aggiornamenti antivirus e software di sicurezza bloccati

[mulongo]

eccomi...

ComboFix 10-03-29.02 - user 30/03/2010 20.26.14.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.270 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\rqmlkdi.dll"


(Altre eliminazioni)
.

c:\windows\system32\rqmlkdi.dll


(Driver/Servizi)
.

-------\Legacy_XYOEOBQXU
-------\Service_xyoeobqxu


(Files Creati Da 2010-02-28 al 2010-03-30)
.

2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-18 21:55 . 2010-03-18 21:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-18 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 14:10 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-18 14:10 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-18 14:10 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-18 14:10 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-18 14:09 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-18 14:09 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-18 14:09 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-18 14:09 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-18 14:09 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\programmi\Alwil Software
2010-03-18 14:09 . 2010-03-18 14:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-03-18 13:39 . 2010-03-18 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo Downloader
2010-03-18 13:35 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\U3
2010-03-18 10:45 . 2010-03-18 10:46 -------- d-----w- c:\windows\ie8
2010-03-18 10:45 . 2010-03-18 10:45 -------- d-----w- c:\programmi\Uniblue
2010-03-18 10:44 . 2010-03-18 10:44 -------- d-----w- C:\~ErdUserProfile.$$$
2010-03-16 21:12 . 2010-03-16 21:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab


(Find3M Report)
.
2010-03-30 18:34 . 2007-10-20 18:35 785 --sha-w- c:\windows\system32\mmf.sys
2010-03-30 05:59 . 2004-08-19 12:00 434110 ----a-w- c:\windows\system32\perfc010.dat
2010-03-30 05:59 . 2004-08-19 12:00 1038680 ----a-w- c:\windows\system32\perfh010.dat
2010-03-18 21:46 . 2006-08-03 18:47 -------- d-----w- c:\programmi\Google
2010-03-18 20:51 . 2007-02-21 08:15 -------- d-----w- c:\programmi\Comodo
2010-03-18 10:45 . 2010-02-26 20:42 -------- d-----w- c:\programmi\CCleaner
2010-03-18 10:38 . 2010-02-27 16:31 573201 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-27 16:31 . 2007-02-21 08:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-02-26 21:20 . 2010-02-26 21:20 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Uniblue
2005-03-31 20:17 . 2006-04-21 20:37 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

(SnapShot@2010-03-18_21.18.33)
.
+ 2010-03-30 18:34 . 2010-03-30 18:34 16384 c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2009-05-02 09:00 . 2009-02-20 17:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-03-18 21:46 . 2010-03-18 21:46 47104 c:\windows\Installer\5e678.msi
+ 2010-03-18 21:38 . 2010-03-18 21:38 22528 c:\windows\Installer\5e665.msi
+ 2004-08-19 12:00 . 2010-03-30 05:59 777590 c:\windows\system32\perfh009.dat
+ 2004-08-19 12:00 . 2010-03-30 05:59 367598 c:\windows\system32\perfc009.dat
+ 2009-05-02 09:00 . 2006-09-06 15:43 215776 c:\windows\ie7\spuninst\spuninst.exe
.
(Punti Reg Caricati)
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh. exe" [2005-06-20 729178]
"RemoteControl"="c:\programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\j usched.exe" [2009-02-28 136600]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-12-05 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-09-26 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EverioService"="c:\programmi\CyberLink\PCM4Everio \EverioService.exe" [2006-11-22 151552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ConnMonitor"="c:\programmi\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-3-29 569405]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio. exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioServi ce.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4198:TCP"= 4198:TCP:ldmigdbz

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/03/2010 16.10.03 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [18/03/2010 16.10.04 19024]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [20/10/2007 20.35.34 2560]
S2 gupdate1c8f4ada58955a;Google Update Service (gupdate1c8f4ada58955a);c:\programmi\Google\Update \GoogleUpdate.exe [02/08/2008 16.35.41 133104]
S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm .sys [22/10/2009 21.18.07 103552]
S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [22/10/2009 21.18.29 117120]
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2008-08-02 18:13]

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A9372C4D-DFF9-4BC3-A86E-6DC7D8F030E6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 192.168.0.22:61380
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
LSP: c:\windows\system32\CavEmLSP.dll
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\7rdnl2j2.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56, ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41, 66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81 ,b1,a5,77,31,f5,50,d6,e8

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtr l\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae, 57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:73,f9,0d,92,2b,0f,d9,69,f4,7f,9c,9d,9f,0f, 3a,6d,7e,d6,bd,d0,d0,00,a7,
f4,dd,13,4e,46,f5,52,b5,38,cc,f7,10,07,39,ee,c0,d3 ,85,0d,b2,92,1c,00,9f,bc,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52, f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb ,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3, 39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9 ,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80, 63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,45,46,ce,0e,bb,86, 02,74,7d,9b,9f,1a,3e,22,49,
5f,dd,6f,ce,70,6a,f9,1b,76,0f,42,4f,1f,7b,3e,c8,56 ,60,67,3c,e1,44,59,a2,d3,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\CavEmLSP.dll

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-03-30 20:38:09 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-30 18:38
ComboFix2.txt 2010-03-18 21:20

Pre-Run: 8.322.244.608 byte disponibili
Post-Run: 8.213.053.440 byte disponibili

- - End Of File - - 57E8B6BB3E13198F6852798304FE6277