www.MegaLab.it

[alexzappaladra]

da qualche giorno, mi son beccato sto schifo.
Spybot, doctor spyware e superantispyware già fatti girare, e hanno già ripulito.

Alla fine mi son trovato (accorto) di un servizio, un certo iyysieo.exe che oltre a mangiarmi una valangata di ram (70Mb) è la causa dei miei fastidi.
Su google non ho trovato nulla, mi piacerebbe capire da dove arriva sto infame di un processo, e magari contattare chi l'ha fatto o denunciarlo (chiedo troppo vero :D )

comeprocedo alla pulizia, a vostro avvisto?

[ste_95]

Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

[alexzappaladra]

ok, fatto tutto!!!!

però per correttezza di avviso che ho localizzato il file strano (.exe) e l'ho cancellato (prima ne ho fatto una copia e zippato, magari che qualcuno lo vuole analizzare) fatto questo, navigando, il problema non mi si presenta più.

Ad ogni modo ,combofix l'ho fatto girare, e ti allego il log
Spero non vi siano cose personali :D

ComboFix 09-07-07.A4 - cybermod 08/07/2009 10.19.26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3063.1753 [GMT 2:00]
Eseguito da: c:\documents and settings\cybermod\Desktop\!!! PROGRAMMI\Anti Spyware\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-06-08 al 2009-07-08 )))))))))))))))))))))))))))))))))))
.

