ComboFix 10-04-02.01 - laura alfonso 03/04/2010 15.56.57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2047.1361 [GMT 2:00]
Eseguito da: d:\documents and settings\laura alfonso\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk
d:\documents and settings\laura alfonso\Dati applicazioni\0200000076708cce869C.manifest
d:\documents and settings\laura alfonso\Dati applicazioni\0200000076708cce869O.manifest
d:\documents and settings\laura alfonso\Dati applicazioni\0200000076708cce869P.manifest
d:\documents and settings\laura alfonso\Dati applicazioni\0200000076708cce869S.manifest
d:\documents and settings\laura alfonso\Dati applicazioni\Desktopicon
d:\programmi\Search Settings
d:\programmi\Search Settings\FF\chrome.manifest
d:\programmi\Search Settings\FF\chrome\content\plugin.js
d:\programmi\Search Settings\FF\chrome\content\plugin.xul
d:\programmi\Search Settings\FF\chrome\content\protection.js
d:\programmi\Search Settings\FF\chrome\content\utils.js
d:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
d:\programmi\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
d:\programmi\Search Settings\FF\components\IFBHOSearch.xpt
d:\programmi\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
d:\programmi\Search Settings\FF\components\IFHelperPreferences.xpt
d:\programmi\Search Settings\FF\components\SearchSettingsFF.dll
d:\programmi\Search Settings\FF\install.rdf
d:\programmi\Search Settings\kb128\SearchSettingsInstaller.130.exe
d:\programmi\Search Settings\SearchSettings.exe
d:\programmi\Search Settings\SearchSettingsRes409.dll
d:\windows\AppPatch\AcAdProc.dll
d:\windows\system32\ .txt
.
((((((((((((((((((((((((( Files Creati Da 2010-03-03 al 2010-04-03 )))))))))))))))))))))))))))))))))))
.
2010-04-03 13:53 . 2010-04-03 13:53 398336 ----a-w- d:\windows\system32\CF9614.exe
2010-04-02 16:51 . 2010-04-02 16:51 388096 ----a-r- d:\documents and settings\laura alfonso\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 16:51 . 2010-04-02 16:51 -------- d-----w- d:\programmi\TrendMicro
2010-03-05 18:42 . 2010-03-05 18:42 33808 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2010-03-05 18:42 . 2010-03-05 18:42 213520 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 14:01 . 2010-03-05 18:27 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-03 13:53 . 2010-03-05 18:27 3528 --sha-w- d:\windows\system32\drivers\fidbox2.idx
2010-04-03 13:52 . 2010-03-05 18:27 409632 --sha-w- d:\windows\system32\drivers\fidbox2.dat
2010-04-03 12:56 . 2009-06-24 23:06 117760 -c--a-w- d:\documents and settings\laura alfonso\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 12:55 . 2009-06-24 23:05 -------- d-----w- d:\programmi\SUPERAntiSpyware
2010-04-03 01:06 . 2010-03-05 18:27 3816992 --sha-w- d:\windows\system32\drivers\fidbox.dat
2010-04-03 01:06 . 2010-03-05 18:27 34044 --sha-w- d:\windows\system32\drivers\fidbox.idx
2010-04-02 16:45 . 2009-06-27 22:37 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware
2010-04-02 14:58 . 2010-04-02 14:58 0 ----a-w- d:\windows\system32\22.tmp
2010-03-29 13:24 . 2009-06-27 22:37 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24 . 2009-06-27 22:37 20824 -c--a-w- d:\windows\system32\drivers\mbam.sys
2010-03-28 14:46 . 2008-04-14 12:00 74296 ----a-w- d:\windows\system32\perfc010.dat
2010-03-28 14:46 . 2008-04-14 12:00 447046 ----a-w- d:\windows\system32\perfh010.dat
2010-03-05 18:42 . 2008-01-29 17:29 33808 ----a-w- d:\windows\system32\drivers\klbg.sys
2010-03-05 18:42 . 2010-03-05 18:27 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2010-03-05 18:42 . 2010-03-05 18:27 108059 ----a-w- d:\windows\system32\drivers\klin.dat
2010-03-05 18:42 . 2010-03-05 18:42 21256 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2010-03-05 18:42 . 2010-03-05 18:42 861448 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2010-03-05 18:42 . 2010-03-05 18:42 83208 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2010-03-05 18:42 . 2010-03-05 18:42 62728 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2010-03-05 18:42 . 2010-03-05 18:42 43784 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2010-03-05 18:42 . 2010-03-05 18:42 365832 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2010-03-05 18:42 . 2010-03-05 18:42 201992 ----a-w- d:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2010-02-20 19:37 . 2009-11-24 18:36 -------- d-----w- d:\programmi\Evviva Ping Pong
2010-02-19 17:28 . 2010-02-18 15:53 -------- d--h--w- d:\programmi\FX Uninstall Information
2010-01-26 00:00 . 2009-08-30 19:00 5115824 -c--a-w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-23 22:36 . 2009-12-21 23:56 52224 ----a-w- d:\documents and settings\laura alfonso\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
------- Sigcheck -------
[-] 2009-04-29 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="d:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="d:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="d:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="d:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="d:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="d:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVP"="d:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2010-03-05 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - d:\programmi\Microsoft Office\Office\OSA9.EXE [2005-3-17 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- d:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 19.29.38 33808]
R1 SASDIFSV;SASDIFSV;d:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;d:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R2 Application Updater;Application Updater;d:\programmi\Application Updater\ApplicationUpdater.exe [08/01/2010 1.51.02 380928]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [25/03/2008 21.07.10 24592]
S3 athrusb;Atheros Wireless LAN USB device driver;d:\windows\system32\drivers\athrusb.sys [10/12/2009 20.20.23 446976]
S3 SASENUM;SASENUM;d:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-28 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - d:\documents and settings\laura alfonso\Dati applicazioni\Mozilla\Firefox\Profiles\xr2pz52x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://it.search.yahoo.com/search?fr=gr ... =616163&p=FF - plugin: d:\windows\system32\C2MP\npdivx32.dll
---- FIREFOX POLICIES ----
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-03 16:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1036)
d:\programmi\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\klogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\LEXBCES.EXE
d:\windows\system32\LEXPPS.EXE
d:\windows\system32\Ati2evxx.exe
d:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\programmi\Bonjour\mDNSResponder.exe
d:\programmi\Java\jre6\bin\jqs.exe
d:\programmi\CyberLink\Shared Files\RichVideo.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
d:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
d:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-03 16:02:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-03 14:02
Pre-Run: 72.404.844.544 byte disponibili
Post-Run: 72.300.621.824 byte disponibili
- - End Of File - - 06F99003FDE2946B465D7921AAC02AFD