ComboFix 09-04-04.01 - PaGoDa 2009-04-08 10.08.36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.751.440 [GMT 2:00]
Eseguito da: c:\documents and settings\PaGoDa\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: Prevx Edge *On-access scanning enabled* (Updated)
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-03-08 al 2009-04-08 )))))))))))))))))))))))))))))))))))
.
2009-04-08 09:52 . 2009-04-08 09:52 1,542,144 --a------ c:\windows\explorer.exe.kav
2009-04-08 09:52 . 2009-04-08 09:52 118,784 --a------ c:\windows\system32\hkcmd.exe.kav
2009-04-08 09:52 . 2009-04-08 09:52 58,368 --a------ c:\windows\system32\spoolsv.exe.kav
2009-04-08 09:52 . 2009-04-08 09:52 45,568 --a------ c:\windows\system32\alg.exe.kav
2009-04-08 09:52 . 2009-04-08 09:52 15,360 --a------ c:\windows\system32\ctfmon.exe.kav
2009-04-08 09:40 . 2009-04-08 09:40 <DIR> d-------- C:\
00000082
2009-04-08 09:35 . 2004-08-30 22:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-04-08 09:30 . 2009-04-08 09:30 <DIR> d-------- c:\documents and settings\PaGoDa\Dati applicazioni\Thunderbird
2009-04-08 08:43 . 2009-04-08 10:09 3,848,224 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-08 08:43 . 2008-07-08 14:54 148,496 --a------ c:\windows\system32\drivers\82509220.sys
2009-04-08 08:43 . 2009-04-08 09:46 19,268 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-08 00:44 . 2009-04-08 00:44 <DIR> d-------- c:\programmi\Prevx
2009-04-08 00:44 . 2009-04-08 09:35 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-04-08 00:44 . 2009-04-08 00:44 22,024 --a------ c:\windows\system32\drivers\pxscan.sys
2009-04-08 00:44 . 2009-04-08 00:44 18,440 --a------ c:\windows\system32\drivers\pxprot.sys
2009-04-08 00:44 . 2009-04-08 00:44 16,904 --a------ c:\windows\system32\drivers\pxrts.sys
2009-04-08 00:44 . 2009-04-08 00:44 65 --a------ c:\windows\wininit.ini
2009-04-07 22:20 . 2009-04-07 22:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-04-02 22:40 . 2009-04-02 22:40 <DIR> d-------- c:\programmi\Avira
2009-04-02 22:40 . 2009-04-02 22:40 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-04-02 22:40 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-26 11:07 . 2009-03-26 11:07 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-03-26 11:07 . 2009-03-26 11:07 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-03-26 11:07 . 2009-03-26 11:07 59,904 --a------ c:\windows\system32\zlib1.dll
2009-03-26 11:03 . 2009-03-26 11:03 1,028,096 --a------ c:\windows\system32\libeay32.dll
2009-03-26 11:03 . 2009-03-26 11:03 286,720 --a------ c:\windows\system32\libcurl.dll
2009-03-26 11:03 . 2009-03-26 11:03 196,608 --a------ c:\windows\system32\ssleay32.dll
2009-03-26 11:03 . 2009-03-26 11:03 143,360 --a------ c:\windows\system32\libexpatw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 07:55 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-08 07:55 402,944 ----a-w c:\windows\system32\mspaint.exe
2009-04-08 07:55 32,256 ----a-w c:\windows\system32\ntsd.exe
2009-04-08 07:55 184,320 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-08 07:53 816,640 ----a-w c:\windows\system32\mmc.exe
2009-04-08 07:52 8,192 ----a-w c:\windows\system32\winhlp32.exe
2009-04-08 07:52 70,656 ----a-w c:\windows\system32\notepad.exe