2009-07-08 08:30 . 2009-07-08 08:30 -------- d-----w- c:\windows\system32\xircom
2009-07-08 08:30 . 2009-07-08 08:30 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-08 08:30 . 2009-07-08 08:30 -------- d-----w- c:\windows\srchasst
2009-07-08 08:30 . 2009-07-08 08:30 -------- d-----w- c:\programmi\microsoft frontpage
2009-07-07 21:25 . 2009-07-07 22:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-07 21:25 . 2009-07-07 21:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-07 21:20 . 2009-07-07 21:20 117760 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-07 21:19 . 2009-07-07 21:19 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\SUPERAntiSpyware.com
2009-07-07 18:19 . 2009-07-07 18:19 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-07 18:18 . 2009-07-07 18:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-07-07 18:18 . 2009-07-07 21:19 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-07 18:18 . 2009-07-07 18:18 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-07-07 18:17 . 2009-07-07 18:17 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-07 18:06 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-07 18:05 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-07 18:05 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-07 18:05 . 2009-07-07 18:07 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-07-07 18:05 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-07 18:05 . 2009-07-07 18:09 -------- d-----w- c:\programmi\Spyware Doctor
2009-07-07 18:05 . 2009-07-07 18:05 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\PC Tools
2009-07-07 18:05 . 2009-07-07 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-07-07 12:29 . 2009-07-07 12:29 -------- d-----w- c:\programmi\FileZilla Server
2009-07-06 14:02 . 2009-07-06 14:08 -------- d-----w- c:\windows\system32\FxsTmp
2009-07-05 23:23 . 2009-07-05 23:28 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\albumart
2009-07-05 23:23 . 2009-07-05 23:23 -------- d-----w- c:\programmi\Album Cover Art Downloader
2009-07-04 09:54 . 2009-07-04 09:54 -------- d-----w- c:\programmi\Nsasoft
2009-07-04 07:12 . 2009-07-04 07:12 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-07-04 07:12 . 2009-07-04 07:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-04 06:26 . 2009-07-04 06:26 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Alt-N
2009-07-04 06:26 . 2009-07-04 06:26 -------- d-----w- c:\programmi\Alt-N Technologies
2009-07-03 07:58 . 2009-07-03 07:59 -------- d-----w- c:\programmi\Alice MOBILE E169
2009-07-02 11:02 . 2009-07-07 21:42 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-02 11:02 . 2009-07-02 11:02 -------- d-----w- c:\programmi\ZAR
2009-07-02 10:59 . 2009-07-02 10:59 -------- d-----w- c:\programmi\Runtime Software
2009-07-02 10:46 . 2009-07-02 10:46 -------- d-----w- c:\programmi\Ontrack
2009-07-02 10:43 . 2009-07-02 10:43 -------- d-----w- c:\programmi\Drive Rescue
2009-07-02 08:34 . 2009-07-02 08:34 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-02 08:34 . 2009-07-02 08:36 -------- d-----w- c:\programmi\DualServer
2009-07-01 17:46 . 2009-07-04 07:09 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\GoodSync
2009-07-01 17:46 . 2009-07-01 17:46 -------- d-----w- c:\programmi\Siber Systems
2009-06-29 22:00 . 2009-06-29 22:00 -------- d-----w- c:\documents and settings\cybermod\Impostazioni locali\Dati applicazioni\DeviceRemover
2009-06-29 22:00 . 2009-06-29 22:00 -------- d-----w- c:\programmi\Device Remover
2009-06-29 21:23 . 2008-04-13 16:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-28 16:51 . 2009-06-28 16:51 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-06-28 16:51 . 2009-06-28 16:51 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-28 16:50 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-28 16:50 . 2009-06-28 16:50 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-06-28 16:49 . 2009-06-28 16:49 33705352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_ita.exe
2009-06-28 16:49 . 2009-06-28 16:49 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe
2009-06-28 16:49 . 2009-06-28 16:49 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-28 16:49 . 2009-06-28 16:49 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-28 16:49 . 2009-06-28 16:49 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-27 23:51 . 2009-06-27 23:51 -------- d-----w- C:\Sandbox
2009-06-27 23:41 . 2009-06-27 23:41 -------- d-----w- c:\programmi\Sandboxie
2009-06-27 20:41 . 2009-06-27 20:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-27 02:23 . 2009-06-27 02:23 -------- d-----w- c:\programmi\Rainbow Folders
2009-06-27 02:14 . 2009-06-27 02:15 -------- d-----w- c:\programmi\FreeCommander
2009-06-25 23:00 . 2009-06-25 23:00 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\HandBrake
2009-06-25 22:59 . 2009-06-25 22:59 -------- d-----w- c:\documents and settings\cybermod\Impostazioni locali\Dati applicazioni\HandBrake
2009-06-25 22:49 . 2009-06-25 22:49 -------- d-----w- c:\programmi\HandBrake
2009-06-25 22:12 . 2009-06-23 09:06 245408 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
2009-06-25 22:12 . 2009-04-05 12:26 8784 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2009-06-25 22:12 . 2009-04-05 12:26 71248 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2009-06-25 22:12 . 2009-02-19 09:38 2633728 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2009-06-24 05:50 . 2009-06-24 05:50 -------- d-----w- c:\programmi\FormatFactory
