ComboFix 09-05-29.01 - Vale 30/05/2009 1.36.38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.2038.1222 [GMT 2:00]
Eseguito da: c:\users\Vale\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {001D36C8-077F-0000-0000-000000001D00}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00230148-0053-0078-0000-000000002300}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00310034-0034-0034-6300-630066003100}
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: AntiVir Desktop *disabled* (Outdated) {001D36C8-077F-0000-0000-000000001D00}
SP: AntiVir Desktop *disabled* (Outdated) {00230148-0053-0078-0000-000000002300}
SP: AntiVir Desktop *disabled* (Outdated) {00310034-0034-0034-6300-630066003100}
SP: avast! antivirus 4.8.1335 [VPS 090526-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Creati Da 2009-04-28 al 2009-05-29 )))))))))))))))))))))))))))))))))))
.
2009-05-26 21:06 . 2009-05-29 23:05 -------- d-----w c:\users\Vale\Tracing
2009-05-26 21:04 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-26 21:03 . 2009-05-26 21:03 712704 ----a-w c:\windows\system32\WindowsCodecs.dll
2009-05-26 21:03 . 2009-05-26 21:03 347648 ----a-w c:\windows\system32\WindowsCodecsExt.dll
2009-05-26 20:35 . 2009-05-26 20:13 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-26 20:15 . 2009-02-05 21:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-26 20:15 . 2009-02-05 21:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-26 20:15 . 2009-02-05 21:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-26 20:15 . 2009-02-05 21:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-26 20:15 . 2009-02-05 21:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-26 20:15 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-26 20:13 . 2009-05-26 20:12 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-26 20:10 . 2009-05-26 20:10 -------- d-----w c:\users\Vale\AppData\Local\Paint.NET
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w c:\program files\Softonic_Italia
2009-05-26 19:54 . 2009-05-26 19:54 -------- d-----w c:\program files\Conduit
2009-05-26 19:54 . 2009-03-26 19:44 51200 ----a-w c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
2009-05-26 19:54 . 2009-03-26 19:44 114688 ----a-w c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\npmozax.dll
2009-05-26 19:48 . 2001-10-28 14:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-05-26 19:48 . 1998-08-05 05:45 122128 ----a-w c:\windows\system32\VB6IT.DLL
2009-05-26 19:48 . 1998-08-05 05:45 150528 ----a-w c:\windows\system32\MSCMCIT.DLL
2009-05-26 19:48 . 1998-08-05 05:45 63488 ----a-w c:\windows\system32\MSCC2IT.DLL
2009-05-26 19:48 . 1998-07-05 22:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\users\Vale\AppData\Roaming\Webshots
2009-05-26 19:28 . 2009-05-26 19:28 -------- d-----w c:\users\Vale\AppData\Local\PowerCinema
2009-05-26 18:55 . 2009-05-26 18:55 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-26 18:55 . 2009-05-26 18:55 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-26 18:55 . 2009-05-26 18:55 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-26 18:55 . 2009-05-26 18:55 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-26 18:54 . 2009-05-26 18:54 83456 ----a-w c:\windows\system32\wudriver.dll
2009-05-26 18:54 . 2009-05-26 18:54 561688 ----a-w c:\windows\system32\wuapi.dll
2009-05-26 18:54 . 2009-05-26 18:54 34328 ----a-w c:\windows\system32\wups.dll
2009-05-26 18:53 . 2009-05-26 18:53 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-26 18:53 . 2009-05-26 18:53 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-26 11:58 . 2009-05-26 18:46 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-26 11:16 . 2008-04-17 11:12 15464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-26 11:16 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-26 11:16 . 2009-05-26 20:13 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-26 00:13 . 2009-05-26 00:13 -------- d-----w c:\users\Vale\AppData\Roaming\Symantec
2009-05-26 00:06 . 2009-05-26 00:06 -------- d-----w c:\users\Vale\AppData\Local\Packard Bell
2009-05-26 00:03 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Roaming\CyberLink
2009-05-26 00:03 . 2009-05-26 00:03 92 ----a-w c:\users\Vale\AppData\Local\fusioncache.dat
2009-05-26 00:03 . 2009-05-29 23:05 -------- d-----w c:\users\Vale\AppData\Local\ApplicationHistory
2009-05-26 00:03 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Roaming\Roxio
2009-05-26 00:03 . 2009-05-26 00:03 64048 ----a-w c:\users\Vale\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 00:02 . 2009-05-26 19:12 -------- d-----w c:\users\Vale\AppData\Roaming\Packard Bell
