ComboFix 09-01-21.04 - Rolex 2009-01-23 19.14.38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.193 [GMT 1:00]
Eseguito da: c:\documents and settings\Rolex\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Rolex\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
FILE ::
c:\windows\
000001_.tmp
c:\windows\cnerolf.dat
c:\windows\system32\drivers\xnuqcefc.sys
c:\windows\system32\ssbtsr.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\
000001_.tmp
c:\windows\cnerolf.dat
c:\windows\system32\ssbtsr.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XAILQQUA
-------\Service_xailqqua
((((((((((((((((((((((((( Files Creati Da 2008-12-23 al 2009-01-23 )))))))))))))))))))))))))))))))))))
.
2009-01-22 22:39 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-22 22:39 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-22 22:39 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-22 22:39 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-22 22:38 . 2009-01-22 23:11 <DIR> d-------- c:\programmi\Spyware Doctor
2009-01-22 22:38 . 2009-01-22 22:38 <DIR> d-------- c:\documents and settings\Rolex\Dati applicazioni\PC Tools
2009-01-22 18:23 . 2009-01-22 18:23 <DIR> d-------- c:\programmi\ScanSpyware
2009-01-17 23:00 . 2009-01-18 09:52 <DIR> d-------- c:\documents and settings\Rolex\Dati applicazioni\Download Manager
2009-01-12 23:57 . 2009-01-13 16:59 22,328 --a------ c:\documents and settings\Rolex\Dati applicazioni\PnkBstrK.sys
2009-01-12 09:53 . 2009-01-12 09:53 <DIR> d-------- C:\VundoFix Backups
2009-01-10 23:02 . 2009-01-10 23:02 <DIR> d-------- c:\programmi\CCleaner
2009-01-10 00:06 . 2009-01-22 23:32 250 --a------ c:\windows\gmer.ini
2009-01-09 22:19 . 2009-01-09 22:19 <DIR> d-------- c:\documents and settings\Rolex\Dati applicazioni\Babylon
2009-01-09 22:19 . 2009-01-09 22:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-01-09 20:58 . 2006-09-12 12:46 227,328 -rahs---- c:\windows\system32\ac3DX.ax
2009-01-09 20:58 . 2008-03-16 14:30 216,064 -rahs---- c:\windows\system32\nbDX.dll
2009-01-09 20:58 . 2006-03-10 22:48 169,472 -rahs---- c:\windows\system32\MatroskaDX.ax
2009-01-09 20:58 . 2006-05-03 11:06 163,328 -rahs---- c:\windows\system32\flvDX.dll
2009-01-09 20:58 . 2005-11-25 21:46 161,792 -rahs---- c:\windows\system32\RealMediaDX.ax
2009-01-09 20:58 . 2006-01-13 00:23 123,904 -rahs---- c:\windows\system32\AVCDX.ax
2009-01-09 20:58 . 2003-11-21 00:00 54,784 -rahs---- c:\windows\system32\RLAPEDec.ax
2009-01-09 20:58 . 2004-04-27 00:00 37,888 -rahs---- c:\windows\system32\RLMPCDec.ax
2009-01-09 20:58 . 2007-02-21 12:47 31,232 -rahs---- c:\windows\system32\msfDX.dll
2009-01-09 12:50 . 2009-01-09 12:50 <DIR> d-------- c:\programmi\ffdshow
2009-01-09 12:50 . 2008-12-17 19:22 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-09 12:50 . 2008-12-11 13:27 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-06 22:57 . 2009-01-07 00:00 <DIR> d-------- c:\programmi\Oberon Media
2009-01-06 22:57 . 2009-01-06 22:57 <DIR> d-------- c:\programmi\File comuni\Oberon Media
2008-12-26 11:44 . 2008-12-26 11:44 <DIR> d-------- c:\programmi\TeamViewer
2008-12-23 09:25 . 2008-12-23 09:25 <DIR> d-------- c:\documents and settings\Rolex\Dati applicazioni\Windows Live Writer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 18:27 --------- d-----w c:\documents and settings\Rolex\Dati applicazioni\Skype
2009-01-23 18:26 --------- d-----w c:\documents and settings\Rolex\Dati applicazioni\skypePM
2009-01-23 18:24 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-23 00:10 --------- d-----w c:\programmi\eMule
2009-01-23 00:10 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-21 21:46 --------- d-----w c:\programmi\Microsoft
2009-01-21 11:49 --------- d-----w c:\programmi\ScanSpyware v3.8.0.4
2009-01-16 22:12 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\TeamViewer
2009-01-13 15:40 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-26 21:08 --------- d-----w c:\documents and settings\Rolex\Dati applicazioni\VoipDiscount
2008-12-26 10:44 --------- d-----w c:\programmi\TeamViewer3
2008-12-19 16:18 --------- d-----w c:\programmi\Java
2008-12-17 22:14 --------- d-----w c:\programmi\Windows Live
2008-12-17 22:10 --------- d-----w c:\programmi\Windows Live SkyDrive
2008-12-11 15:00 --------- d-----w c:\programmi\Classic PhoneTools
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 18:15 --------- d-----w c:\documents and settings\Rolex\Dati applicazioni\U3
2008-12-08 22:32 --------- d-----w c:\documents and settings\Rolex\Dati applicazioni\vlc
2008-12-01 20:43 --------- d-----w c:\programmi\Philips
2008-11-23 17:50 --------- d-----w c:\programmi\File comuni\Adobe
2008-05-01 11:33 2,554 -c--a-w c:\documents and settings\Rolex\Dati applicazioni\SAS7_000.DAT