2009-06-15 15:38 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-06-15 15:38 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2009-06-15 15:38 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2009-06-15 15:38 . 2009-06-15 15:38 -------- d-----w- c:\programmi\PDFCreator
2009-06-15 15:38 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2009-06-15 15:38 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-06-15 14:35 . 2009-06-15 14:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2009-06-15 14:35 . 2008-04-04 19:00 147456 ----a-w- c:\windows\system32\hpcpn5r1.dll
2009-06-15 14:32 . 2007-03-28 08:04 344064 ----a-w- c:\windows\system32\hpbicoin.dll
2009-06-14 11:52 . 2009-06-14 11:59 -------- d-----w- c:\programmi\KDE
2009-06-14 11:52 . 2009-06-14 11:52 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\KDE
2009-06-14 10:33 . 2009-06-17 11:51 -------- d-----w- c:\programmi\PoigpsGo
2009-06-14 00:56 . 2009-06-08 12:00 110592 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-06-12 21:34 . 2009-06-12 21:34 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-06-12 10:09 . 2009-06-12 10:09 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Kerio
2009-06-12 10:09 . 2009-06-12 10:09 -------- d-----w- c:\programmi\Kerio
2009-06-11 14:23 . 2004-03-02 15:37 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-06-11 14:23 . 2004-03-02 15:37 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-06-11 14:23 . 2004-07-26 15:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-06-11 14:23 . 2004-07-26 15:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-06-11 14:23 . 2004-07-26 15:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-06-11 14:23 . 2004-07-26 15:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-06-11 14:23 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-06-11 14:23 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-06-11 14:23 . 2009-06-11 14:23 -------- d-----w- c:\programmi\Ahead
2009-06-11 14:23 . 2009-06-11 14:23 -------- d-----w- c:\programmi\File comuni\Ahead
2009-06-10 21:48 . 2009-06-18 09:18 135168 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-06-10 15:01 . 2009-06-10 15:01 -------- d-----w- c:\programmi\Makayama Interactive
2009-06-10 14:03 . 2009-04-30 21:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:03 . 2009-04-30 21:13 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 07:31 . 2009-06-12 16:33 -------- d-----w- c:\programmi\ABF software
2009-06-09 12:24 . 2009-06-09 12:24 -------- d-----w- c:\programmi\Free iPod Video Converter
2009-06-09 12:19 . 2009-06-09 12:26 -------- d-----w- c:\documents and settings\cybermod\Impostazioni locali\Dati applicazioni\dcunningham.net
2009-06-09 12:17 . 2009-06-28 22:59 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\gtk-2.0
2009-06-09 12:05 . 2009-06-23 18:18 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\avidemux
2009-06-09 12:04 . 2009-06-28 22:58 -------- d-----w- c:\programmi\Avidemux 2.4
2009-06-09 11:56 . 2009-06-09 11:56 -------- d-----w- c:\programmi\AviSynth 2.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 08:31 . 2009-04-24 18:41 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\VMware
2009-07-08 08:31 . 2009-04-24 18:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VMware
2009-07-08 06:05 . 2004-08-19 13:00 86836 ----a-w- c:\windows\system32\perfc010.dat
2009-07-08 06:05 . 2004-08-19 13:00 495828 ----a-w- c:\windows\system32\perfh010.dat
2009-07-07 21:25 . 2009-04-25 15:12 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Hamachi
2009-07-06 23:00 . 2009-05-14 22:15 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\vlc
2009-07-04 09:49 . 2009-07-04 09:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-04 09:49 . 2009-07-04 09:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-04 07:36 . 2009-04-24 22:52 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\VMware
2009-07-01 17:39 . 2009-04-25 13:20 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\FileZilla
2009-06-30 22:51 . 2009-04-25 13:43 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\.purple
2009-06-30 15:28 . 2009-04-28 22:35 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\dvdcss
2009-06-30 14:54 . 2009-04-28 09:33 -------- d-----w- c:\programmi\Foxit Software
2009-06-29 06:47 . 2009-04-25 17:10 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Nokia
2009-06-28 16:51 . 2009-04-25 17:08 -------- d-----w- c:\programmi\Nokia
2009-06-28 16:50 . 2009-04-25 17:08 -------- d-----w- c:\programmi\DIFX
2009-06-28 16:49 . 2009-04-25 17:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-27 16:47 . 2009-04-26 22:26 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Apple Computer
2009-06-26 05:32 . 2009-04-27 18:08 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\uTorrent
2009-06-18 10:28 . 2009-04-24 21:35 53968 ----a-w- c:\documents and settings\cybermod\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-17 13:06 . 2009-04-27 18:08 -------- d-----w- c:\programmi\uTorrent
2009-06-12 12:31 . 2009-05-30 10:00 -------- d-----w- c:\programmi\KeePass Password Safe 2
2009-06-10 14:15 . 2009-05-03 07:52 -------- d-----w- c:\programmi\nLite
2009-06-10 14:13 . 2009-04-24 19:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-05 14:41 . 2009-06-05 14:11 -------- d-----w- c:\programmi\BT CONNECTION MANAGER
2009-06-05 14:40 . 2009-06-05 14:40 -------- d-----w- c:\programmi\Advanced IP Scanner
2009-06-05 14:11 . 2009-04-24 17:43 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-04 22:37 . 2009-06-04 22:37 2141 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Vodafone
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2009-06-04 21:26 . 2009-06-04 21:26 -------- d-----w- c:\programmi\Vodafone
