Alla fine ormai stanco ho deciso di acquistare un nuovo hd.Ora la situazione sembra milgiorata, l'avvio di windows non e' piu lentissimo come prima e non appare piu all avvio di windows la schermata in cui veniva scritto "impossibile avviare windows il file system... manca o e' danneggiato" Ora a computer nuovo ripetendo la scansione con Combofix mi appare il seguente log con tanto di infezione...
Il mio OS e' windows XP sp 3. Come dovrei agire in questo caso?? Ho paura che si rompa du nuovo tutto ..
questo il log
ComboFix 10-01-14.06 - fabio 15/01/2010 12.30.08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1589 [GMT 1:00]
Eseguito da: c:\documents and settings\fabio\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Updated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\fabio\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk
c:\windows\system32\msconfig.exe
c:\windows\system32\midimap.dll . . . è infetto!!
.
((((((((((((((((((((((((( Files Creati Da 2009-12-15 al 2010-01-15 )))))))))))))))))))))))))))))))))))
.
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\programmi\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\programmi\File comuni\DFX
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Logitech
2010-01-15 10:47 . 2010-01-15 10:47 53248 ----a-r- c:\documents and settings\fabio\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\programmi\Common Files
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Leadertech
2010-01-15 10:45 . 2006-10-08 20:51 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-15 10:44 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-15 10:44 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-15 10:44 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-15 10:44 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-15 10:44 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2010-01-15 10:44 . 2010-01-15 10:45 -------- d-----w- c:\programmi\File comuni\Logishrd
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\programmi\Logitech
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\InstallShield
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-15 00:53 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-15 00:53 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\Microsoft Works
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\MSBuild
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-15 00:50 . 2010-01-15 00:50 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2010-01-15 00:50 . 2010-01-15 00:50 -------- d-----w- c:\windows\SHELLNEW
2010-01-15 00:49 . 2010-01-15 00:49 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-01-15 00:49 . 2010-01-15 00:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-15 00:49 . 2010-01-15 00:49 -------- d-----r- C:\MSOCache
2010-01-15 00:47 . 2010-01-15 00:47 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\Identities
2010-01-15 00:41 . 2010-01-15 00:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 00:41 . 2010-01-15 00:42 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-15 00:41 . 2010-01-15 00:46 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\DAEMON Tools Lite
2010-01-15 00:41 . 2010-01-15 00:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-01-15 00:11 . 2010-01-15 00:11 -------- d-----w- c:\programmi\COMODO
2010-01-15 00:06 . 2010-01-15 00:06 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\ComodoGroup
2010-01-15 00:06 . 2010-01-15 00:06 8 ----a-w- c:\windows\crpf.bin
2010-01-15 00:06 . 2010-01-15 00:06 4 ----a-w- c:\windows\crpf_sdum.bin
2010-01-15 00:05 . 2010-01-15 00:05 -------- d-----w- c:\documents and settings\fabio\Dati applicazioniComodoGroup
2010-01-14 23:46 . 2010-01-14 23:46 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Canneverbe_Limited
2010-01-14 22:55 . 2010-01-14 22:55 -------- d-----w- c:\programmi\uTorrent
2010-01-14 22:53 . 2010-01-15 11:25 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\uTorrent
2010-01-14 22:47 . 2010-01-14 22:50 -------- d-----w- c:\programmi\eMule
2010-01-14 22:29 . 2010-01-14 22:29 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\vlc
2010-01-14 22:20 . 2010-01-14 22:21 1924200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-14 22:20 . 2010-01-14 22:20 836464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-01-14 22:20 . 2010-01-15 00:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-14 22:11 . 2010-01-15 11:02 -------- d-----w- c:\documents and settings\fabio\Tracing
2010-01-14 22:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-01-14 22:10 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-14 22:10 . 2010-01-14 22:10 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2010-01-14 22:09 . 2010-01-14 22:09 -------- d-----w- c:\programmi\Microsoft
2010-01-14 22:09 . 2010-01-14 22:09 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-01-14 22:04 . 2010-01-14 22:04 -------- d-----w- c:\documents and settings\fabio\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-15 10:44 . 2010-01-14 21:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-15 01:21 . 2010-01-14 21:06 65360 ----a-w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-15 00:46 . 2001-08-31 15:00 68650 ----a-w- c:\windows\system32\perfc010.dat
2010-01-15 00:46 . 2001-08-31 15:00 435070 ----a-w- c:\windows\system32\perfh010.dat
2010-01-15 00:42 . 2010-01-14 20:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-14 22:10 . 2010-01-14 20:24 -------- d-----w- c:\programmi\Windows Live
2010-01-14 21:46 . 2010-01-14 21:46 -------- d-----w- c:\programmi\File comuni\snp2std
2010-01-14 21:35 . 2010-01-14 21:35 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\FRISK Software
2010-01-14 21:22 . 2010-01-14 21:22 0 ----a-w- c:\windows\nsreg.dat
2010-01-14 21:20 . 2010-01-14 21:20 -------- d-----w- c:\programmi\Attansic
