AESSENET.ORG - Forum
	Internet e Software
		Sicurezza & Reti
			Virus Kido.eo, autorun.inf e Recycler su chiavette e periferiche rimuovibili [era: Il modem continua a macinare]

|

Rispondi

Login

|

Registrati

Pagina precedente | 1 2 | Pagina successiva

Stampa | Notifica email

« Discussione Precedente | Lista | Discussione Successiva »

Autore

Virus Kido.eo, autorun.inf e Recycler su chiavette e periferiche rimuovibili [era: Il modem continua a macinare]

Ultimo Aggiornamento: 07/02/2009 09:03

bboss

OFFLINE

Post: 4.722

Maestro

Scusa non mi sono spiegato bene
quelli che ti ho segnalato li ha spostati qui
C:\Qoobox\Quarantine\C\WINDOWS\system32 rinominandoli .vir
però non ho capito se erano associato al virus o se sono
di sistema.
Come ho detto sembra funzioni tutto ...ma il modem macina

Questo è il suo primo log completo
___________________________
ComboFix 09-01-21.04 - ivo 2009-01-29 8.06.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2038.1507 [GMT 1:00]
Eseguito da: c:\documents and settings\ivo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090128-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ivo\Dati applicazioni\inst.exe
C:\Documents
c:\windows\emMON.exe
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msvcsv60.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_NPF
-------\Service_tdssserv

((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-29 )))))))))))))))))))))))))))))))))))
.

2009-01-29 07:21 . 2008-02-15 12:49 188,416 --a------ c:\windows\system32\igfxres.dll
2009-01-28 20:48 . 2008-02-15 12:46 159,744 --a------ c:\windows\system32\hkcmd.exe
2009-01-28 20:48 . 2008-02-15 13:21 147,456 --a------ c:\windows\system32\igfxCoIn_v4926.dll
2009-01-28 20:48 . 2008-02-15 12:46 135,168 --a------ c:\windows\system32\igfxtray.exe
2009-01-28 20:48 . 2008-02-15 12:46 131,072 --a------ c:\windows\system32\igfxpers.exe
2009-01-28 20:16 . 2009-01-28 20:16 <DIR> d-------- c:\programmi\Launch Manager
2009-01-28 20:15 . 2006-01-20 15:56 225,350 --a------ c:\windows\system32\Epm-Po.dll
2009-01-28 19:35 . 2006-10-30 11:36 385,024 --------- c:\windows\system32\DME-N Network Driver.exe
2009-01-28 19:35 . 2006-10-30 11:36 335,872 --------- c:\windows\system32\DMENcpl.cpl
2009-01-28 19:35 . 2006-10-16 13:51 14,336 --------- c:\windows\system32\DMENdrv.dll
2009-01-28 09:00 . 2009-01-28 09:00 <DIR> d-------- c:\programmi\Alwil Software
2009-01-28 07:25 . 2009-01-28 07:25 5,415 --a------ c:\windows\system32\Choice.com
2009-01-27 19:53 . 2009-01-27 19:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-01-24 12:42 . 2009-01-24 12:42 <DIR> d-------- c:\documents and settings\ivo\Dati applicazioni\Smaart
2009-01-24 12:40 . 2009-01-24 12:42 <DIR> d-------- c:\programmi\Smaart 6
2009-01-24 07:50 . 2009-01-24 07:50 <DIR> d-------- c:\programmi\RdDrv001
2009-01-24 07:50 . 2007-12-04 13:38 221,184 --a------ c:\windows\system32\RDDP1046.DAT
2009-01-24 07:50 . 2007-12-04 13:42 173,889 --a------ c:\windows\system32\drivers\Rdwm1046.sys
2009-01-24 07:50 . 2007-12-04 13:38 81,920 --a------ c:\windows\system32\rdas1046.dll
2009-01-24 07:50 . 2007-12-04 13:38 57,344 --a------ c:\windows\system32\RDCP1046.CPL
2009-01-24 07:50 . 2007-12-04 13:38 31,862 --a------ c:\windows\system32\RdCi1046.dll
2009-01-24 07:50 . 2006-09-27 17:05 4,088 --a------ c:\windows\system32\RD3T1046.DAT
2009-01-20 12:26 . 2009-01-20 12:26 <DIR> d-------- c:\documents and settings\ivo\Dati applicazioni\Soundplant
2009-01-19 09:56 . 2001-03-25 15:10 118,784 --a------ c:\windows\system32\msstdfmt.dll
2009-01-19 09:47 . 2009-01-24 16:14 <DIR> d-------- c:\programmi\AudioFileHandler
2009-01-19 09:47 . 2006-09-26 07:44 62,464 --a------ c:\windows\system32\sevLock.dll
2009-01-15 19:47 . 2009-01-15 19:47 <DIR> d-------- C:\output video
2009-01-14 11:44 . 2009-01-14 11:44 <DIR> d-------- c:\programmi\Trend Micro
2009-01-03 18:26 . 2009-01-03 18:26 <DIR> d-------- c:\programmi\Digital1Audio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 19:16 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-28 07:48 --------- d-----w c:\documents and settings\ivo\Dati applicazioni\wsInspector
2009-01-27 22:55 --------- d-----w c:\programmi\ESET
2009-01-26 21:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-01-26 20:58 --------- d-----w c:\programmi\FlashFXP
2009-01-21 05:43 --------- d-----w c:\programmi\soundplant261r
2009-01-15 19:24 --------- d-----w c:\documents and settings\pippo\Dati applicazioni\Vso
2008-12-28 19:30 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 06:15 --------- d-----w c:\programmi\Ricerca Cap 4
2008-12-09 21:45 --------- d-----w c:\documents and settings\pippo\Dati applicazioni\Babylon
2008-06-16 19:47 47,360 -c--a-w c:\documents and settings\pippo\Dati applicazioni\pcouffin.sys
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2008-04-14 02:13 171,376 --sha-r c:\windows\system32\vwxtfj.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 2,462,208 2005-10-24 15:45:32 c:\acer\Empowering Technology\bak\admtray.exe
----a-w 2,462,208 2005-10-24 15:45:32 c:\acer\Empowering Technology\admtray.exe

