ComboFix 11-02-17.01 - paolo dondoli 18/02/2011 9.05.04.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.598 [GMT 1:00]
Eseguito da: c:\documents and settings\paolo dondoli\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-0C24-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *Enabled/Updated* {7C8021E7-FFFF-FFFF-0600-CC00ACEF1200}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\paolo dondoli\Dati applicazioni\EurekaLog
c:\documents and settings\paolo dondoli\Dati applicazioni\OfferBox
.
((((((((((((((((((((((((( Files Creati Da 2011-01-18 al 2011-02-18 )))))))))))))))))))))))))))))))))))
.
2011-02-18 07:38 . 2011-02-18 07:38 -------- d-----w- c:\windows\LastGood
2011-02-17 16:49 . 2011-02-17 16:49 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2011-02-13 18:03 . 2011-02-13 18:03 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\MetaGeek,_LLC
2011-02-13 17:29 . 2011-02-13 17:29 -------- d-----w- c:\programmi\MetaGeek
2011-02-03 19:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 19:24 . 2011-02-12 20:50 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-02-03 19:24 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 16:56 . 2011-02-01 16:58 20268251 ----a-w- c:\programmi\vlc-1.1.6-win32.exe
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\programmi\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-24 16:29 . 2011-01-24 16:29 -------- d-----w- C:\PDFZilla
2011-01-23 17:56 . 2011-01-23 17:59 -------- d-----w- c:\programmi\Free Window Registry Repair
2011-01-21 14:44 . 2011-01-21 14:44 440832 ------w- c:\windows\system32\dllcache\shimgvw.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-09-03 09:36 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-09-03 09:36 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-09-03 09:36 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-09-03 09:36 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:06 . 2004-09-03 09:36 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:06 . 2004-09-03 09:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:06 . 2004-09-03 09:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:06 . 2004-09-03 09:36 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-09-03 09:36 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-09-03 09:36 389120 ----a-w- c:\windows\system32\html.iec
2010-12-15 18:57 . 2010-12-15 18:57 89088 ----a-w- C:\mbr.exe
2010-12-09 15:15 . 2004-09-03 09:36 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-19 13:34 2030592 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2004-09-03 09:36 2152448 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2004-09-03 09:36 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"nwiz"="nwiz.exe" [2006-06-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3483:TCP"= 3483:TCP:reqsqv
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [24/10/2010 9.48.50 136176]
S2 swcwagcm;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [03/09/2004 10.36.50 14336]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - ssmdrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
swcwagcm
.
Contenuto della cartella 'Scheduled Tasks'
2011-02-18 c:\windows\Tasks\Garanzia estesa.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]
2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-24 08:48]
2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-10-24 08:48]
2009-09-21 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 02:14]
2009-09-28 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 02:14]
2011-02-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-371263434-980582338-1184229450-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-02-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-371263434-980582338-1184229450-1006.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2011-02-18 c:\windows\Tasks\SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-01-17 16:52]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
TCP: {8A145BC3-B1D7-4F36-BB21-3596C876CD71} = 212.216.112.112,212.216.172.62,208.67.222.222,208.67.220.220
TCP: {DBC8035D-B19B-42C9-A569-9A516EB5C506} = 151.99.125.1,151.99.0.100
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\paolo dondoli\Dati applicazioni\Mozilla\Firefox\Profiles\7pky5e5c.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programmi\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-02-18 09:08
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00À\01\15\00\00\00\00\00Ø\"5\03\00\00.\03\01\00\00\00pè\13\00À\01"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1592)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2011-02-18 09:09:28
ComboFix-quarantined-files.txt 2011-02-18 08:09
ComboFix2.txt 2010-03-30 16:48
ComboFix3.txt 2009-10-14 16:18
ComboFix4.txt 2009-10-12 21:53
Pre-Run: 92.959.309.824 byte disponibili
Post-Run: 92.931.657.728 byte disponibili
- - End Of File - - D83DB0D7E9E7D87400DFE12A4C9ED058