2007-11-24 18:05 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2006-05-03 10:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2008-10-03 09:45 15,014 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-23_13.50.54,20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-23 07:37:41 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-23 18:22:14 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-23 07:37:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-01-23 18:22:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-01-23 07:37:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 18:22:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-23 18:21:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6a4.dat
- 2009-01-23 07:37:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_794.dat
+ 2009-01-23 18:21:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_794.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"VoipDiscount"="f:\documenti rolando\File ricevuti\voipdiscount.exe" [2008-12-05 9073976]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-09 2182080]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-10-16 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\programmi\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\programmi\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"OmniPage"="c:\programmi\Caere\OmniPagePro90\opware32.exe" [1998-11-19 44032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-01-20 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-29 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Rolex\Menu Avvio\Programmi\Esecuzione automatica\
Run VNC Server.lnk - c:\programmi\RealVNC\VNC4\winvnc4.exe [2008-01-14 914808]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Instant Update Reminder.lnk - c:\programmi\U.S. Robotics\ControlCenter\Reminder.exe [2008-11-10 977408]
Server4PC.lnk - c:\programmi\TechniSat DVB\bin\Server4PC.exe [2008-04-13 328968]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2007-12-03 394856]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\TechniSat DVB\\bin\\Server4PC.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\tvants\\Tvants.exe"=
"c:\\Programmi\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Programmi\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Documents and Settings\\Rolex\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\PPMate\\ppmate.exe"=
"c:\\Programmi\\PPMate\\ppamnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\PROGRAMMI\\WINMX\\WinMX.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programmi\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"f:\\Documenti Rolando\\File ricevuti\\VoipDiscount.exe"=
"d:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Documents and Settings\\Rolex\\Desktop\\Release\\eTAXI s.r.l.exe"=
"f:\\Programmi\\ProgDVB\\ProgDvbNet.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\U.S. Robotics\\ControlCenter\\ctrlcntr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\U.S. Robotics\\ControlCenter\\Reminder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"f:\\Programmi\\PoWeR-Script.0.2.1\\mIRC.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2007-09-23 14095]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2007-09-23 419344]
R3 SWUSBFLT;Driver filtro Microsoft SideWinder VIA;c:\windows\system32\drivers\SWUSBFLT.SYS [2007-10-07 3968]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
R4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-11 38144]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [2009-01-22 356920]
R4 TeamViewer4;TeamViewer 4;c:\programmi\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-23 185640]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-11-13 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-11-13 8320]
S3 sagmc07bus;Sagem Communication Mobile Platform MC2007 driver (WDM);c:\windows\system32\drivers\sagmc07bus.sys [2008-02-21 83848]
S3 sagmc07mdfl;Sagem Communication MC2007 WMC CDC Modem Filter;c:\windows\system32\drivers\sagmc07mdfl.sys [2008-02-21 15240]
S3 sagmc07mdm;Sagem Communication MC2007 WMC CDC Modem Driver;c:\windows\system32\drivers\sagmc07mdm.sys [2008-02-21 110088]
S3 sagmc07mgmt;Sagem Communication MC2007 Device Management Drivers (WDM);c:\windows\system32\drivers\sagmc07mgmt.sys [2008-02-21 103304]
S3 sagmc07obex;Sagem Communication MC2007 WMC OBEX;c:\windows\system32\drivers\sagmc07obex.sys [2008-02-21 100104]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2008-04-25 14848]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3788f94a-4df6-11dd-9c18-001060d02731}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
.