-c--a-w 602,182 2006-04-14 10:52:18 c:\programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 602,182 2006-04-14 10:52:18 c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe

-c--a-w 667,718 2006-04-14 10:51:52 c:\programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 667,718 2006-04-14 10:51:52 c:\programmi\Intel\Wireless\Bin\ZCfgSvc.exe

-c--a-w 271,360 2007-06-18 14:10:32 c:\programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe

-c--a-w 282,624 2007-02-16 09:54:04 c:\programmi\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-10 14:27:36 c:\programmi\QuickTime\QTTask.exe

-c--a-w 64,512 2005-08-17 21:40:06 c:\windows\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 c:\windows\ehome\ehtray.exe

-c--a-w 208,952 2004-09-07 19:00:00 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-07 19:00:00 c:\windows\ime\imjp8_1\imjpmig.exe

-c--a-w 15,360 2004-09-07 19:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 02:14:03 c:\windows\system32\ctfmon.exe

-c--a-w 155,648 2007-02-26 08:34:28 c:\windows\system32\bak\hkcmd.exe
----a-w 159,744 2008-02-15 11:46:46 c:\windows\system32\hkcmd.exe

-c--a-w 131,072 2007-02-26 08:33:56 c:\windows\system32\bak\igfxpers.exe
----a-w 131,072 2008-02-15 11:46:18 c:\windows\system32\igfxpers.exe

-c--a-w 131,072 2007-02-26 08:34:28 c:\windows\system32\bak\igfxtray.exe
----a-w 135,168 2008-02-15 11:46:46 c:\windows\system32\igfxtray.exe

-c--a-w 59,392 2004-09-07 19:00:00 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-09-07 19:00:00 c:\windows\system32\IME\PINTLGNT\imscinst.exe