2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FRISK Software
2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\programmi\FRISK Software
2010-01-14 21:08 . 2010-01-14 21:08 -------- d-----w- c:\programmi\Realtek
2010-01-14 21:08 . 2010-01-14 21:08 315392 ----a-w- c:\windows\HideWin.exe
2010-01-14 21:08 . 2010-01-14 21:08 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\AGEIA Technologies
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-01-14 20:50 . 2010-01-14 20:50 -------- d-----w- c:\programmi\Intel
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Winamp
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\Winamp
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\QT Lite
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\Real Alternative
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\programmi\CDBurnerXP
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\programmi\7-Zip
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\VisualTaskTips
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\Stardock
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\File comuni\Stardock
2010-01-14 20:23 . 2010-01-14 20:31 71680 ----a-w- c:\documents and settings\fabio\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:27 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:23 71680 ----a-w- c:\documents and settings\Default User\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\PicPick
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\Foxit Reader
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\VideoLAN
2010-01-14 20:21 . 2010-01-14 20:21 -------- d-----w- c:\programmi\Servizi in linea
2010-01-14 20:20 . 2010-01-14 20:20 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\System
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\Unlocker
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-11-21 02:34 . 2010-01-14 21:03 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34 . 2010-01-14 21:03 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2010-01-14 21:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2010-01-14 21:03 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2010-01-14 21:03 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2010-01-14 21:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2010-01-14 21:03 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2010-01-14 21:03 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34 . 2010-01-14 21:03 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2010-01-14 21:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2010-01-14 21:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2010-01-14 21:03 2293286 ----a-w- c:\windows\system32\nvdata.bin
.
------- Sigcheck -------
[-] 2008-07-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-07-28 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-07-28 . 6C01B44D2A5A66137E80E8537E761914 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-07-28 . 8B2A7229651894B07A5F750E1FEF99CC . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-28 . CC429B729FA7B5C39F26A0954D8BA0BB . 3803136 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
[-] 2008-07-28 . 88348F8C92C28BA99FE49BD392100CE0 . 920064 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
[-] 2008-07-28 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-28 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-28 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KelsPackSoft"="c:\windows\system32\mmm.exe" [2005-07-05 828416]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"F-PROT Antivirus Tray application"="c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-05-22 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-28 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-28 123904]
c:\documents and settings\fabio\Menu Avvio\Programmi\Esecuzione automatica\
met4.lnk - c:\documents and settings\All Users\Menu Avvio\Programmi\Desktop Gadget\Meters\aeromet.exe [2010-1-14 445952]
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2010-1-14 3450608]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2010-1-15 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [14/01/2010 22.17.34 682840]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\System\CPL Bonus\vcdrom.sys [14/01/2010 21.19.42 8576]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [27/08/2009 16.26.02 75424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/01/2010 23.10.58 54752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [14/01/2010 22.20.54 38656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/01/2010 1.41.31 691696]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - VCDROM
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fabio\Dati applicazioni\Mozilla\Firefox\Profiles\ejbfhxmk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\{b77b87c9-46af-4e4e-954f-b51682b0950e}\components\FFAlert.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-nwiz - nwiz.exe
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2010-01-15 12:32:04
ComboFix-quarantined-files.txt 2010-01-15 11:32
Pre-Run: 485.949.284.352 byte disponibili
Post-Run: 485.988.229.120 byte disponibili
- - End Of File - - 957D3F83E7981C18FF76649620064278
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1589 [GMT 1:00]
Eseguito da: c:\documents and settings\fabio\Desktop\ComboFix.exe
AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Updated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\fabio\Menu Avvio\Programmi\Esecuzione automatica\Logitech . Registrazione prodotti.lnk
c:\windows\system32\msconfig.exe
c:\windows\system32\midimap.dll . . . è infetto!!
.
((((((((((((((((((((((((( Files Creati Da 2009-12-15 al 2010-01-15 )))))))))))))))))))))))))))))))))))
.
