ComboFix 09-05-11.01 - Administrator 12/05/2009 6.59.38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1535.1288 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090508-0] *On-access scanning enabled* (Updated)
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\XXXXX\Impostazioni locali\Dati applicazioni\uegig.dat
c:\documents and settings\XXXXX\Impostazioni locali\Dati applicazioni\uegig.exe
c:\documents and settings\XXXXX\Impostazioni locali\Dati applicazioni\uegig_nav.dat
c:\documents and settings\XXXXX\Impostazioni locali\Dati applicazioni\uegig_navps.dat
c:\programmi\FunWebProducts
c:\programmi\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\programmi\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\programmi\MyWebSearch
c:\programmi\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\programmi\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\programmi\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\programmi\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\programmi\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\programmi\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\programmi\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\programmi\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\programmi\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\programmi\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\programmi\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\programmi\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\programmi\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\programmi\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\programmi\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\programmi\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\programmi\MyWebSearch\bar\Avatar\COMMON.F3S
c:\programmi\MyWebSearch\bar\Cache\
0021F21F.bin
c:\programmi\MyWebSearch\bar\Cache\
0021F5C9.bin
c:\programmi\MyWebSearch\bar\Cache\
0021FADA.bin
c:\programmi\MyWebSearch\bar\Cache\
0021FCED.bin
c:\programmi\MyWebSearch\bar\Cache\
00220AA9.bin
c:\programmi\MyWebSearch\bar\Cache\files.ini
c:\programmi\MyWebSearch\bar\Game\CHECKERS.F3S
c:\programmi\MyWebSearch\bar\Game\CHESS.F3S
c:\programmi\MyWebSearch\bar\Game\REVERSI.F3S
c:\programmi\MyWebSearch\bar\History\search3
c:\programmi\MyWebSearch\bar\icons\CM.ICO
c:\programmi\MyWebSearch\bar\icons\MFC.ICO
c:\programmi\MyWebSearch\bar\icons\PSS.ICO
c:\programmi\MyWebSearch\bar\icons\SMILEY.ICO
c:\programmi\MyWebSearch\bar\icons\WB.ICO
c:\programmi\MyWebSearch\bar\icons\ZWINKY.ICO
c:\programmi\MyWebSearch\bar\Message\COMMON.F3S
c:\programmi\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\center.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\index.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\protect.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\stop.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\systray.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\programmi\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\programmi\MyWebSearch\bar\Message\COMMON\warn.gif
c:\programmi\MyWebSearch\bar\Notifier\COMMON.F3S
c:\programmi\MyWebSearch\bar\Notifier\DOG.F3S
c:\programmi\MyWebSearch\bar\Notifier\FISH.F3S
c:\programmi\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\programmi\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAID.F3S
c:\programmi\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\programmi\MyWebSearch\bar\Notifier\OPERA.F3S
c:\programmi\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\programmi\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\programmi\MyWebSearch\bar\Settings\prevcfg2.htm
c:\programmi\MyWebSearch\bar\Settings\s_pid.dat
c:\programmi\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Creati Da 2009-04-12 al 2009-05-12 )))))))))))))))))))))))))))))))))))
.
2009-05-09 18:48 . 2009-05-09 18:48 92424 ----a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-09 18:45 . 2009-05-09 18:45 -------- d-----w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Apple Computer
2009-05-09 13:42 . 2008-04-13 16:47 30208 -c--a-w c:\windows\system32\dllcache\modem.sys
2009-05-09 13:42 . 2008-04-13 16:47 30208 ----a-w c:\windows\system32\drivers\modem.sys
2009-05-09 13:38 . 2008-04-13 09:41 8576 -c--a-w c:\windows\system32\dllcache\i2omgmt.sys
2009-05-09 13:38 . 2008-04-13 09:41 8576 ----a-w c:\windows\system32\drivers\i2omgmt.sys
2009-05-09 13:38 . 2009-05-09 13:38 -------- d-----w c:\windows\LastGood.Tmp
2009-05-09 13:36 . 2008-04-13 09:40 34688 -c--a-w c:\windows\system32\dllcache\lbrtfdc.sys
2009-05-09 13:36 . 2008-04-13 09:40 34688 ----a-w c:\windows\system32\drivers\lbrtfdc.sys
2009-05-09 13:35 . 2001-08-17 19:52 18688 -c--a-w c:\windows\system32\dllcache\cdaudio.sys
2009-05-09 13:35 . 2001-08-17 19:52 18688 ----a-w c:\windows\system32\drivers\cdaudio.sys
2009-05-09 13:34 . 2008-04-13 09:41 8192 -c--a-w c:\windows\system32\dllcache\changer.sys
2009-05-09 13:34 . 2008-04-13 09:41 8192 ----a-w c:\windows\system32\drivers\changer.sys
