ComboFix 09-12-03.06 - user 04/12/2009 21.14.31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1482 [GMT 1:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {7C92540B-F0B8-0012-00E9-917C0802927C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Dati applicazioni\inst.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Creati Da 2009-11-04 al 2009-12-04 )))))))))))))))))))))))))))))))))))
.
2009-11-20 21:18 . 2009-11-20 21:18 -------- d-----w- c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Opera
2009-11-20 21:17 . 2009-11-30 18:53 -------- d-----w- c:\programmi\Opera
2009-11-13 16:38 . 2009-11-13 16:38 -------- d-----w- c:\documents and settings\user\.thumb
2009-11-11 11:38 . 2009-11-11 11:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2009-11-11 11:36 . 2009-11-11 11:35 38208 ----a-w- c:\documents and settings\user\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-11 11:36 . 2009-11-11 11:36 -------- d-----w- c:\programmi\Widget vodafone.it
2009-11-11 11:36 . 2009-11-11 11:35 38208 ----a-w- c:\documents and settings\Default User\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-11 11:36 . 2009-11-11 11:36 -------- d-----w- c:\programmi\File comuni\Adobe AIR
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 20:45 . 2009-06-27 10:30 -------- d-----w- c:\programmi\DivX
2009-12-04 20:44 . 2004-08-19 12:00 479700 ----a-w- c:\windows\system32\perfh010.dat
2009-12-04 20:44 . 2004-08-19 12:00 79894 ----a-w- c:\windows\system32\perfc010.dat
2009-12-02 16:36 . 2009-09-29 16:52 -------- d-----w- c:\documents and settings\user\Dati applicazioni\vlc
2009-12-02 15:49 . 2008-08-13 06:34 -------- d-----w- c:\programmi\Hewlett-Packard
2009-12-02 15:47 . 2009-10-11 18:36 -------- d-----w- c:\programmi\EPSON
2009-12-01 18:29 . 2009-12-01 18:31 3154432 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-11-25 09:30 . 2008-11-07 20:51 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\SACore
2009-11-20 22:07 . 2008-08-12 19:15 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-20 22:06 . 2009-10-11 18:37 -------- d-----w- c:\programmi\Smart Panel
2009-11-14 18:04 . 2008-09-12 16:54 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-12 20:55 . 2008-12-20 14:26 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-11 18:53 . 2009-06-27 10:30 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-11-04 21:18 . 2008-09-12 16:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-01 16:52 . 2009-11-01 16:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-11-01 16:44 . 2009-11-01 16:35 -------- d-----w- c:\programmi\File comuni\Logishrd
2009-11-01 16:43 . 2008-08-13 06:37 -------- d-----w- c:\programmi\File comuni\Logitech
2009-11-01 16:35 . 2009-11-01 16:35 10134 ----a-r- c:\documents and settings\user\Dati applicazioni\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2009-11-01 16:34 . 2009-11-01 16:34 -------- d-----w- c:\documents and settings\user\Dati applicazioni\InstallShield
2009-10-15 12:35 . 2009-02-04 15:44 -------- d-----w- c:\programmi\nLite
2009-10-11 21:39 . 2009-10-11 21:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2009-10-11 20:35 . 2009-10-11 20:35 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-10-11 19:38 . 2009-10-11 19:38 -------- d-----w- c:\documents and settings\user\Dati applicazioni\EPSON
2009-10-11 18:57 . 2009-10-11 18:57 -------- d-----w- c:\documents and settings\user\Dati applicazioni\ArcSoft
2009-10-11 18:56 . 2009-10-11 18:56 -------- d-----w- c:\documents and settings\user\Dati applicazioni\ABBYY
2009-10-11 18:50 . 2009-10-11 18:50 -------- d-----w- c:\programmi\ArcSoft
2009-10-11 17:32 . 2009-10-10 14:00 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Samsung
2009-10-10 16:08 . 2009-10-10 16:08 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Multimedia Player
2009-10-10 14:08 . 2009-10-10 14:01 -------- d-----w- c:\documents and settings\user\Dati applicazioni\PC Suite
2009-10-10 14:08 . 2009-10-10 14:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-10-10 13:58 . 2009-10-10 13:58 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-10-10 13:58 . 2009-10-10 13:56 -------- d-----w- c:\programmi\Samsung
2009-10-10 13:57 . 2009-10-10 13:57 -------- d-----w- c:\programmi\DIFX
2009-10-10 13:56 . 2009-10-10 13:56 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-10-10 13:54 . 2009-10-10 13:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:17 . 2008-04-13 17:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-05-01 209153]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2003-04-01 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Samsung.PCSync"="c:\programmi\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-11-1 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio Office.lnk
backup=c:\windows\pss\Avvio Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programmi\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programmi\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programmi\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programmi\\TerraTec\\TerraTec Home Cinema\\ChannelEditor\\CinergyDvrChannelEditor.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [01/05/2009 17.25.12 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [01/05/2009 17.25.16 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [01/05/2009 17.25.12 434945]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmi\McAfee\SiteAdvisor\McSACore.exe [07/11/2008 21.50.04 210216]
S3 ATICDSDr;ATICDSDr;\??\e:\bin\atiicdxx.sys
e:\bin\atiicdxx.sys
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [07/12/2008 17.00.35 94848]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp
c:\windows\system32\4.tmp
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [10/10/2009 14.56.24 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [10/10/2009 14.56.27 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [10/10/2009 14.56.29 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [10/10/2009 14.56.28 12288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{84649F91-8389-482E-A1E3-6DF2340E1F5D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/LSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: antonveneta.it\hb
Trusted Zone: chebanca.it\www
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\jlwf60r3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-Soft-Central SC-DiskInfo - c:\programmi\SC-DiskInfo\Uninstall
AddRemove-Sophos-AntiRootkit - c:\programmi\Sophos\Sophos Anti-Rootkit\helper.exe remove
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-04 21:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-839522115-2025429265-1606980848-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\programmi\McAfee\SiteAdvisor\saHook.dll
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\programmi\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programmi\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\windows\system32\tcpsvcs.exe
c:\programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Logitech\SetPoint\LU\LULnchr.exe
c:\programmi\Logitech\SetPoint\LU\LogitechUpdate.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-04 22:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-04 21:00
Pre-Run: 155.384.041.472 byte disponibili
Post-Run: 155.284.152.320 byte disponibili
- - End Of File - - F8A628941235E645EEBA85EB8F3D0D6A