2009-04-08 07:52 46,592 ----a-w c:\windows\system32\mshta.exe
2009-04-08 07:52 33,280 ----a-w c:\windows\system32\rundll32.exe
2009-04-08 07:52 287,744 ----a-w c:\windows\winhlp32.exe
2009-04-08 07:52 281,088 ----a-w c:\windows\regedit.exe
2009-04-08 07:52 21,504 ----a-w c:\windows\system32\fontview.exe
2009-04-08 07:52 190,464 ----a-w c:\windows\system32\accwiz.exe
2009-04-08 07:52 114,688 ----a-w c:\windows\system32\wscript.exe
2009-04-08 07:52 105,472 ----a-w c:\windows\system32\clipbrd.exe
2009-04-08 07:52 10,752 ----a-w c:\windows\hh.exe
2009-04-08 07:52 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-08 07:51 --------- d-----w c:\programmi\FastStone Capture
2009-04-06 13:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 20:22 --------- d-----w c:\programmi\jv16 PowerTools
2009-04-02 20:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-04-02 20:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Norton
2009-04-02 19:25 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-04-02 19:23 --------- d-----w c:\programmi\SpywareBlaster
2009-03-02 13:04 --------- d-----w c:\documents and settings\PaGoDa\Dati applicazioni\uTorrent
2009-02-20 20:25 219,648 ----a-w c:\windows\system32\uxtheme.dll
2009-02-15 20:24 --------- d-----w c:\documents and settings\PaGoDa\Dati applicazioni\Vso
2009-02-12 20:21 7,802,581 ----a-w c:\windows\Media\Media.zip
2009-01-17 21:15 47,360 ----a-w c:\documents and settings\PaGoDa\Dati applicazioni\pcouffin.sys
.
------- Sigcheck -------
2004-08-30 22:00 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\ie8\wininet.dll
2008-08-22 03:08 878592 df1cb456ed1e038b276123365a1a93c4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
2008-08-22 03:08 945152 a94f3c411d69c483ed2bc0da86f5ed9b c:\windows\system32\wininet.dll
2008-08-22 03:08 945152 a94f3c411d69c483ed2bc0da86f5ed9b c:\windows\system32\dllcache\wininet.dll
2004-08-30 22:00 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
2004-08-30 22:00 2221696 ff1854488bb3401dad43a7ce27974e8c c:\windows\system32\ntkrnlpa.exe
2004-08-30 22:00 2184704 4591cf1f202181113de2996e79a2905a c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
2004-08-30 22:00 2345856 370289bcb6aae0c08ff1fb4bbb747551 c:\windows\system32\ntoskrnl.exe
2004-08-30 22:00 1560576 c3956882b0a5c28dab16c991f66138f5 c:\windows\explorer.exe
2004-08-30 22:00 1053696 c1a3f8696300336bfbd523a9fc07f8c2 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
2004-08-30 22:00 1560576 4f21053064386a1b1739bd29d8ee8561 c:\windows\system32\dllcache\explorer.exe
2004-08-30 22:00 34304 8c9816c02e15fe5c0fc51a6cb3300352 c:\windows\system32\ctfmon.exe
2004-08-30 22:00 34304 6e35ef799171525125f0a20a6fddac68 c:\windows\system32\dllcache\ctfmon.exe
2004-08-30 22:00 76800 d9acd18a3a173abde1a3caa7a122de7d c:\windows\system32\spoolsv.exe
2004-08-30 22:00 76800 5f35b2499dc4f9251caebad237355300 c:\windows\system32\dllcache\spoolsv.exe
2004-08-30 22:00 130560 8ab70d2d0d454ce1f842b3c710a19a8e c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
2004-08-30 22:00 135680 ba1c6c6b47fbe2ccec4e20f448247baf c:\windows\system32\wuauclt.exe
2004-08-30 22:00 135680 83bfa0a6b920d61edadca31028900bb5 c:\windows\system32\dllcache\wuauclt.exe