-c--a-w 455,168 2004-09-07 19:00:00 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
-c--a-w 455,168 2004-09-07 19:00:00 c:\windows\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-10 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~2\REPLAY~1\iac25_32.ax
"midi3"= xgusb.cpl
"msacm.fraunhoferacm"= l3codecp.acm
"midi4"= xgusb.cpl
"midi5"= xgusb.cpl
"MIDI"= DMENDRV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\FlashFXP\\FlashFXP.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Resolume 2.4\\resolume.exe"=
"c:\\WINDOWS\\system32\\DME-N Network Driver.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3619:TCP"= 3619:TCP:dxtrcp

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2007-04-13 17264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-01-23 33792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-08-27 28672]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392]
R3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2009-01-24 173889]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\programmi\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-28 20560]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2007-01-23 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2007-01-23 78208]
R4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programmi\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-08 208896]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S1 efbDisk;efbDisk; [x]
S3 cxwibu;Team H2O WIBU Driver;\??\c:\programmi\WIBUKEY\H2O\cxwibu.sys --> c:\programmi\WIBUKEY\H2O\cxwibu.sys [?]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]
S3 PCX500;Driver per schede LAN senza fili Cisco;c:\windows\system32\drivers\pcx500.sys [2008-09-30 169984]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-03-12 44928]
S4 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-01-23 11264]
S4 ttbgzrn;Center Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-09-07 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ttbgzrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e60873c-af30-11dd-b5dc-0016d41dd928}]
\Shell\AutoRun\command - F:\SuperLink.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca1cfa24-5a84-11dd-b3eb-0016d41dd928}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 08:14:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ttbgzrn]
"ServiceDll"="c:\windows\system32\vwxtfj.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b3,a6,2d,eb,ce,
ff,4c,b8,e2,63,26,f1,3f,c8,ff,68,f5,51,c8,94,20,07,57,f7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c4,dc,dd,73,4c,
aa,fa,c3,6a,9c,d6,61,af,45,84,18,5a,aa,08,9d,85,c3,aa,a8,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e2,da,53,e8,69,
0c,b6,e5,ff,7c,85,e0,43,d4,0e,fe,5c,74,26,48,7d,d0,4b,89,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,29,e6,bf,7b,7b,
81,ce,7c,86,8c,21,01,be,91,eb,e7,d6,8e,bb,2e,a8,9f,60,3d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,a7,0c,4f,07,0d,
89,da,a6,f5,1d,4d,73,a8,13,5c,05,34,c8,e0,f6,78,78,6a,b6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,ba,fb,c5,d5,98,
78,ce,35,df,20,58,62,78,6b,cf,c8,b3,36,d1,b7,96,00,a2,c4,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,11,6e,3c,81,24,
1a,7a,94,fb,a7,78,e6,12,2f,9a,ea,a0,60,32,22,02,33,16,56,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,18,99,54,90,22,
c6,1c,d3,01,3a,48,fc,e8,04,4a,f1,b7,3d,32,c7,61,21,8f,24,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ec,0a,33,fa,b7,
7a,32,8e,f6,0f,4e,58,98,5b,89,c9,dd,7f,c7,fb,81,1f,3c,ea,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,50,17,7b,6a,04,
a7,29,44,3d,ce,ea,26,2d,45,aa,78,cd,0e,82,f1,da,aa,88,47,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7c,62,07,89,23,
88,cb,98,2a,b7,cc,b5,b9,7f,41,e7,70,e1,12,5e,7d,d9,44,e5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e3,c1,2e,4e,7a,
8e,a1,06,6c,43,2d,1e,aa,22,2f,9c,9a,88,7c,f1,9f,0e,d7,2e,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\WudfHost.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\Crypserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\igfxext.exe
c:\docume~1\ivo\IMPOST~1\temp\RtkBtMnt.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-29 8:19:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-29 07:19:47

Pre-Run: 36.263.190.016 byte disponibili
Post-Run: 37,087,272,960 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
314
_____________________________

[questo è dopo due passaggi e come errori non mi riporta niente /DIM]

