ComboFix 10-08-16.04 - TOP SICRET 17/08/2010 19.17.48.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.1014.114 [GMT 2:00]
Eseguito da: c:\users\TOP SICRET\Documents\Icone\Armamentario\ksdflknasfo.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\TOP SICRET\AppData\Local\fmufeltd.dat
c:\users\TOP SICRET\AppData\Local\fmufeltd_nav.dat
c:\users\TOP SICRET\AppData\Local\fmufeltd_navps.dat
c:\users\TOP SICRET\SoftonicDownloader64448.exe
c:\users\TOP SICRET\Widestream6-setup.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
((((((((((((((((((((((((( Files Creati Da 2010-07-17 al 2010-08-17 )))))))))))))))))))))))))))))))))))
.
2010-08-17 17:31 . 2010-08-17 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 16:58 . 2010-08-17 16:58 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-17 15:35 . 2010-08-17 16:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-17 15:28 . 2010-08-17 16:58 -------- d-----w- c:\programdata\Hitman Pro
2010-08-17 15:28 . 2010-08-17 15:28 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-17 14:53 . 2010-08-17 14:55 -------- d-----w- c:\windows\system32\ca-ES
2010-08-17 14:53 . 2010-08-17 14:55 -------- d-----w- c:\windows\system32\eu-ES
2010-08-17 14:53 . 2010-08-17 14:55 -------- d-----w- c:\windows\system32\vi-VN
2010-08-17 14:16 . 2010-08-17 14:16 -------- d-----w- c:\windows\system32\EventProviders
2010-08-17 13:51 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-08-12 21:33 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:32 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 21:32 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 21:12 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 21:01 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 21:00 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 21:00 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 21:00 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:00 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:00 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 17:15 . 2007-07-28 17:42 742236 ----a-w- c:\windows\system32\perfh010.dat
2010-08-17 17:15 . 2007-07-28 17:42 152238 ----a-w- c:\windows\system32\perfc010.dat
2010-08-17 15:10 . 2010-05-20 18:57 96 ----a-w- c:\users\TOP SICRET\AppData\Local\ffgcv.bat
2010-08-17 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-08-17 14:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-17 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-08-17 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-08-17 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-17 14:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-08-17 14:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-17 13:49 . 2009-02-15 10:02 -------- d-----w- c:\program files\Microsoft
2010-08-13 11:19 . 2008-03-26 05:43 80834576 ----a-w- c:\windows\DUMP9a99.tmp
2010-08-13 05:26 . 2007-07-28 08:38 -------- d-----w- c:\programdata\Microsoft Help
2010-08-07 13:31 . 2010-04-25 18:06 -------- d-----w- c:\users\TOP SICRET\AppData\Roaming\OfferBox
2010-08-06 06:58 . 2009-01-10 13:33 -------- d-----w- c:\programdata\CanonIJPLM
2010-06-26 06:05 . 2010-08-17 13:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-17 13:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-17 13:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-17 13:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 20:41 . 2010-06-23 20:41 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6559.tmp.exe
2010-06-23 07:36 . 2009-05-31 21:11 -------- d-----w- c:\program files\eMule
2010-05-26 17:06 . 2010-06-11 04:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 04:53 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-25 14:46 . 2008-08-05 21:46 680 ----a-w- c:\users\TOP SICRET\AppData\Local\d3d9caps.dat
2010-05-19 19:05 . 2009-06-05 15:52 93 ----a-w- c:\users\TOP SICRET\AppData\Local\gccwk.bat
2009-05-17 09:37 . 2009-05-16 18:43 1087520 --sha-w- c:\windows\System32\drivers\fidbox.dat
2008-03-26 15:42 . 2008-03-26 15:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-07-20 2215960]
"{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}"= "c:\program files\P2P_Max_IT\tbP2P0.dll" [2009-11-08 2166296]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CLASSES_ROOT\clsid\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
2009-07-20 15:48 2215960 ----a-w- c:\program files\Cerca_Italia\tbCer1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
2009-11-08 21:08 2166296 ----a-w- c:\program files\P2P_Max_IT\tbP2P0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{45dd02aa-87d3-441a-9e77-068f8fa93fc8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-07-20 2215960]
"{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}"= "c:\program files\P2P_Max_IT\tbP2P0.dll" [2009-11-08 2166296]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CLASSES_ROOT\clsid\{d22b76bb-abbd-4eb6-9bbb-f387bf27f76b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{45DD02AA-87D3-441A-9E77-068F8FA93FC8}"= "c:\program files\Cerca_Italia\tbCer1.dll" [2009-07-20 2215960]
[HKEY_CLASSES_ROOT\clsid\{45dd02aa-87d3-441a-9e77-068f8fa93fc8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Delete Owns"="c:\programdata\fast close close.5qenki" [X]
"E06IXLRD_827678"="c:\program files\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" [2005-06-04 301776]
"OfferBox"="c:\program files\OfferBox\OfferBox.exe" [2010-03-23 632464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-28 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8c,6a,b1,b3,1d,3e,cb,01
R2 gupdate1ca0fa76f5fef37;Servizio di Google Update (gupdate1ca0fa76f5fef37);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-27 185640]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 17:18]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 17:18]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page =
hxxp://it.intl.acer.yahoo.comIE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-IHMC CmapTools v5.03 - c:\program files\IHMC CmapTools\UninstallerData\Uninstall CmapTools.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-17 19:32
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-08-17 19:37:18
ComboFix-quarantined-files.txt 2010-08-17 17:37
ComboFix2.txt 2009-05-19 11:22
Pre-Run: 9.842.585.600 byte disponibili
Post-Run: 9.688.977.408 byte disponibili
- - End Of File - - 5EBFCDCA003ECFB16B316D935F791120