2009-06-04 21:26 . 2009-04-24 17:43 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-04 07:21 . 2009-04-24 19:18 -------- d-----w- c:\programmi\File comuni\Acronis
2009-06-04 07:21 . 2009-04-24 19:18 -------- d-----w- c:\programmi\Acronis
2009-06-03 22:40 . 2009-05-31 01:03 -------- d-----w- c:\programmi\AdvancedRemoteInfo
2009-06-02 22:49 . 2009-06-02 22:49 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Conviva
2009-06-02 09:46 . 2009-06-02 09:46 -------- d-----w- c:\programmi\iTunes
2009-06-02 09:46 . 2009-06-02 09:46 -------- d-----w- c:\programmi\iPod
2009-06-02 09:46 . 2009-04-26 22:24 -------- d-----w- c:\programmi\File comuni\Apple
2009-06-02 09:44 . 2009-06-02 09:44 -------- d-----w- c:\programmi\QuickTime
2009-06-02 09:38 . 2009-06-02 09:38 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 01:01 . 2009-06-02 01:01 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\SharePod
2009-06-02 00:54 . 2009-06-02 00:54 -------- d-----w- c:\programmi\EyeDefender
2009-06-02 00:26 . 2009-06-02 00:26 2165 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-05-31 12:36 . 2009-05-31 01:29 -------- d-----w- c:\programmi\lg_fwupdate
2009-05-30 16:07 . 2009-05-30 16:07 -------- d-----w- c:\programmi\BatteryBar
2009-05-30 16:07 . 2009-05-30 16:07 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\BatteryBar
2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w- c:\programmi\Power Meter Plus
2009-05-30 10:05 . 2009-05-30 10:05 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\KeePass
2009-05-29 15:06 . 2009-05-29 15:06 -------- d-----w- c:\programmi\File comuni\Intel
2009-05-29 15:06 . 2009-04-24 17:36 -------- d-----w- c:\programmi\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\Default User\Dati applicazioni\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Intel
2009-05-29 14:36 . 2009-05-29 14:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Intel
2009-05-28 23:41 . 2009-05-28 23:41 -------- d-----w- c:\programmi\D-Link AirPlus G+ Access Point
2009-05-28 17:43 . 2009-05-28 17:43 -------- d-----w- c:\programmi\Network Stumbler
2009-05-28 11:18 . 2009-05-28 11:18 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\Canneverbe_Limited
2009-05-28 11:18 . 2009-05-28 11:18 -------- d-----w- c:\programmi\CDBurnerXP
2009-05-27 16:24 . 2009-04-24 17:37 -------- d-----w- c:\programmi\Hewlett-Packard
2009-05-27 15:12 . 2009-05-27 15:12 137 ----a-w- c:\documents and settings\cybermod\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-05-21 22:59 . 2009-05-21 22:59 -------- d-----w- c:\programmi\Universal Extractor
2009-05-21 22:37 . 2009-04-24 18:40 -------- d-----w- c:\programmi\VMware
2009-05-20 20:14 . 2009-05-20 20:14 -------- d-----w- c:\programmi\Microsoft Windows 7 Upgrade Advisor
2009-05-18 17:30 . 2009-04-25 13:13 -------- d-----w- c:\documents and settings\cybermod\Dati applicazioni\TrueCrypt
2009-05-13 13:21 . 2009-05-13 13:21 -------- d-----w- c:\programmi\DrayTek Router Tools V4.1.0
2009-05-13 05:02 . 2008-12-20 23:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 10:47 . 2009-05-11 10:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-05-10 15:27 . 2009-04-25 13:56 -------- d-----w- c:\programmi\Cobian Backup 9
2009-05-10 13:06 . 2009-05-10 13:06 -------- d-----w- c:\programmi\HDDGURU LLF Tool
2009-05-10 11:23 . 2009-05-10 11:22 -------- d-----w- c:\programmi\FlashBoot
2009-05-07 22:10 . 2009-05-07 22:10 2145 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2009-05-07 15:15 . 2008-04-13 19:13 348160 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 22:25 . 2009-04-24 18:54 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 22:25 . 2009-04-24 18:54 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-26 18:46 . 2009-04-26 18:46 2099 ----a-w- c:\documents and settings\cybermod\Dati applicazioni\.purple\certificates\x509\tls_peers\login.live.com
2009-04-25 17:13 . 2009-04-25 17:13 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-25 17:13 . 2009-04-25 17:13 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-25 17:13 . 2009-04-25 17:13 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-25 17:12 . 2009-04-25 17:13 34447128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ita.exe
2009-04-25 17:07 . 2009-04-25 17:07 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-25 17:07 . 2009-04-25 17:07 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-25 17:07 . 2009-04-25 17:07 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-25 16:50 . 2009-04-25 17:08 33753272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ita_web(2).exe
2009-04-25 15:37 . 2009-04-25 15:37 0 ----a-w- c:\windows\nsreg.dat
2009-04-25 15:12 . 2009-04-25 15:12 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-25 13:14 . 2009-04-25 13:14 223424 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-04-24 19:43 . 2009-04-24 18:46 53968 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-24 19:19 . 2009-04-24 19:19 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-24 19:19 . 2009-04-24 19:19 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-24 19:19 . 2009-04-24 19:19 132352 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-04-24 18:58 . 2009-04-24 18:58 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-04-24 18:51 . 2009-04-24 18:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 18:44 . 2009-04-24 18:44 25214 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}\_294823.exe
2009-04-24 18:37 . 2009-04-24 18:37 318 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}\ARPPRODUCTICON.exe
2009-04-24 18:36 . 2009-04-24 18:36 142 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\fusioncache.dat
.