------- Scansione supplementare -------
.
uStart Page =
www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}
mWindow Title =
uInternet Settings,ProxyOverride = localhost
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {9A292BC9-99A0-45BB-ABA8-98D3916B66FA} = 193.70.152.15,193.70.152.25
DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} -
hxxp://uc.sina.com.con/download/live/weblive2.4.0.0.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.2.cabDPF: {66D393D5-4D80-497C-9F4F-F3839E090202} -
hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cabDPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} -
hxxp://dl.uc.sina.com/cab/downloader.cab.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-23 19:27:40
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1292428093-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D5650-C168-F6A0-C50E-695D875DC689}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahneiicdalmlenkjgodlilmgoioapab"=hex:6a,61,6f,61,6c,64,6e,6d,6a,61,67,6a,65,
6c,63,61,67,70,6d,6f,00,50
"oajnkdadifbiaenglfkblbkplcalgo"=hex:6a,61,6f,61,6c,64,6e,6d,6a,61,67,6a,65,6c,
63,61,67,70,6d,6f,00,50
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,ee,17,79,b4,b4,
6a,c6,ad,e2,63,26,f1,3f,c8,ff,68,03,4a,36,33,ec,fb,dc,75,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,97,de,d7,d8,57,
43,ce,c7,6a,9c,d6,61,af,45,84,18,f3,59,17,e1,d4,9d,fc,27,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,50,cb,37,82,7b,
b9,d2,f1,ff,7c,85,e0,43,d4,0e,fe,94,4e,1a,47,33,73,f6,68,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,62,9f,9e,3b,21,
99,4f,26,86,8c,21,01,be,91,eb,e7,f9,2b,79,09,7a,25,24,2b,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,4d,97,0d,4b,3f,
12,7b,2e,f5,1d,4d,73,a8,13,5c,05,d1,f2,2f,04,d6,b4,ec,5f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f3,e4,3f,be,8d,
8e,60,38,df,20,58,62,78,6b,cf,c8,ad,69,b5,8e,74,f8,63,6e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,43,dd,a3,84,6c,
95,ab,05,fb,a7,78,e6,12,2f,9a,ea,0e,92,ba,97,42,c4,a0,eb,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,89,34,57,d7,ba,
21,5c,1c,01,3a,48,fc,e8,04,4a,f1,81,a5,9b,b1,bb,dd,84,73,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1a,9c,f0,d8,16,
eb,76,72,f6,0f,4e,58,98,5b,89,c9,5f,9a,03,2f,12,b4,2c,08,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,2a,18,74,e5,f2,
62,3d,d7,3d,ce,ea,26,2d,45,aa,78,64,9c,41,53,e1,95,4e,71,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,85,a0,42,2d,63,
42,7e,e8,2a,b7,cc,b5,b9,7f,41,e7,a7,3e,74,6a,21,42,87,54,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,bc,3d,4c,af,a4,
d1,cc,3e,6c,43,2d,1e,aa,22,2f,9c,a9,4c,7f,25,fb,e7,6a,58,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\programmi\Spyware Doctor\pctsSvc.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\searchindexer.exe
c:\programmi\TeamViewer\Version4\TeamViewer.exe
c:\programmi\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\ntvdm.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\programmi\HP\Digital Imaging\bin\hpqnrs08.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\programmi\HP\Digital Imaging\bin\hpqimzone.exe
c:\programmi\Windows Live\Contacts\wlcomm.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\HPZinw12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-23 19:33:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-23 18:33:49
ComboFix2.txt 2009-01-23 12:53:01
ComboFix3.txt 2009-01-10 13:02:13
Pre-Run: 10.831.421.440 byte disponibili
Post-Run: 10,791,886,848 byte disponibili
Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4
371 --- E O F --- 2009-01-14 11:52:19