2009-04-08 09:53 25088 69f82a5097233d7cec9fd4e56a6883e3 c:\windows\system32\userinit.exe
2004-08-30 22:00 44032 7ccb407bdcdae3299178d8d9ecd8477a c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-08_10.01.28,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 185,856 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2004-08-30 20:00:00 71,680 -c--a-w c:\windows\system32\dllcache\blastcln.exe
+ 2004-08-30 20:00:00 90,624 -c--a-w c:\windows\system32\dllcache\blastcln.exe
- 2004-08-30 20:00:00 150,016 -c--a-w c:\windows\system32\dllcache\bootcfg.exe
+ 2004-08-30 20:00:00 168,960 -c--a-w c:\windows\system32\dllcache\bootcfg.exe
- 2004-08-30 20:00:00 4,608 -c--a-w c:\windows\system32\dllcache\bootok.exe
+ 2004-08-30 20:00:00 23,552 -c--a-w c:\windows\system32\dllcache\bootok.exe
- 2004-08-30 20:00:00 5,120 -c--a-w c:\windows\system32\dllcache\bootvrfy.exe
+ 2004-08-30 20:00:00 24,064 -c--a-w c:\windows\system32\dllcache\bootvrfy.exe
- 2004-08-30 20:00:00 18,944 -c--a-w c:\windows\system32\dllcache\cacls.exe
+ 2004-08-30 20:00:00 37,888 -c--a-w c:\windows\system32\dllcache\cacls.exe
- 2004-08-30 20:00:00 116,736 -c--a-w c:\windows\system32\dllcache\calc.exe
+ 2004-08-30 20:00:00 135,680 -c--a-w c:\windows\system32\dllcache\calc.exe
- 2004-08-30 20:00:00 12,288 -c--a-w c:\windows\system32\dllcache\cb32.exe
+ 2004-08-30 20:00:00 32,768 -c--a-w c:\windows\system32\dllcache\cb32.exe
- 2003-03-24 14:52:04 188,480 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
+ 2003-03-24 14:52:04 208,960 -c--a-w c:\windows\system32\dllcache\cfgwiz.exe
- 2004-08-30 20:00:00 9,728 -c--a-w c:\windows\system32\dllcache\change.exe
+ 2004-08-30 20:00:00 28,672 -c--a-w c:\windows\system32\dllcache\change.exe
- 2004-08-30 20:00:00 80,896 -c--a-w c:\windows\system32\dllcache\charmap.exe
+ 2004-08-30 20:00:00 99,840 -c--a-w c:\windows\system32\dllcache\charmap.exe
- 2004-08-30 20:00:00 13,824 -c--a-w c:\windows\system32\dllcache\chglogon.exe
+ 2004-08-30 20:00:00 32,768 -c--a-w c:\windows\system32\dllcache\chglogon.exe
- 2004-08-30 20:00:00 16,384 -c--a-w c:\windows\system32\dllcache\chgport.exe
+ 2004-08-30 20:00:00 35,328 -c--a-w c:\windows\system32\dllcache\chgport.exe
- 2004-08-30 20:00:00 14,848 -c--a-w c:\windows\system32\dllcache\chgusr.exe
+ 2004-08-30 20:00:00 33,792 -c--a-w c:\windows\system32\dllcache\chgusr.exe
- 2004-08-30 20:00:00 11,776 -c--a-w c:\windows\system32\dllcache\chkdsk.exe
+ 2004-08-30 20:00:00 30,720 -c--a-w c:\windows\system32\dllcache\chkdsk.exe
- 2004-08-30 20:00:00 11,264 -c--a-w c:\windows\system32\dllcache\chkntfs.exe
+ 2004-08-30 20:00:00 30,208 -c--a-w c:\windows\system32\dllcache\chkntfs.exe
- 2004-08-30 20:00:00 47,104 -c--a-w c:\windows\system32\dllcache\cmdl32.exe
+ 2004-08-30 20:00:00 66,048 -c--a-w c:\windows\system32\dllcache\cmdl32.exe
- 2004-08-30 20:00:00 39,936 -c--a-w c:\windows\system32\dllcache\cmmon32.exe
+ 2004-08-30 20:00:00 58,880 -c--a-w c:\windows\system32\dllcache\cmmon32.exe
- 2004-08-30 20:00:00 64,000 -c--a-w c:\windows\system32\dllcache\cmstp.exe
+ 2004-08-30 20:00:00 82,944 -c--a-w c:\windows\system32\dllcache\cmstp.exe
- 2004-08-30 20:00:00 15,872 -c--a-w c:\windows\system32\dllcache\comp.exe
