Allora....
dato che sembrano esserci ancora problemi, specialmente per lunghe attese dopo la richiesta di una pagina...ho rifatto un giro su combofix e uno su smitfraudfix....posto i log casomani potessero indicare qualcosa
COMBOFIX LOG
--------------------
ComboFix 10-04-30.03 - Stefano 01/05/2010 10.36.42.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1624 [GMT 2:00]
Eseguito da: e:\altro\software\sicurezza\antimalware\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\WindowsUpdate
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Creati Da 2010-04-01 al 2010-05-01 )))))))))))))))))))))))))))))))))))
.
2010-04-19 18:03 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-04-15 21:05 . 2010-04-15 21:05 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-14 17:40 . 2010-03-05 18:46 465408 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2010-04-10 18:55 . 2010-04-10 18:55 5514304 ----a-w- c:\documents and settings\Stefano\Dati applicazioni\TVU Networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-04-10 18:55 . 2010-04-10 18:55 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\TVU Networks
2010-04-06 18:51 . 2010-04-07 08:11 574 ----a-w- C:\cleanup.bat
2010-04-06 18:27 . 2010-04-07 08:11 0 ----a-w- C:\backup.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 08:30 . 2007-10-10 14:49 -------- d-----w- c:\programmi\PeerGuardian2
2010-05-01 08:18 . 2007-09-02 12:39 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Spamihilator
2010-04-30 20:58 . 2004-10-16 13:19 -------- d-----w- c:\programmi\Google
2010-04-30 20:58 . 2005-03-16 20:03 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\MySQL
2010-04-30 19:15 . 2005-08-08 18:05 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\Skype
2010-04-27 18:21 . 2008-08-16 12:29 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\FileZilla
2010-04-27 15:27 . 2008-03-04 20:50 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\HAPedit
2010-04-24 09:12 . 2003-10-23 13:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-19 17:02 . 2006-08-01 21:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-19 16:43 . 2003-10-08 16:23 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-19 16:35 . 2008-06-14 14:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Codemasters
2010-04-04 12:19 . 2007-02-10 19:57 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-04 12:00 . 2008-12-21 11:39 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-04 11:59 . 2009-01-07 20:19 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 22:46 . 2008-12-21 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2008-12-21 11:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 08:28 . 2003-04-08 12:00 556630 ----a-w- c:\windows\system32\perfh010.dat
2010-03-28 08:28 . 2003-04-08 12:00 104756 ----a-w- c:\windows\system32\perfc010.dat
2010-03-25 18:25 . 2006-12-16 16:21 182936 ----a-w- c:\documents and settings\Mauro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-03-25 18:24 . 2010-03-25 18:24 -------- d-----w- c:\documents and settings\Mauro\Dati applicazioni\Nero
2010-03-25 18:24 . 2010-03-25 18:24 -------- d-----w- c:\documents and settings\Mauro\Dati applicazioni\ATI
2010-03-11 14:45 . 2007-01-10 17:24 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\gtk-2.0
2010-03-10 08:43 . 2010-03-10 08:29 -------- d-----w- c:\documents and settings\Stefano\Dati applicazioni\FileSubmit
2010-03-10 06:15 . 2003-04-08 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 16:57 . 2003-10-10 18:13 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-28 13:27 . 2009-11-23 17:35 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-25 06:16 . 2004-02-06 16:08 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-04-08 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2003-04-08 12:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2002-09-09 13:34 2028032 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 14:28 . 2004-04-30 15:32 182936 ----a-w- c:\documents and settings\Stefano\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-12 04:33 . 2003-04-08 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-04-08 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-11 07:38 . 2008-08-01 06:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2008-08-01 04:32 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2008-08-01 04:10 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2008-08-01 03:59 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2008-08-01 03:34 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2010-02-28 13:34 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-04 05:48 . 2009-04-17 17:59 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-04 05:48 . 2009-04-17 17:59 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Habu"="c:\programmi\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"NBKeyScan"="c:\programmi\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Stefano\Menu Avvio\Programmi\Esecuzione automatica\
Collegamento a allarme.lnk - c:\documents and settings\Stefano\Desktop\allarme.txt [2008-10-1 177]
Spamihilator.lnk - c:\programmi\Spamihilator\spamihilator.exe [2010-2-5 1512448]
Stickies.lnk - c:\programmi\stickies\stickies.exe [2005-5-29 348160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.sys
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BTTray.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^gwum.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HELPExpress.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PCSuiteperNokia6600 Detect.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 Detect.lnk
backup=c:\windows\pss\PCSuiteperNokia6600 Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^PCSuiteperNokia6600 TS.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\PCSuiteperNokia6600 TS.lnk
backup=c:\windows\pss\PCSuiteperNokia6600 TS.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Stefano^Menu Avvio^Programmi^Esecuzione automatica^Watch.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 8]