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\programmi\DFX
2010-01-15 11:21 . 2010-01-15 11:21 -------- d-----w- c:\programmi\File comuni\DFX
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Logitech
2010-01-15 10:47 . 2010-01-15 10:47 53248 ----a-r- c:\documents and settings\fabio\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\programmi\Common Files
2010-01-15 10:47 . 2010-01-15 10:47 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Leadertech
2010-01-15 10:45 . 2006-10-08 20:51 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-15 10:44 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-01-15 10:44 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-01-15 10:44 . 2008-05-02 01:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-01-15 10:44 . 2008-05-02 01:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-01-15 10:44 . 2008-05-02 01:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2010-01-15 10:44 . 2010-01-15 10:45 -------- d-----w- c:\programmi\File comuni\Logishrd
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\programmi\Logitech
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\InstallShield
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2010-01-15 00:53 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-15 00:53 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\Microsoft Works
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\MSBuild
2010-01-15 00:52 . 2010-01-15 00:52 -------- d-----w- c:\programmi\Microsoft.NET
2010-01-15 00:50 . 2010-01-15 00:50 -------- d-----w- c:\programmi\Microsoft Visual Studio 8
2010-01-15 00:50 . 2010-01-15 00:50 -------- d-----w- c:\windows\SHELLNEW
2010-01-15 00:49 . 2010-01-15 00:49 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\Microsoft Help
2010-01-15 00:49 . 2010-01-15 00:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-01-15 00:49 . 2010-01-15 00:49 -------- d-----r- C:\MSOCache
2010-01-15 00:47 . 2010-01-15 00:47 -------- d-----w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\Identities
2010-01-15 00:41 . 2010-01-15 00:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-15 00:41 . 2010-01-15 00:42 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-15 00:41 . 2010-01-15 00:46 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\DAEMON Tools Lite
2010-01-15 00:41 . 2010-01-15 00:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-01-15 00:11 . 2010-01-15 00:11 -------- d-----w- c:\programmi\COMODO
2010-01-15 00:06 . 2010-01-15 00:06 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\ComodoGroup
2010-01-15 00:06 . 2010-01-15 00:06 8 ----a-w- c:\windows\crpf.bin
2010-01-15 00:06 . 2010-01-15 00:06 4 ----a-w- c:\windows\crpf_sdum.bin
2010-01-15 00:05 . 2010-01-15 00:05 -------- d-----w- c:\documents and settings\fabio\Dati applicazioniComodoGroup
2010-01-14 23:46 . 2010-01-14 23:46 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Canneverbe_Limited
2010-01-14 22:55 . 2010-01-14 22:55 -------- d-----w- c:\programmi\uTorrent
2010-01-14 22:53 . 2010-01-15 11:25 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\uTorrent
2010-01-14 22:47 . 2010-01-14 22:50 -------- d-----w- c:\programmi\eMule
2010-01-14 22:29 . 2010-01-14 22:29 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\vlc
2010-01-14 22:20 . 2010-01-14 22:21 1924200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2010-01-14 22:20 . 2010-01-14 22:20 836464 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-01-14 22:20 . 2010-01-15 00:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2010-01-14 22:11 . 2010-01-15 11:02 -------- d-----w- c:\documents and settings\fabio\Tracing
2010-01-14 22:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-01-14 22:10 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-14 22:10 . 2010-01-14 22:10 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2010-01-14 22:09 . 2010-01-14 22:09 -------- d-----w- c:\programmi\Microsoft
2010-01-14 22:09 . 2010-01-14 22:09 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-01-14 22:05 . 2010-01-14 22:05 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-01-14 22:04 . 2010-01-14 22:04 -------- d-----w- c:\documents and settings\fabio\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-15 10:45 . 2010-01-15 10:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-15 10:44 . 2010-01-14 21:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-15 01:21 . 2010-01-14 21:06 65360 ----a-w- c:\documents and settings\fabio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-15 00:46 . 2001-08-31 15:00 68650 ----a-w- c:\windows\system32\perfc010.dat
2010-01-15 00:46 . 2001-08-31 15:00 435070 ----a-w- c:\windows\system32\perfh010.dat
2010-01-15 00:42 . 2010-01-14 20:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-14 22:10 . 2010-01-14 20:24 -------- d-----w- c:\programmi\Windows Live
2010-01-14 21:46 . 2010-01-14 21:46 -------- d-----w- c:\programmi\File comuni\snp2std
2010-01-14 21:35 . 2010-01-14 21:35 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\FRISK Software
2010-01-14 21:22 . 2010-01-14 21:22 0 ----a-w- c:\windows\nsreg.dat
2010-01-14 21:20 . 2010-01-14 21:20 -------- d-----w- c:\programmi\Attansic
2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FRISK Software
2010-01-14 21:17 . 2010-01-14 21:17 -------- d-----w- c:\programmi\FRISK Software
2010-01-14 21:08 . 2010-01-14 21:08 -------- d-----w- c:\programmi\Realtek
2010-01-14 21:08 . 2010-01-14 21:08 315392 ----a-w- c:\windows\HideWin.exe