------- Sigcheck -------

[-] 2009-03-02 00:33 588800 3DBD6DC6D74C517D55A1B3AECA88EF48 c:\windows\system32\user32.dll

[-] 2009-04-24 18:21 549888 B93931EA1B7E9ACCA65C131B5FB5E4CA c:\windows\system32\winlogon.exe

[-] 2009-03-21 01:01 1554432 94E6AE0CA24B2D84286DDEA8666A4E40 c:\windows\explorer.exe

[-] 2009-03-02 00:34 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\system32\ctfmon.exe

[-] 2009-03-01 23:42 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-03-02 25088]
"LClock"="c:\programmi\LClock\lclock.exe" [2004-09-19 65536]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2009-02-25 1555456]
"SandboxieControl"="c:\programmi\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"PTHOSTTR"="c:\programmi\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2008-06-23 884696]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2008-06-23 1274800]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"vmware-tray"="c:\programmi\VMware\VMware Workstation\vmware-tray.exe" [2009-03-26 96816]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"Cobian Backup 9 interface"="c:\programmi\Cobian Backup 9\cbInterface.exe" [2009-01-22 2749952]
"IntelZeroConfig"="c:\programmi\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-02 1368064]
"IntelWireless"="c:\programmi\File comuni\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-02 1191936]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Kerio VPN Client"="c:\programmi\Kerio\VPN Client\kvpncgui.exe" [2009-03-24 4982632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-02 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\cybermod\Menu Avvio\Programmi\Esecuzione automatica\
Nuovo Documento di testo.txt [2009-7-4 424]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Acronis\\TrueImageEchoEnterpriseServer\\TrueImage.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\Programmi\\Foxit Software\\Editor\\PDFEdit_en.exe"=
"c:\\Documents and Settings\\cybermod\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [02/03/2009 2.44.33 308248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/07/2009 20.05.57 130936]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24/07/2007 8.21.52 38816]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [24/04/2008 7.49.26 45848]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\System\CPL Bonus\vcdrom.sys [24/04/2009 19.21.29 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/04/2009 20.54.56 108289]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [13/04/2008 21.14.22 14336]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [13/04/2008 21.14.22 14336]
R2 CobianBackupAmanita;Cobian Backup 9 servizio;c:\programmi\Cobian Backup 9\cbService.exe [25/04/2009 15.56.52 583168]
R2 KVPNCSvc;Kerio VPN Client Service;c:\programmi\Kerio\VPN Client\kvpncsvc.exe [24/03/2009 16.00.00 968552]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [08/11/2008 16.11.10 1238344]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26/03/2009 23.05.36 54960]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04/07/2008 12.52.18 14336]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/04/2009 18.29.13 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 11.31.38 44800]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23/03/2009 10.25.30 29696]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [01/11/2006 5.01.56 3328]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S3 EL3C574;Driver di periferica FE574B-3Com 10/100 LAN PCCard;c:\windows\system32\drivers\el574nd4.sys [29/05/2009 10.28.52 24653]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [24/04/2009 19.45.41 35072]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [05/06/2009 16.11.23 100352]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [05/06/2009 16.11.23 87552]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [05/06/2009 16.11.23 100352]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [07/07/2009 20.05.43 348752]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [14/05/2009 11.27.50 129535]
S3 VirtualDK;VirtualDK;\??\c:\documents and settings\cybermod\Desktop\XP da Usb\TecnoPen2\Pre-packed\usb_prep8\vdk.sys c:\documents and settings\cybermod\Desktop\XP da Usb\TecnoPen2\Pre-packed\usb_prep8\vdk.sys