____________________________

ComboFix 09-01-21.04 - ivo 2009-01-29 8.06.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2038.1507 [GMT 1:00]
Eseguito da: c:\documents and settings\ivo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090128-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.
I seguenti file sono stati disabilitati durante la scansione:
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcInj.dll

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pippo\Dati applicazioni\inst.exe
C:\Documents
c:\windows\emMON.exe
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\msvcsv60.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_NPF
-------\Service_tdssserv

((((((((((((((((((((((((( Files Creati Da 2008-12-28 al 2009-01-29 )))))))))))))))))))))))))))))))))))
.

2009-01-29 07:21 . 2008-02-15 12:49 188,416 --a------ c:\windows\system32\igfxres.dll
2009-01-28 20:48 . 2008-02-15 12:46 159,744 --a------ c:\windows\system32\hkcmd.exe
2009-01-28 20:48 . 2008-02-15 13:21 147,456 --a------ c:\windows\system32\igfxCoIn_v4926.dll
2009-01-28 20:48 . 2008-02-15 12:46 135,168 --a------ c:\windows\system32\igfxtray.exe
2009-01-28 20:48 . 2008-02-15 12:46 131,072 --a------ c:\windows\system32\igfxpers.exe
2009-01-28 20:16 . 2009-01-28 20:16 <DIR> d-------- c:\programmi\Launch Manager
2009-01-28 20:15 . 2006-01-20 15:56 225,350 --a------ c:\windows\system32\Epm-Po.dll
2009-01-28 19:35 . 2006-10-30 11:36 385,024 --------- c:\windows\system32\DME-N Network Driver.exe
2009-01-28 19:35 . 2006-10-30 11:36 335,872 --------- c:\windows\system32\DMENcpl.cpl
2009-01-28 19:35 . 2006-10-16 13:51 14,336 --------- c:\windows\system32\DMENdrv.dll
2009-01-28 09:00 . 2009-01-28 09:00 <DIR> d-------- c:\programmi\Alwil Software
2009-01-28 07:25 . 2009-01-28 07:25 5,415 --a------ c:\windows\system32\Choice.com
2009-01-27 19:53 . 2009-01-27 19:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-01-24 12:42 . 2009-01-24 12:42 <DIR> d-------- c:\documents and settings\pippo\Dati applicazioni\Smaart
2009-01-24 12:40 . 2009-01-24 12:42 <DIR> d-------- c:\programmi\Smaart 6
2009-01-24 07:50 . 2009-01-24 07:50 <DIR> d-------- c:\programmi\RdDrv001
2009-01-24 07:50 . 2007-12-04 13:38 221,184 --a------ c:\windows\system32\RDDP1046.DAT
2009-01-24 07:50 . 2007-12-04 13:42 173,889 --a------ c:\windows\system32\drivers\Rdwm1046.sys
2009-01-24 07:50 . 2007-12-04 13:38 81,920 --a------ c:\windows\system32\rdas1046.dll
2009-01-24 07:50 . 2007-12-04 13:38 57,344 --a------ c:\windows\system32\RDCP1046.CPL
2009-01-24 07:50 . 2007-12-04 13:38 31,862 --a------ c:\windows\system32\RdCi1046.dll
2009-01-24 07:50 . 2006-09-27 17:05 4,088 --a------ c:\windows\system32\RD3T1046.DAT
2009-01-20 12:26 . 2009-01-20 12:26 <DIR> d-------- c:\documents and settings\ivo\Dati applicazioni\Soundplant
2009-01-19 09:56 . 2001-03-25 15:10 118,784 --a------ c:\windows\system32\msstdfmt.dll
2009-01-19 09:47 . 2009-01-24 16:14 <DIR> d-------- c:\programmi\AudioFileHandler
2009-01-19 09:47 . 2006-09-26 07:44 62,464 --a------ c:\windows\system32\sevLock.dll
2009-01-15 19:47 . 2009-01-15 19:47 <DIR> d-------- C:\output video
2009-01-14 11:44 . 2009-01-14 11:44 <DIR> d-------- c:\programmi\Trend Micro
2009-01-03 18:26 . 2009-01-03 18:26 <DIR> d-------- c:\programmi\Digital1Audio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 19:16 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-28 07:48 --------- d-----w c:\documents and settings\ivo\Dati applicazioni\wsInspector
2009-01-27 22:55 --------- d-----w c:\programmi\ESET
2009-01-26 21:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-01-26 20:58 --------- d-----w c:\programmi\FlashFXP
2009-01-21 05:43 --------- d-----w c:\programmi\soundplant261r
2009-01-15 19:24 --------- d-----w c:\documents and settings\ivo\Dati applicazioni\Vso
2008-12-28 19:30 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 06:15 --------- d-----w c:\programmi\Ricerca Cap 4
2008-12-09 21:45 --------- d-----w c:\documents and settings\ivo\Dati applicazioni\Babylon
2008-06-16 19:47 47,360 -c--a-w c:\documents and settings\ivo\Dati applicazioni\pcouffin.sys
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2008-04-14 02:13 171,376 --sha-r c:\windows\system32\vwxtfj.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 2,462,208 2005-10-24 15:45:32 c:\acer\Empowering Technology\bak\admtray.exe
----a-w 2,462,208 2005-10-24 15:45:32 c:\acer\Empowering Technology\admtray.exe

