ComboFix 10-05-26.01 - Personale 26/05/2010 22.14.26.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1015.811 [GMT 2:00]
Eseguito da: E:\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\maximo.sys
c:\windows\system32\inferno.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALADDINS
-------\Legacy_HASPNTT
-------\Service_aladdins
-------\Service_haspntt
((((((((((((((((((((((((( Files Creati Da 2010-04-26 al 2010-05-26 )))))))))))))))))))))))))))))))))))
.
2010-05-26 16:28 . 2010-05-26 16:28 2284 ----a-w- C:\avexport.bat
2010-05-26 14:36 . 2010-05-26 14:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-05-26 13:33 . 2010-05-26 13:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-26 10:12 . 2010-05-26 10:12 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\Malwarebytes
2010-05-26 10:11 . 2010-04-26 13:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 10:11 . 2010-05-26 10:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-05-26 10:11 . 2010-05-26 10:11 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-26 10:11 . 2010-04-26 13:07 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 20:37 . 2010-05-25 20:37 -------- d-----w- c:\programmi\Trend Micro
2010-05-25 17:21 . 2010-05-26 12:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-25 17:21 . 2010-05-25 17:21 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-05-25 15:57 . 2010-05-25 15:57 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2010-05-25 15:50 . 2010-05-25 15:50 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-25 15:50 . 2010-05-25 15:50 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-25 15:48 . 2010-05-26 20:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-05-25 15:48 . 2010-05-25 15:48 -------- d-----w- c:\programmi\Kaspersky Lab
2010-05-25 15:45 . 2010-05-25 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-05-25 14:42 . 2010-05-25 14:42 -------- d-----w- c:\programmi\VS Revo Group
2010-05-25 14:17 . 2010-05-25 14:17 -------- d-----w- c:\programmi\CCleaner
2010-05-25 14:00 . 2010-05-25 14:00 0 ----a-w- c:\windows\nsreg.dat
2010-05-25 14:00 . 2010-05-25 14:00 -------- d-----w- c:\documents and settings\Personale\Impostazioni locali\Dati applicazioni\Mozilla
2010-05-03 18:50 . 2010-05-03 18:50 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\CoSoSys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 17:28 . 2008-12-29 12:39 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\Skype
2010-05-26 13:38 . 2010-02-16 15:23 -------- d-----w- c:\programmi\Google
2010-05-26 07:58 . 2009-12-22 16:18 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\skypePM
2010-05-25 20:53 . 2008-07-09 18:08 83934 ----a-w- c:\windows\system32\perfc010.dat
2010-05-25 20:53 . 2008-07-09 18:08 489038 ----a-w- c:\windows\system32\perfh010.dat
2010-05-25 12:58 . 2009-12-03 21:10 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\LimeWire
2010-04-14 21:43 . 2009-11-18 17:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-10 20:15 . 2010-03-04 16:58 -------- d-----w- c:\programmi\Samsung
2010-04-10 20:14 . 2008-07-09 18:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-10 20:13 . 2010-03-04 17:00 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-04-10 11:54 . 2008-10-30 14:17 96120 ----a-w- c:\documents and settings\Personale\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-04 16:57 . 2010-04-04 16:57 -------- d-----w- c:\programmi\eMule AdunanzA
2010-04-04 16:57 . 2010-04-04 16:57 -------- d-----w- c:\documents and settings\Personale\Dati applicazioni\eMule AdunanzA
2010-03-08 15:42 . 2008-10-30 14:33 1748 ----a-w- c:\documents and settings\Personale\Dati applicazioni\wklnhst.dat
2008-05-07 08:34 . 2008-07-10 07:51 15523560 ----a-w- c:\programmi\U1 Setup.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90980889-669e-4bb9-9e4b-69563bf04375}"= "c:\programmi\Games_Bar_2\tbGame.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{90980889-669e-4bb9-9e4b-69563bf04375}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90980889-669e-4bb9-9e4b-69563bf04375}]
2010-03-17 14:45 2355224 ----a-w- c:\programmi\Games_Bar_2\tbGame.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{90980889-669e-4bb9-9e4b-69563bf04375}"= "c:\programmi\Games_Bar_2\tbGame.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{90980889-669e-4bb9-9e4b-69563bf04375}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{90980889-669E-4BB9-9E4B-69563BF04375}"= "c:\programmi\Games_Bar_2\tbGame.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{90980889-669e-4bb9-9e4b-69563bf04375}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20.41.32 33808]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [26/05/2010 12.11.35 304464]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20.59.44 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/05/2010 12.11.31 20824]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [04/03/2010 19.01.03 36608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
emusvc REG_MULTI_SZ aladdins
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {555BD020-CB77-4456-BBB0-862256278161} = 8.8.8.8,8.8.4.4
TCP: {5EC10944-A7D3-4884-895C-7D7A2D7D9BEB} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Personale\Dati applicazioni\Mozilla\Firefox\Profiles\c43aulj5.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.itFF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-26 22:24
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-26 22:30:27 - Il pc Ë stato riavviato
ComboFix-quarantined-files.txt 2010-05-26 20:30
Pre-Run: 33.068.871.680 byte disponibili
Post-Run: 35.076.829.184 byte disponibili
- - End Of File - - 7AEED6976ADF41DE2989CE29EF75EA73