ComboFix 10-10-15.03 - Roberto 16/10/2010 15.16.24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.561 [GMT 2:00]
Eseguito da: c:\documents and settings\Roberto\Desktop\tgfjhfhgc.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Roberto\Dati applicazioni\PriceGong
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Roberto\Dati applicazioni\PriceGong\Data\z.xml
.
((((((((((((((((((((((((( Files Creati Da 2010-09-16 al 2010-10-16 )))))))))))))))))))))))))))))))))))
.
2010-10-15 13:06 . 2010-10-15 13:06 -------- d-----w- c:\programmi\File comuni\Skype
2010-10-10 15:17 . 2010-10-10 15:17 -------- d-----w- C:\Fraps
2010-10-07 20:00 . 2010-10-15 14:09 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\skypePM
2010-10-07 19:59 . 2010-10-15 17:40 -------- d-----w- c:\documents and settings\Roberto\Dati applicazioni\Skype
2010-10-07 19:59 . 2010-10-15 13:06 -------- d-----r- c:\programmi\Skype
2010-10-07 19:59 . 2010-10-15 13:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-10-07 13:48 . 2010-10-07 13:48 -------- d-----w- c:\programmi\File comuni\Adobe
2010-10-06 16:41 . 2010-10-06 16:41 -------- d-----w- c:\programmi\VirusTotalUploader2
2010-10-05 19:17 . 2010-10-05 19:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-10-05 19:17 . 2010-10-05 19:17 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-10-05 19:13 . 2010-10-07 19:51 -------- d-----w- c:\documents and settings\Roberto\Tracing
2010-10-05 19:12 . 2010-10-05 19:12 -------- d-----w- c:\programmi\Microsoft
2010-10-05 19:11 . 2010-10-05 19:11 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-10-05 19:11 . 2010-10-05 19:12 -------- d-----w- c:\programmi\Windows Live
2010-10-05 19:09 . 2010-10-05 19:09 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-10-04 11:18 . 2010-10-04 11:18 -------- d-----w- c:\programmi\COMODO
2010-10-04 11:17 . 2010-10-04 11:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Comodo
2010-09-23 14:49 . 2010-09-23 14:48 737280 ----a-w- c:\windows\iun6002.exe
2010-09-22 18:37 . 2010-09-22 18:37 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Apple Computer
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programmi\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 11:31 . 2010-10-16 11:14 -------- d-----w- c:\programmi\Ninja
2010-09-20 18:36 . 2010-09-20 18:36 -------- d-----w- c:\programmi\WinPcap
2010-09-19 18:15 . 2010-09-19 18:15 -------- d-----w- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Songr
2010-09-19 12:04 . 2010-09-19 12:05 -------- d-----w- c:\programmi\Sheep Friends
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\tbDVD1.dll" [2010-09-11 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-09-11 20:11 2735200 ----a-w- c:\programmi\DVDVideoSoftTB\tbDVD1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programmi\DVDVideoSoftTB\tbDVD1.dll" [2010-09-11 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programmi\DVDVideoSoftTB\tbDVD1.dll" [2010-09-11 2735200]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-10-04 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\programmi\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ninja.lnk - c:\programmi\Ninja\ninja.exe [2010-9-22 764416]
[HKLM\~\startupfolder\C:^Documents and Settings^Roberto^Menu Avvio^Programmi^Esecuzione automatica^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:13 2349776 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-r- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Collegamento alla pagina delle proprietà di High Definition Audio]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-04 18:05 136176 ----atw- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx]
2010-07-14 11:49 1804000 ----a-w- c:\programmi\My Lockbox\mylbx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\programmi\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 13:54 16248320 ----a-r- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04 2879488 ----a-r- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 11:03 36975 ----a-w- c:\programmi\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-25 09:49 328056 ----a-w- c:\programmi\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [29/08/2010 19.22.59 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/08/2010 22.11.54 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23.40.52 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23.40.52 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/08/2010 22.11.54 17744]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [29/08/2010 19.22.59 142648]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 19.07.14 35088]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [29/08/2010 19.20.41 68288]
.
Contenuto della cartella 'Scheduled Tasks'
2010-10-15 c:\windows\Tasks\AWC Update.job
- c:\programmi\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-08-30 09:08]
2010-10-16 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-08-29 08:32]
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-162531612-725345543-1004Core.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-10-04 18:05]
2010-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-162531612-725345543-1004UA.job
- c:\documents and settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-10-04 18:05]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL =
hxxp://www.google.com/ieuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Roberto\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {139ECD1F-8051-445B-91DB-B198DBD48F9A} = 156.154.70.25,156.154.71.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-HitmanPro35 - c:\programmi\Hitman Pro 3.5\HitmanPro35.exe
MSConfigStartUp-ICQ - c:\programmi\ICQ7.2\ICQ.exe
AddRemove-ROTR Beta 1.5 - c:\documents and settings\Roberto\Desktop\Nuova cartella\Uinst_ROTRBeta15.exe
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2010-10-16 15:24:31
ComboFix-quarantined-files.txt 2010-10-16 13:24
Pre-Run: 126.634.917.888 byte disponibili
Post-Run: 126.588.731.392 byte disponibili
- - End Of File - - 6A1DC277BD70FB6B5B26C52F0970E58D