-c--a-w 602,182 2006-04-14 10:52:18 c:\programmi\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 602,182 2006-04-14 10:52:18 c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe

-c--a-w 667,718 2006-04-14 10:51:52 c:\programmi\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 667,718 2006-04-14 10:51:52 c:\programmi\Intel\Wireless\Bin\ZCfgSvc.exe

-c--a-w 271,360 2007-06-18 14:10:32 c:\programmi\Nokia\Nokia PC Suite 6\bak\LaunchApplication.exe

-c--a-w 282,624 2007-02-16 09:54:04 c:\programmi\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-10 14:27:36 c:\programmi\QuickTime\QTTask.exe

-c--a-w 64,512 2005-08-17 21:40:06 c:\windows\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 c:\windows\ehome\ehtray.exe

-c--a-w 208,952 2004-09-07 19:00:00 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-09-07 19:00:00 c:\windows\ime\imjp8_1\imjpmig.exe

-c--a-w 15,360 2004-09-07 19:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 02:14:03 c:\windows\system32\ctfmon.exe

-c--a-w 155,648 2007-02-26 08:34:28 c:\windows\system32\bak\hkcmd.exe
----a-w 159,744 2008-02-15 11:46:46 c:\windows\system32\hkcmd.exe

-c--a-w 131,072 2007-02-26 08:33:56 c:\windows\system32\bak\igfxpers.exe
----a-w 131,072 2008-02-15 11:46:18 c:\windows\system32\igfxpers.exe

-c--a-w 131,072 2007-02-26 08:34:28 c:\windows\system32\bak\igfxtray.exe
----a-w 135,168 2008-02-15 11:46:46 c:\windows\system32\igfxtray.exe

-c--a-w 59,392 2004-09-07 19:00:00 c:\windows\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-09-07 19:00:00 c:\windows\system32\IME\PINTLGNT\imscinst.exe

-c--a-w 455,168 2004-09-07 19:00:00 c:\windows\system32\IME\TINTLGNT\bak\TINTSETP.EXE
-c--a-w 455,168 2004-09-07 19:00:00 c:\windows\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"H2O"="c:\programmi\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-10 385024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~2\REPLAY~1\iac25_32.ax
"midi3"= xgusb.cpl
"msacm.fraunhoferacm"= l3codecp.acm
"midi4"= xgusb.cpl
"midi5"= xgusb.cpl
"MIDI"= DMENDRV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\FlashFXP\\FlashFXP.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Resolume 2.4\\resolume.exe"=
"c:\\WINDOWS\\system32\\DME-N Network Driver.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=
"c:\\Programmi\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3619:TCP"= 3619:TCP:dxtrcp