2010-01-14 21:08 . 2010-01-14 21:08 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\AGEIA Technologies
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-14 21:04 . 2010-01-14 21:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-01-14 20:50 . 2010-01-14 20:50 -------- d-----w- c:\programmi\Intel
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\documents and settings\fabio\Dati applicazioni\Winamp
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\Winamp
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\QT Lite
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\Real Alternative
2010-01-14 20:31 . 2010-01-14 20:31 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\programmi\CDBurnerXP
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\programmi\7-Zip
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\VisualTaskTips
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\Stardock
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\File comuni\Stardock
2010-01-14 20:23 . 2010-01-14 20:31 71680 ----a-w- c:\documents and settings\fabio\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:27 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:23 71680 ----a-w- c:\documents and settings\Default User\GLB762.tmp
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\PicPick
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\Foxit Reader
2010-01-14 20:23 . 2010-01-14 20:23 -------- d-----w- c:\programmi\VideoLAN
2010-01-14 20:21 . 2010-01-14 20:21 -------- d-----w- c:\programmi\Servizi in linea
2010-01-14 20:20 . 2010-01-14 20:20 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\System
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\Unlocker
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-11-21 02:34 . 2010-01-14 21:03 69632 ----a-w- c:\windows\system32\OpenCL.dll
2009-11-21 02:34 . 2010-01-14 21:03 4038656 ----a-w- c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2010-01-14 21:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2010-01-14 21:03 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-11-21 02:34 . 2010-01-14 21:03 182888 ----a-w- c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2010-01-14 21:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2010-01-14 21:03 13602816 ----a-w- c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2010-01-14 21:03 11374592 ----a-w- c:\windows\system32\nvcompiler.dll
2009-11-21 02:34 . 2010-01-14 21:03 1056768 ----a-w- c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2010-01-14 21:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-11-21 02:34 . 2010-01-14 21:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2010-01-14 21:03 2293286 ----a-w- c:\windows\system32\nvdata.bin
.
------- Sigcheck -------
[-] 2008-07-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-07-28 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-07-28 . 6C01B44D2A5A66137E80E8537E761914 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[-] 2008-07-28 . 8B2A7229651894B07A5F750E1FEF99CC . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-28 . CC429B729FA7B5C39F26A0954D8BA0BB . 3803136 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
[-] 2008-07-28 . 88348F8C92C28BA99FE49BD392100CE0 . 920064 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
[-] 2008-07-28 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-28 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-28 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KelsPackSoft"="c:\windows\system32\mmm.exe" [2005-07-05 828416]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"F-PROT Antivirus Tray application"="c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]
"FixCamera"="c:\windows\FixCamera.exe" [2006-06-01 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-05-22 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-28 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-07-28 123904]
c:\documents and settings\fabio\Menu Avvio\Programmi\Esecuzione automatica\
met4.lnk - c:\documents and settings\All Users\Menu Avvio\Programmi\Desktop Gadget\Meters\aeromet.exe [2010-1-14 445952]
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2010-1-14 3450608]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2010-1-15 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [14/01/2010 22.17.34 682840]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\programmi\System\CPL Bonus\vcdrom.sys [14/01/2010 21.19.42 8576]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\programmi\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [27/08/2009 16.26.02 75424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/01/2010 23.10.58 54752]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [14/01/2010 22.20.54 38656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/01/2010 1.41.31 691696]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - VCDROM
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\fabio\Dati applicazioni\Mozilla\Firefox\Profiles\ejbfhxmk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\{b77b87c9-46af-4e4e-954f-b51682b0950e}\components\FFAlert.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-nwiz - nwiz.exe
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2010-01-15 12:32:04
ComboFix-quarantined-files.txt 2010-01-15 11:32
Pre-Run: 485.949.284.352 byte disponibili
Post-Run: 485.988.229.120 byte disponibili
- - End Of File - - 957D3F83E7981C18FF76649620064278
Grazie a tutti in anticipo
Luca