+ 2004-08-30 20:00:00 34,816 -c--a-w c:\windows\system32\dllcache\comp.exe
- 2004-08-30 20:00:00 18,432 -c--a-w c:\windows\system32\dllcache\compact.exe
+ 2004-08-30 20:00:00 37,376 -c--a-w c:\windows\system32\dllcache\compact.exe
- 2004-08-30 20:00:00 9,728 -c--a-w c:\windows\system32\dllcache\comrepl.exe
+ 2004-08-30 20:00:00 28,672 -c--a-w c:\windows\system32\dllcache\comrepl.exe
- 2004-08-30 20:00:00 5,120 -c--a-w c:\windows\system32\dllcache\comrereg.exe
+ 2004-08-30 20:00:00 24,064 -c--a-w c:\windows\system32\dllcache\comrereg.exe
- 2004-08-30 20:00:00 1,036,288 -c--a-w c:\windows\system32\dllcache\conf.exe
+ 2004-08-30 20:00:00 1,056,768 -c--a-w c:\windows\system32\dllcache\conf.exe
- 2004-08-30 20:00:00 27,648 -c--a-w c:\windows\system32\dllcache\conime.exe
+ 2004-08-30 20:00:00 46,592 -c--a-w c:\windows\system32\dllcache\conime.exe
- 2004-08-30 20:00:00 8,192 -c--a-w c:\windows\system32\dllcache\control.exe
+ 2004-08-30 20:00:00 27,136 -c--a-w c:\windows\system32\dllcache\control.exe
- 2004-08-30 20:00:00 13,824 -c--a-w c:\windows\system32\dllcache\convert.exe
+ 2004-08-30 20:00:00 32,768 -c--a-w c:\windows\system32\dllcache\convert.exe
- 2004-08-30 20:00:00 57,344 -c--a-w c:\windows\system32\dllcache\convlog.exe
+ 2004-08-30 20:00:00 76,288 -c--a-w c:\windows\system32\dllcache\convlog.exe
- 2004-08-30 20:00:00 57,399 -c--a-w c:\windows\system32\dllcache\cplexe.exe
+ 2004-08-30 20:00:00 77,879 -c--a-w c:\windows\system32\dllcache\cplexe.exe
- 2004-08-30 20:00:00 19,456 -c--a-w c:\windows\system32\dllcache\cprofile.exe
+ 2004-08-30 20:00:00 38,400 -c--a-w c:\windows\system32\dllcache\cprofile.exe
- 2004-08-30 20:00:00 98,304 -c--a-w c:\windows\system32\dllcache\cscript.exe
+ 2004-08-30 20:00:00 118,784 -c--a-w c:\windows\system32\dllcache\cscript.exe
- 2004-08-30 20:00:00 42,496 -c--a-w c:\windows\system32\dllcache\davcdata.exe
+ 2004-08-30 20:00:00 61,440 -c--a-w c:\windows\system32\dllcache\davcdata.exe
- 2004-08-30 20:00:00 5,120 -c--a-w c:\windows\system32\dllcache\dcomcnfg.exe
+ 2004-08-30 20:00:00 24,064 -c--a-w c:\windows\system32\dllcache\dcomcnfg.exe
- 2004-08-30 20:00:00 31,744 -c--a-w c:\windows\system32\dllcache\ddeshare.exe
+ 2004-08-30 20:00:00 50,688 -c--a-w c:\windows\system32\dllcache\ddeshare.exe
- 2004-08-30 20:00:00 25,088 -c--a-w c:\windows\system32\dllcache\defrag.exe
+ 2004-08-30 20:00:00 44,032 -c--a-w c:\windows\system32\dllcache\defrag.exe
- 2004-08-30 20:00:00 82,944 -c--a-w c:\windows\system32\dllcache\dfrgfat.exe
+ 2004-08-30 20:00:00 101,888 -c--a-w c:\windows\system32\dllcache\dfrgfat.exe
- 2004-08-30 20:00:00 105,472 -c--a-w c:\windows\system32\dllcache\dfrgntfs.exe
+ 2004-08-30 20:00:00 124,416 -c--a-w c:\windows\system32\dllcache\dfrgntfs.exe
- 2004-08-30 20:00:00 547,328 -c--a-w c:\windows\system32\dllcache\dialer.exe
+ 2004-08-30 20:00:00 566,272 -c--a-w c:\windows\system32\dllcache\dialer.exe
- 2004-08-30 20:00:00 85,504 -c--a-w c:\windows\system32\dllcache\diantz.exe
+ 2004-08-30 20:00:00 104,448 -c--a-w c:\windows\system32\dllcache\diantz.exe
- 2004-08-30 20:00:00 165,376 -c--a-w c:\windows\system32\dllcache\diskpart.exe
+ 2004-08-30 20:00:00 184,320 -c--a-w c:\windows\system32\dllcache\diskpart.exe
- 2004-08-30 20:00:00 18,944 -c--a-w c:\windows\system32\dllcache\diskperf.exe
