15:43 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7a0b5206\System.Xml.dll
+ 2009-02-13 09:16:11 4,788,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6930806b\System.dll
+ 2009-02-13 09:15:07 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b9435a53\System.dll
- 2009-02-13 06:38:55 2,293 ----a-w c:\windows\Drivers\conf.sys
+ 2009-02-13 08:41:45 2,293 ----a-w c:\windows\Drivers\conf.sys
- 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 20:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 00:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 20:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 19:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 23:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 19:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 19:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 19:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 15:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 15:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3448\_PerfCounter.dll
- 2004-07-15 13:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 20:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 13:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 20:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2009-02-13 12:10:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_734.dat
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B34E20E5-96B2-46AC-9D68-C6B2CD293C2C}]
2008-12-26 12:45 126976 --a------ c:\windows\Drivers\PhishAgnt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-15 185632]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-19 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-14 110592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PowerBar"="c:\programmi\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"EPSON Stylus Photo RX560 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "c:\windows\TEMP\E_S128.tmp" /EF "HKCU"
"SUPERAntiSpyware"=c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"EPSON Stylus D88 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB002" /M "Stylus D88"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programmi\eMule\emule.exe"= c:\programmi\eMule\emule.exe:0.0.0.0/255.255.255.255:Enabled:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"46778:TCP"= 46778:TCP:192.168.1.33/255.255.255.255:Enabled:eMule TCP
"47760:UDP"= 47760:UDP:192.168.1.33/255.255.255.255:Enabled:eMule UPD
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2006-11-22 75904]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-11-22 29696]
S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys
c:\windows\system32\DRIVERS\aiptektp.sys
S3 utblfilt;utblfilt;c:\windows\system32\drivers\UTBLFILT.sys [2007-06-01 12084]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{245ae8e1-b5e8-11dc-ab3a-000c6e944ef6}]
\Shell\AutoRun\command - qquq.bat
\Shell\explore\Command - qquq.bat
\Shell\open\Command - qquq.bat
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-13 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-13 13:20:09
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1220945662-861567501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-02-13 13:23:11
ComboFix-quarantined-files.txt 2009-02-13 12:22:28
ComboFix2.txt 2009-02-13 07:48:54
Pre-Run: 18,867,900,416 byte disponibili
Post-Run: 18,852,958,208 byte disponibili
Current=8 Default=8 Failed=5 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
344 --- E O F --- 2009-02-13 09:14:57