2009-04-27 19:40 . 2003-02-10 13:29 153088 ----a-w c:\windows\system32\IWUninstall.exe
2009-04-27 19:40 . 2002-08-28 09:09 611840 ----a-w c:\windows\system32\vobhw.dll
2009-04-27 19:40 . 2002-04-17 18:27 11264 ----a-w c:\windows\system32\drivers\asapiW2k.sys
2009-04-27 19:39 . 2009-04-27 19:39 -------- d-----w c:\programmi\Pinnacle
2009-04-27 19:39 . 2003-08-28 09:47 396800 ----a-w c:\windows\system32\PSDrvCheck.exe
2009-04-27 19:37 . 2000-09-07 13:06 1441792 ----a-w c:\windows\system32\nspw7.dll
2009-04-27 19:37 . 2000-09-07 13:05 1306624 ----a-w c:\windows\system32\nsppx.dll
2009-04-27 19:37 . 2000-09-07 13:06 1318912 ----a-w c:\windows\system32\nspp6.dll
2009-04-27 19:37 . 2000-09-07 13:06 1404928 ----a-w c:\windows\system32\nspm6.dll
2009-04-27 19:37 . 2000-09-07 13:06 1335296 ----a-w c:\windows\system32\nspm5.dll
2009-04-27 19:37 . 2000-09-07 13:06 1429504 ----a-w c:\windows\system32\nspa6.dll
2009-04-27 19:37 . 2000-09-07 13:04 114688 ----a-w c:\windows\system32\nsp.dll
2009-04-27 19:37 . 1999-03-16 22:00 19968 ----a-w c:\windows\system32\Cpuinf32.dll
2009-04-27 19:25 . 2009-04-27 19:25 -------- d-----w c:\programmi\Steinberg
2009-04-15 23:37 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:37 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:37 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 23:37 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:37 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:37 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:37 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:37 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:37 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:47 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 18:51 . 2009-02-23 20:25 -------- d-----w c:\programmi\FindyKill
2009-05-08 13:00 . 2009-02-09 03:11 -------- d-----w c:\programmi\File comuni\Symantec Shared
2009-05-08 13:00 . 2009-02-09 03:11 -------- d-----w c:\programmi\Norton Security Scan
2009-05-07 17:49 . 2009-04-04 12:49 -------- d-----w c:\programmi\EPSON Print CD
2009-05-06 19:31 . 2008-01-28 15:18 92424 ----a-w c:\documents and settings\XXXXX\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-16 01:16 . 2002-09-10 12:00 89072 ----a-w c:\windows\system32\perfc010.dat
2009-04-16 01:16 . 2002-09-10 12:00 487484 ----a-w c:\windows\system32\perfh010.dat
2009-04-04 12:53 . 2008-01-24 17:01 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-04 12:50 . 2009-03-06 19:52 -------- d-----w c:\programmi\EPSON
2009-04-02 14:56 . 2008-08-31 12:45 -------- d-----w c:\programmi\VID_0E8F&PID_0012
2009-04-02 14:56 . 2008-08-31 12:45 -------- d-----w c:\programmi\File comuni\VID_0E8F&PID_0012
2009-03-06 14:19 . 2002-09-10 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-06-23 12:28 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2004-08-19 22:39 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe" [2009-02-23 1103240]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-01-31 385024]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"CallControl 4.5"="c:\programmi\FaxTalk Communicator\FTCtrl32.exe" [2004-03-23 124416]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PSDrvCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-08-28 396800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\XXXXX\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Desktop Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0aswBoot.exe /A:* /L:Italian /RA:delete /KBD:2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"x:\\Programmi\\iTALC\\ica.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:ica
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/02/2009 22.54.44 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/02/2009 22.54.44 20560]
S2 icas;iTALC Client;x:\programmi\iTALC\ica.exe [25/01/2009 11.30.41 844800]
S2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\Spyware Doctor\pctsAuxs.exe [01/03/2008 15.50.13 747912]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [31/08/2008 14.47.06 31899]
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-24 06:27]
2009-05-08 c:\windows\Tasks\Norton Security Scan for XXXXX.job
- c:\programmi\Norton Security Scan\Nss.exe [2008-09-19 19:20]
2009-05-09 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2904275E-B6A8-477D-9D98-60D5E2A0568F} = 193.70.152.15,193.70.152.25
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-12 13:50
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(296)
c:\windows\system32\l3codecp.acm
c:\windows\system32\vorbis.acm
- - - - - - - > 'explorer.exe'(1096)
c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\l3codecp.acm
c:\windows\system32\vorbis.acm
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\notepad.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-12 14.07.24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-12 12:07
Pre-Run: 18.509.910.016 byte disponibili
Post-Run: 18.707.628.032 byte disponibili
243 --- E O F --- 2009-04-30 01:03