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - HELPSVC
*NewlyCreated* - VCDROM
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-07-07 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\programmi\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe [2007-07-24 06:22]

2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{B5B4737F-E6A0-485C-A351-4C0BE108DC4E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-01 02:31]

2009-07-08 c:\windows\Tasks\User_Feed_Synchronization-{B718261F-41C9-420F-AB88-3BB924348A04}.job
- c:\windows\system32\msfeedssync.exe [2009-03-01 02:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-iyysieo - c:\documents and settings\cybermod\impostazioni locali\dati applicazioni\iyysieo.exe
HKLM-Run-LGODDFU - c:\programmi\lg_fwupdate\fwupdate.exe
HKLM-Run-Syslog - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 192.168.1.5:808
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programmi\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\
FF - component: c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\cybermod\Dati applicazioni\Mozilla\Firefox\Profiles\yfmvjflt.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- Associazioni dei file -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 10:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\COMRes.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programmi\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\HPBrand.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ItMsg.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programmi\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\BioAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ittal.dll
c:\programmi\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programmi\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\AuthWiz.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\TpmAuth.dll
c:\windows\system32\IFXTSP.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\IFXTCSps.dll
c:\windows\system32\IfxSpMgt.dll
c:\programmi\Hewlett-Packard\Embedded Security Software\IfxSpURsIT.dll
c:\windows\system32\IFXTPMCP.dll
c:\programmi\Hewlett-Packard\Embedded Security Software\IfxTRsIT.dll
c:\programmi\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\windows\system32\msi.dll
c:\windows\system32\capicom.dll
c:\programmi\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
c:\programmi\Hewlett-Packard\IAM\bin\ITA\ittalsnap.DLL
c:\programmi\Hewlett-Packard\IAM\bin\ITA\TokenAuth.dll
c:\programmi\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\programmi\Hewlett-Packard\IAM\bin\ITA\NetAdmin.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1336)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll
c:\programmi\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\programmi\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programmi\iTunes\iTunesMiniPlayer.dll
c:\programmi\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll
c:\programmi\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\programmi\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\scardsvr.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\IFXTCS.exe
c:\programmi\iPod Access for Windows\iPAHelper.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\IfxPsdSv.exe
c:\programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\programmi\UPHClean\uphclean.exe
c:\windows\system32\vssvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\programmi\Hewlett-Packard\IAM\Bin\asghost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\programmi\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\Notepad++\notepad++.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-07-08 10.36.37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-08 08:36

Pre-Run: 23.660.331.008 byte disponibili
Post-Run: 24.103.313.408 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

588 --- E O F --- 2009-07-07 02:57

[ste_95]

Quello che hai eliminato tu era appunto il responsabile dei pop-up, ma ComboFix ha rimosso anche altre schifezze.

c:\windows\system32\msconfig.exe
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Anche se questi mi sembrano legittimi

[alexzappaladra]

giusto per capire, come fai a comprendere se sono leggitimi o meno?

nel caso adesso riscontrassi malfunzionamento in qualche applicazione (tra l'altro ho Xp Ice, una versione un po' particolare) cosa posso fare per ripristinare quei file?

[ste_95]

giusto per capire, come fai a comprendere se sono leggitimi o meno?

Esperienza... So che il file msconfig.exe in System32 è legittimo, a meno di modificazioni causate da malware. In questo caso però, ComboFix ha inteso la diversità di msconfig come sintomo di malware, e l'ha cancellato.

nel caso adesso riscontrassi malfunzionamento in qualche applicazione (tra l'altro ho Xp Ice, una versione un po' particolare) cosa posso fare per ripristinare quei file?

Ti basta copiare i file eliminati dalla cartella C:\QooBox a dove erano prima.

[alexzappaladra]

ah perfetto!!!!

allora sono a posto.
ho controllato e ci sono appunto quei file, me li tengo da parte che non si sa mai :D
sarei quasi tentato di ripristinare quel maledetto, giusto per capire se viene scoperto da combofix, ma dai, perché complicarsi la vita

grazie mille della mano!!!