((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"NoAds"="c:\programmi\NoAds\NoAds.exe" [2007-11-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Schedulatore di FinePrint v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fp disp5a.exe" [2006-01-12 491520]
"Lexmark X1100 Series"="c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"TotalRecorderScheduler"="c:\programmi\HighCriteri a\TotalRecorder\TotRecSched.exe" [2006-05-11 86016]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"IETI"="c:\programmi\Skype\Phone\IEPlugin\unins000 .exe" [N/A]

c:\documents and settings\Roberto\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - c:\programmi\Webshots\Launcher.exe [2007-4-28 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]
2010-04-12 20:32 278528 ----a-w- c:\vexplite\MONLITE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\bitcomet\\BitComet.exe"=
"c:\\Programmi\\emule\\emule.exe"=
"c:\\Programmi\\utorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\Hercules\\Hercules Blog Webcam\\Station2.exe"=
"c:\\Programmi\\Nero\\Nero 7\\Nero WaveEditor\\DXEnum.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"12756:TCP"= 12756:TCP:BitComet 12756 TCP
"12756:UDP"= 12756:UDP:BitComet 12756 UDP
"8692:TCP"= 8692:TCP:BitComet 8692 TCP
"8692:UDP"= 8692:UDP:BitComet 8692 UDP
"15953:TCP"= 15953:TCP:BitComet 15953 TCP
"15953:UDP"= 15953:UDP:BitComet 15953 UDP
"43640:TCP"= 43640:TCP:emule
"4662:TCP"= 4662:TCP:Emule TPC 4662
"4672:UDP"= 4672:UDP:Emule UDP 4672
"25:TCP"= 25:TCP:File and Printer Sharing

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/12/2009 19.25.17 64288]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRA GTLT.sys [11/11/2009 9.53.20 45312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 2.19.56 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [03/02/2010 23.40.00 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [05/04/2008 2.19.56 20560]
R3 APL531;Hercules Blog Webcam;c:\windows\system32\drivers\BLvid.sys [05/01/2009 20.47.36 274816]
R3 camfilt;camfilt;c:\windows\system32\drivers\camfil t.sys [05/01/2009 20.47.36 22656]
S2 gafwload;Modem ADSL B-QUICK Loader;c:\windows\system32\drivers\gafwload.sys [27/04/2007 23.33.55 26859]
S2 mprddm32;Demand Dial Manager Supervisor;c:\windows\system32\rundll32.exe mprddm32.dll,ajys --> c:\windows\system32\rundll32.exe mprddm32.dll,ajys [?]
S2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.s ys --> c:\progra~1\SPEEDB~1\sbbotdi.sys [?]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 15.19.01 1181328]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamoto u.sys [27/04/2007 23.03.33 49399]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regg uard.sys [18/11/2007 23.43.33 25837]
S3 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [27/11/2009 16.10.32 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-23 c:\windows\Tasks\{F87E725F-F23A-46AE-9F57-7CEB232DA0CD}_DANYBOR_Roberto.job
- c:\windows\system32\mobsync.exe [2004-08-30 20:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/webhp?hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Roberto\Dati applicazioni\Mozilla\Firefox\Profiles\otylsolg.def ault\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://www.nba.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60347&qkw=
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 19:13
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD\0 00.fcl"
.
Ora fine scansione: 2010-05-24 19:16:27
ComboFix-quarantined-files.txt 2010-05-24 17:16

Pre-Run: 42.052.239.360 byte disponibili
Post-Run: 42.107.039.744 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B3CE6F6C3EB25404EB9D0E48D504156F