2009-05-26 00:02 . 2009-05-26 00:07 -------- d-----w c:\users\Vale\AppData\Local\Google
2009-05-26 00:01 . 2009-05-26 00:03 -------- d-----w c:\users\Vale\AppData\Local\VirtualStore
2009-05-25 23:57 . 2009-05-25 23:57 -------- d-----w c:\users\Vale\AppData\Roaming\InstallShield
2009-05-25 23:39 . 2009-05-25 23:39 -------- d-----w c:\users\Vale\AppData\Roaming\Talkback
2009-05-25 23:39 . 2009-05-25 23:39 0 ----a-w c:\windows\nsreg.dat
2009-05-25 23:39 . 2009-05-25 23:39 -------- d-----w c:\users\Vale\AppData\Local\Mozilla
2009-05-25 23:06 . 2009-05-25 23:32 -------- d-----w C:\Utenti_ripristinato
2009-05-16 08:29 . 2009-05-16 08:30 -------- d-----w c:\program files\QuickTime
2009-05-16 08:22 . 2009-05-16 08:27 -------- d-----w c:\program files\Kodak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 23:31 . 2008-12-19 19:25 -------- d-----w c:\program files\Avira
2009-05-29 23:27 . 2006-03-10 14:42 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-29 23:10 . 2006-03-10 22:25 692196 ----a-w c:\windows\system32\perfh010.dat
2009-05-29 23:10 . 2006-03-10 22:25 119556 ----a-w c:\windows\system32\perfc010.dat
2009-05-26 19:49 . 2008-02-29 17:16 -------- d-----w c:\program files\PDFCreator
2009-05-26 19:30 . 2008-02-18 10:33 -------- d-----w c:\program files\Webshots
2009-05-26 19:29 . 2006-03-10 14:14 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-26 19:29 . 2006-03-10 14:42 -------- d-----w c:\program files\CyberLink
2009-05-26 19:29 . 2006-03-10 14:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-26 19:22 . 2006-03-10 14:44 -------- d-----w c:\program files\Norton 360
2009-05-26 11:33 . 2009-05-26 11:33 27240 ----a-w c:\users\Vale\AppData\Roaming\nvModes.dat
2009-05-25 23:57 . 2006-03-10 14:10 -------- d-----w c:\program files\Intel
2009-05-25 23:35 . 2008-02-01 14:01 -------- d-----w c:\program files\Disk Cleaner
2009-03-30 08:33 . 2009-05-29 23:31 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:08 . 2009-05-29 23:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2006-03-10 14:41 . 2006-03-10 14:41 157184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2006-03-10 14:34 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-03-10 14:34 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-03-10 14:34 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-03-10 14:34 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-03-10 14:34 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-03-10 22:33 . 2006-03-10 22:31 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-03-10 09:47 2079256 ----a-w c:\program files\Softonic_Italia\tbSoft.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-10 243200]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-26 518488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-2-29 2859008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6BC4D179-3973-45AF-8BF7-08956D1F5121}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [26/05/2009 22.13.33 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [26/05/2009 22.15.31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [26/05/2009 22.15.31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/05/2008 16.55.55 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1005904]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [10/03/2006 16.17.19 46592]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
.
Contenuto della cartella 'Scheduled Tasks'
2009-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 20:12]
2009-05-29 c:\windows\Tasks\Garanzia estesa.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]
2009-05-26 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]
2009-05-26 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
2009-05-29 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-03-10 16:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
SafeBoot-procexp90.Sys
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://format.packardbell.com/cgi-bin/r ... ey=IESTARTFF - ProfilePath - c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\users\Vale\AppData\Roaming\Mozilla\Firefox\Profiles\2anvn2k5.default\extensions\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}\components\FFExternalAlert.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-30 01:40
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-05-29 1.41.42
ComboFix-quarantined-files.txt 2009-05-29 23:41
Pre-Run: 95.171.104.768 byte disponibili
Post-Run: 94.918.422.528 byte disponibili
205