ComboFix 09-08-09.04 - Administrator 10/08/2009 18.28.07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.551 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\marimega.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-3845447382-1372074498-113794772-500
c:\windows\msa.exe
c:\windows\SW_Win2000X24.DLL
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2009-07-10 al 2009-08-10 )))))))))))))))))))))))))))))))))))
.
2009-08-10 14:47 . 2009-08-10 14:47 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-08-10 14:47 . 2009-08-10 14:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-08 09:50 . 2009-08-08 09:50 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-08-08 08:51 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-08 08:38 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-08 08:23 . 2009-08-08 08:23 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-08 08:23 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-08 08:23 . 2009-08-08 08:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-08-08 08:23 . 2009-08-08 08:23 -------- d-----w- c:\programmi\Lavasoft
2009-08-07 10:29 . 2009-08-07 10:29 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Help
2009-08-07 10:28 . 2009-08-07 10:28 -------- d-----w- c:\programmi\Softinterface, Inc
2009-08-06 14:51 . 1998-05-06 09:19 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-08-06 14:51 . 1998-05-02 14:34 32768 ----a-r- c:\windows\system32\PLUGIN.DLL
2009-08-05 13:42 . 2009-08-05 13:42 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Jasc Software Inc
2009-08-05 13:41 . 2009-08-06 15:03 -------- d-----w- c:\programmi\Jasc Software Inc
2009-07-30 07:54 . 2009-07-30 07:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-30 07:53 . 2009-07-30 07:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-30 07:39 . 2009-07-03 16:55 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-30 07:39 . 2009-07-03 16:55 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 07:39 . 2009-07-30 07:39 -------- d-----w- c:\windows\ie8updates
2009-07-30 07:39 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-30 07:37 . 2009-07-30 07:39 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 08:58 . 2009-01-19 17:33 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-03 16:55 . 2006-03-02 02:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2006-03-02 02:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-03-02 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2006-03-02 02:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 14:18 . 2009-05-27 14:18 38795 ----a-w- c:\windows\Fonts\english.zip
2009-05-27 14:16 . 2009-05-27 14:16 38795 ----a-w- C:\english.zip
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\programmi\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [08/08/2009 10.38.45 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16.49.06 1029456]
R2 pdfcDispatcher;PDF Document Manager;c:\programmi\PDF Complete\pdfsvc.exe [16/10/2008 4.07.31 576024]
S2 0017251228236376mcinstcleanup;McAfee Application Installer Cleanup (0017251228236376);c:\docume~1\ADMINI~1\IMPOST~1\Temp\001725~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
c:\docume~1\ADMINI~1\IMPOST~1\Temp\001725~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-08-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: &AOL Toolbar Cerca - c:\documents and settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html
TCP: {BB3C671A-A07F-483E-BFBD-37AB1496FA11} = 151.99.125.2
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-10 18:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\programmi\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-2955803032-2012524078-2268855013-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,68,8b,53,9b,bf,28,45,b3,b9,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,58,68,8b,53,9b,bf,28,45,b3,b9,3d,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\Internet Explorer\iexplore.exe
c:\programmi\AOL\AOL Toolbar 5.0\AolTbServer.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-10 18.34.07 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-10 16:34
Pre-Run: 137.226.862.592 byte disponibili
Post-Run: 137.351.643.136 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
151 --- E O F --- 2009-07-30 07:40
Esegui 
da margi75_ » lun ago 10, 2009 4:11 pm 