+ 2004-08-30 20:00:00 37,888 -c--a-w c:\windows\system32\dllcache\diskperf.exe
- 2004-08-30 20:00:00 5,120 -c--a-w c:\windows\system32\dllcache\dllhost.exe
+ 2004-08-30 20:00:00 24,064 -c--a-w c:\windows\system32\dllcache\dllhost.exe
- 2004-08-30 20:00:00 4,608 -c--a-w c:\windows\system32\dllcache\dllhst3g.exe
+ 2004-08-30 20:00:00 23,552 -c--a-w c:\windows\system32\dllcache\dllhst3g.exe
- 2004-08-30 20:00:00 225,280 -c--a-w c:\windows\system32\dllcache\dmadmin.exe
+ 2004-08-30 20:00:00 244,224 -c--a-w c:\windows\system32\dllcache\dmadmin.exe
- 2004-08-30 20:00:00 15,872 -c--a-w c:\windows\system32\dllcache\dmremote.exe
+ 2004-08-30 20:00:00 34,816 -c--a-w c:\windows\system32\dllcache\dmremote.exe
- 2004-08-30 20:00:00 10,752 -c--a-w c:\windows\system32\dllcache\doskey.exe
+ 2004-08-30 20:00:00 29,696 -c--a-w c:\windows\system32\dllcache\doskey.exe
- 2004-08-30 20:00:00 30,208 -c--a-w c:\windows\system32\dllcache\dplaysvr.exe
+ 2004-08-30 20:00:00 49,152 -c--a-w c:\windows\system32\dllcache\dplaysvr.exe
- 2004-08-30 20:00:00 18,432 -c--a-w c:\windows\system32\dllcache\dpnsvr.exe
+ 2004-08-30 20:00:00 37,376 -c--a-w c:\windows\system32\dllcache\dpnsvr.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-30 34304]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-01-29 23975720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-01-26 139264]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 34304]
c:\documents and settings\PaGoDa\Menu Avvio\Programmi\Esecuzione automatica\
Disk Cleaner.lnk - c:\programmi\Disk Cleaner\dclean.exe [2005-11-20 229376]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\PaGoDa\\Documenti\\Nuova cartella\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-09-27 39472]
R0 pxprot;pxprot;c:\windows\system32\drivers\pxprot.sys [2009-04-08 18440]
R0 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-04-08 16904]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-04-08 22024]
R1 is-4JIFCdrv;is-4JIFCdrv;c:\windows\system32\drivers\82509220.sys [2009-04-08 148496]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [2009-04-02 108289]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-27 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-09-27 15504]
S2 .norton2009Reset;Norton2009 Reset;c:\documents and settings\All Users\Dati applicazioni\Norton\Norton2009Reset.exe [2009-03-05 328259]
S2 CSIScanner;CSIScanner;c:\programmi\Prevx\prevx.exe [2009-04-08 4448824]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - PROCEXP100
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for PaGoDa.job
- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for SYSTEM.job
- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for PaGoDa.job
- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for SYSTEM.job
- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page = about:blank
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-08 10:09:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\SETUPAPI.dll
.
Ora fine scansione: 2009-04-08 10.10.34
ComboFix-quarantined-files.txt 2009-04-08 08:10:31
ComboFix2.txt 2009-04-08 08:02:22
Pre-Run: 16.939.433.984 byte disponibili
Post-Run: 16,929,120,256 byte disponibili
278