ComboFix 09-09-04.02 - ilenia 05/09/2009 18.18.02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1495 [GMT 2:00]
Eseguito da: c:\documents and settings\ilenia\Desktop\fantasy.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\14100464
c:\documents and settings\All Users\Dati applicazioni\14100464\14100464
c:\documents and settings\All Users\Dati applicazioni\14100464\14100464.exe
c:\documents and settings\All Users\Dati applicazioni\14100464\pc14100464ins
c:\documents and settings\ilenia\Dati applicazioni\wiaserva.log
c:\documents and settings\ilenia\Menu Avvio\Programmi\Total Security
c:\documents and settings\ilenia\Menu Avvio\Programmi\Total Security\Total Security 2009.lnk
c:\documents and settings\ilenia\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\ilenia\sys32_nov.exe
c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2009-08-05 al 2009-09-05 )))))))))))))))))))))))))))))))))))
.
2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\windows\system32\xircom
2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\windows\srchasst
2009-09-05 15:20 . 2009-09-05 15:20 29215 ----a-w- c:\windows\system32\sys32_nov.exe
2009-09-04 18:34 . 2009-09-04 18:34 -------- d-----w- c:\programmi\ConvertHelper
2009-09-04 18:33 . 2009-09-04 18:33 -------- d-----w- c:\documents and settings\ilenia\dwhelper
2009-08-19 10:43 . 2009-08-19 10:43 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 16:21 . 2009-09-05 16:21 -------- d-----w- c:\programmi\microsoft frontpage
2009-09-05 16:16 . 2009-01-02 13:27 -------- d-----w- c:\documents and settings\ilenia\Dati applicazioni\Free Download Manager
2009-09-05 16:11 . 2009-01-03 15:35 -------- d-----w- c:\programmi\Crawler
2009-09-05 15:51 . 2001-08-31 17:00 69988 ----a-w- c:\windows\system32\perfc010.dat
2009-09-05 15:51 . 2001-08-31 17:00 437882 ----a-w- c:\windows\system32\perfh010.dat
2009-09-05 15:40 . 2009-01-02 13:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-09-05 15:39 . 2009-01-02 13:49 -------- d-----w- c:\programmi\Spyware Terminator
2009-09-05 15:33 . 2009-01-02 13:49 -------- d-----w- c:\documents and settings\ilenia\Dati applicazioni\Spyware Terminator
2009-08-31 07:27 . 2009-01-01 22:10 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-08-28 16:21 . 2009-03-30 13:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-22 13:23 . 2009-01-02 13:30 25808 -c--a-w- c:\documents and settings\ilenia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-07-17 12:24 . 2009-01-01 22:13 -------- d-----w- c:\documents and settings\ilenia\Dati applicazioni\Uniblue
2009-07-17 12:24 . 2009-07-17 12:24 -------- d-----w- c:\programmi\Uniblue
2009-07-17 11:19 . 2009-01-01 21:56 -------- d-----w- c:\programmi\Windows Sidebar
2009-07-17 10:21 . 2009-01-03 10:36 -------- d-----w- c:\programmi\File comuni\Adobe
2009-07-17 10:17 . 2009-07-14 17:38 -------- d-----w- c:\programmi\TotalImageConverter
2009-07-17 09:37 . 2009-01-02 18:26 -------- d-----w- c:\programmi\CCleaner
2009-07-14 17:38 . 2009-07-14 17:38 -------- d-----w- c:\documents and settings\ilenia\Dati applicazioni\Softplicity
2009-06-22 20:41 . 2009-06-22 20:41 134 -c--a-w- c:\windows\DelMR.bat
2009-06-09 11:17 . 2009-06-09 11:20 776704 -c--a-w- c:\windows\system32\bubbles.scr
2009-06-09 10:45 . 2009-06-09 10:45 26 -c--a-w- c:\windows\brassi.dat
.
------- Sigcheck -------
[-] 2008-05-03 02:02 549888 6DC43081C760EEC1130D2C8C145DF375 c:\windows\system32\winlogon.exe
[-] 2008-05-03 02:07 1554432 C08C29D743BB88E6DE929CA6B9C23979 c:\windows\explorer.exe
[-] 2008-05-03 02:00 25088 91B6AAC828F8BBE1796275424E44DFB0 c:\windows\system32\ctfmon.exe
[-] 2008-05-03 01:56 1444352 0FF0C3264283FDEDDAA6A9DE51341A3D c:\windows\system32\comres.dll
[-] 2008-05-03 01:56 724992 8B2A7229651894B07A5F750E1FEF99CC c:\windows\system32\comctl32.dll
[7] 2001-08-31 17:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-13 19:11 1054208 9530E35D9033ACED20CDA2509A21073A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-05-03 01:54 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\programmi\Windows Sidebar\sidebar.exe" [2008-04-16 1274880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-03 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-01-02 2267136]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 1015808]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"sys32_nov"="c:\windows\system32\sys32_nov.exe" [2009-09-05 29215]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-03 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 14:30 74240 ----a-r- c:\programmi\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Free Download Manager\\fdm.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [02/01/2009 15.49.33 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/03/2009 15.17.07 108289]
R2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe -k Cognizance [13/04/2008 21.14.22 14336]
R2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe -k Cognizance [13/04/2008 21.14.22 14336]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-sys32_nov - c:\documents and settings\ilenia\sys32_nov.exe
HKLM-Run-14100464 - c:\documents and settings\All Users\Dati applicazioni\14100464\14100464.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page =
hxxp://www.forospyware.commWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: Scarica con Free Download Manager -
file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager -
file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager -
file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager -
file://c:\programmi\Free Download Manager\dlall.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\ilenia\Dati applicazioni\Mozilla\Firefox\Profiles\xt4u5xs4.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage -
www.google.itFF - prefs.js: keyword.URL -
hxxp://kwtb.search.imgag.com/?c=GNKIW29 ... 3043ede&q=FF - component: c:\programmi\Crawler\firefox\components\xcomm.dll
FF - component: c:\programmi\Crawler\firefox\components\xshared.dll
FF - component: c:\programmi\Crawler\firefox\components\xsupport.dll
FF - component: c:\programmi\Crawler\firefox\components\xwsg.dll
FF - component: c:\programmi\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-05 18:22
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\sfc_os.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ItMsg.dll
c:\windows\system32\COMRes.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\TrayIcon.dll
c:\programmi\Bioscrypt\VeriSoft\bin\brand.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ITA\brand.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ITA\ItMsg.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\AsChnl.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ItDAC.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ItReports.DLL
c:\programmi\Bioscrypt\VeriSoft\Bin\BioAuth.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ITA\BioAuth.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ASBioAT.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ItVCClient.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\AuthWiz.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ITA\AuthWiz.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\programmi\Bioscrypt\VeriSoft\Bin\NetAdmin.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ITA\NetAdmin.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(828)
c:\programmi\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\programmi\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\programmi\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\windows\system32\scardsvr.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-05 18.24.53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-05 16:24
Pre-Run: 134.182.440.960 byte disponibili
Post-Run: 134.120.013.824 byte disponibili
222 --- E O F --- 2009-04-17 14:57
Inviato: sab set 05, 2009 4:57 pm
![[std]](http://www.megalab.it/forum/images/smilies/happy.gif "Smile")
mi aiutate a capire come risolvere?? ![[grazie]](http://www.megalab.it/forum/images/smilies/Grazie.gif "Grazie")
![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")
grazie mille!![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")