2007-02-03 23:06 499712 ----a-w- c:\programmi\Cobian Backup 8\Cobian.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- e:\programmi\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\programmi\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 16:50 4363504 ----a-w- c:\programmi\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-07-11 13:42 155648 ----a-w- c:\programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 11:00 24095528 ----a-r- c:\programmi\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-12 12:47 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-03-18 16:50 4363504 ----a-w- c:\programmi\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\stickies\\stickies.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\WorldShift\\bin\\WorldShift.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Spamihilator\\spamihilator.exe"=
"c:\\Programmi\\Spamihilator\\cdcc.exe"=
"c:\\Programmi\\Spamihilator\\dccproc.exe"=
"e:\\MassEffect\\Mass Effect\\Binaries\\MassEffect.exe"=
"e:\\MassEffect\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [19/10/2003 20.08.18 6144]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [10/10/2003 15.46.30 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [10/10/2003 15.46.30 21184]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/08/2006 23.18.39 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [17/04/2009 19.59.35 134344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [17/04/2009 19.59.35 25160]
S1 SASDIFSV;SASDIFSV;\??\e:\programmi\SUPERAntiSpyware\SASDIFSV.SYS --> e:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\e:\programmi\SUPERAntiSpyware\SASKUTIL.sys --> e:\programmi\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [10/10/2003 15.46.45 151476]
S2 GLOGODrv;GLOGODrv;c:\windows\system32\drivers\GLOGODrv.sys [10/10/2003 15.56.35 13332]
S2 MustekMA1908Driver;MustekMA1908Driver;c:\windows\system32\drivers\MA1908.SYS [09/10/2003 17.04.28 22528]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [18/04/2009 12.53.17 8192]
S2 pgAgent;PostgreSQL Scheduling Agent - pgAgent;c:\programmi\postgresql\8.4\pgagent3\pgagent.exe RUN pgAgent hostaddr=127.0.0.1 dbname=postgres user=postgres --> c:\programmi\postgresql\8.4\pgagent3\pgagent.exe RUN pgAgent hostaddr=127.0.0.1 dbname=postgres user=postgres [?]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [29/03/2007 15.19.55 6016]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys --> c:\windows\system32\DRIVERS\bcfilter.sys [?]
S3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys --> c:\windows\system32\DRIVERS\bcfilter.sys [?]
S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [09/10/2003 16.50.25 166504]
S3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [23/06/2009 9.43.58 26752]
S3 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Programmi/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programmi/PostgreSQL/8.4/data" -w --> C:/Programmi/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 RTCore32;RTCore32;\??\c:\documents and settings\Stefano\Desktop\Nuova cartella\RTCore32.sys --> c:\documents and settings\Stefano\Desktop\Nuova cartella\RTCore32.sys [?]
S3 SASENUM;SASENUM;\??\e:\programmi\SUPERAntiSpyware\SASENUM.SYS --> e:\programmi\SUPERAntiSpyware\SASENUM.SYS [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [01/08/2006 23.25.47 223128]
S3 wbwxx;wbwxx;\??\c:\windows\system32\095.tmp --> c:\windows\system32\095.tmp [?]
S3 XG762_XP;CONITECH 802.11g XG762N Driver;c:\windows\system32\drivers\WlanUZXP.SYS [06/02/2008 22.14.37 450560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sfzdru
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.pcprimipassi.it/
mStart Page = hxxp://it.yahoo.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
Trusted Zone: //localhost/main.html
Trusted Zone: wdsglobal.com\nokiags
DPF: Microsoft XML Parser for Java
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100325090228
FF - ProfilePath - c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\5wmauz87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pcprimipassi.it
FF - component: c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\5wmauz87.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\5wmauz87.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Stefano\Dati applicazioni\Mozilla\Firefox\Profiles\5wmauz87.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-HijackThis - e:\altro\software\sicurezza\antimalware\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-01 10:53
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmi/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmi/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programmi\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\programmi\MySQL\MySQL Server 5.1\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmi/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmi/PostgreSQL/8.4/data\" -w"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wbwxx]
"ImagePath"="\??\c:\windows\system32\095.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1844237615-1580818891-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(300)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codecp.acm
c:\windows\system32\iac25_32.ax
c:\windows\system32\mp3fhg.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\ac3filter.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\divxa32.acm
- - - - - - - > 'lsass.exe'(356)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-05-01 10:59:34
ComboFix-quarantined-files.txt 2010-05-01 08:59
ComboFix2.txt 2010-04-06 12:02
Pre-Run: 13.857.378.304 byte disponibili
Post-Run: 13.909.258.240 byte disponibili
- - End Of File - - A19FA2FB7D524E8DA93A66FD9508A471
SMITFRAUDFIX log
-----------------------
SmitFraudFix v2.424
Scan done at 11.04.34,75, 01/05/2010
Run from E:\Altro\software\sicurezza\antimalware\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9431FDB8-92EF-4A0E-B659-609C8C816376}: DhcpNameServer=85.37.17.55
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9431FDB8-92EF-4A0E-B659-609C8C816376}: DhcpNameServer=85.37.17.55
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9431FDB8-92EF-4A0E-B659-609C8C816376}: DhcpNameServer=85.37.17.55
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.37.17.55
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.37.17.55
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.37.17.55
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End