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2007-04-13 17264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-01-23 33792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-08-27 28672]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392]
R3 RDID1046;EDIROL UA-25;c:\windows\system32\drivers\Rdwm1046.sys [2009-01-24 173889]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\programmi\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-28 20560]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2007-01-23 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2007-01-23 78208]
R4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programmi\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-08 208896]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S1 efbDisk;efbDisk; [x]
S3 cxwibu;Team H2O WIBU Driver;\??\c:\programmi\WIBUKEY\H2O\cxwibu.sys --> c:\programmi\WIBUKEY\H2O\cxwibu.sys [?]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-06-19 1097728]
S3 PCX500;Driver per schede LAN senza fili Cisco;c:\windows\system32\drivers\pcx500.sys [2008-09-30 169984]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-03-12 44928]
S4 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-01-23 11264]
S4 ttbgzrn;Center Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-09-07 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ttbgzrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e60873c-af30-11dd-b5dc-0016d41dd928}]
\Shell\AutoRun\command - F:\SuperLink.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca1cfa24-5a84-11dd-b3eb-0016d41dd928}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.corriere.it/
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg
Trusted Zone: unicreditbanca.it
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 08:14:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ttbgzrn]
"ServiceDll"="c:\windows\system32\vwxtfj.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b3,a6,2d,eb,ce,
ff,4c,b8,e2,63,26,f1,3f,c8,ff,68,f5,51,c8,94,20,07,57,f7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c4,dc,dd,73,4c,
aa,fa,c3,6a,9c,d6,61,af,45,84,18,5a,aa,08,9d,85,c3,aa,a8,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e2,da,53,e8,69,
0c,b6,e5,ff,7c,85,e0,43,d4,0e,fe,5c,74,26,48,7d,d0,4b,89,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,29,e6,bf,7b,7b,
81,ce,7c,86,8c,21,01,be,91,eb,e7,d6,8e,bb,2e,a8,9f,60,3d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,a7,0c,4f,07,0d,
89,da,a6,f5,1d,4d,73,a8,13,5c,05,34,c8,e0,f6,78,78,6a,b6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,ba,fb,c5,d5,98,
78,ce,35,df,20,58,62,78,6b,cf,c8,b3,36,d1,b7,96,00,a2,c4,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,11,6e,3c,81,24,
1a,7a,94,fb,a7,78,e6,12,2f,9a,ea,a0,60,32,22,02,33,16,56,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,18,99,54,90,22,
c6,1c,d3,01,3a,48,fc,e8,04,4a,f1,b7,3d,32,c7,61,21,8f,24,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ec,0a,33,fa,b7,
7a,32,8e,f6,0f,4e,58,98,5b,89,c9,dd,7f,c7,fb,81,1f,3c,ea,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,50,17,7b,6a,04,
a7,29,44,3d,ce,ea,26,2d,45,aa,78,cd,0e,82,f1,da,aa,88,47,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,7c,62,07,89,23,
88,cb,98,2a,b7,cc,b5,b9,7f,41,e7,70,e1,12,5e,7d,d9,44,e5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e3,c1,2e,4e,7a,
8e,a1,06,6c,43,2d,1e,aa,22,2f,9c,9a,88,7c,f1,9f,0e,d7,2e,6c,43,2d,1e,aa,22,\
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\WudfHost.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Logitech\LVMVFM\LVPrcSrv.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\Crypserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\igfxext.exe
c:\docume~1\ivo\IMPOST~1\temp\RtkBtMnt.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-29 8:19:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-29 07:19:47

Pre-Run: 36.263.190.016 byte disponibili
Post-Run: 37,087,272,960 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
314
_______________________________

Ripeto i programmi sembrano girare quasi tutti
......purtroppo gira anche il modem.
Mi concentrerò domani perchè oggi sono impegnato.
Ulteriori suggerimenti sono sempre benvenuti
Grazie
Ciao

[Modificato da bboss 30/01/2009 09:16]

bboss