ComboFix 11-03-04.06 - Utente 05/03/2011 16.49.53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.255.145 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Opera\Opera\temporary_downloads\ComboFix.exe
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Utente\Dati applicazioni\PriceGong
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\1.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\a.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\b.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\c.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\d.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\e.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\f.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\g.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\h.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\i.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\J.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\k.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\l.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\m.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\mru.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\n.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\o.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\p.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\q.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\r.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\s.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\t.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\u.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\v.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\w.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\x.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\y.xml
c:\documents and settings\Utente\Dati applicazioni\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-05 al 2011-03-05 )))))))))))))))))))))))))))))))))))
.
.
2011-03-05 01:54 . 2011-03-05 01:55 -------- d-----w- c:\programmi\Glary Utilities
2011-03-05 01:29 . 2011-03-05 01:29 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Opera
2011-03-05 01:28 . 2011-03-05 01:29 -------- d-----w- c:\programmi\Opera
2011-03-04 23:01 . 2011-03-04 23:16 -------- d-----w- c:\programmi\Hide Your IP Address
2011-03-04 04:28 . 2011-03-04 04:29 -------- d-----w- c:\programmi\Ask.com
2011-03-04 04:25 . 2011-03-04 04:48 -------- d-----w- c:\programmi\FreeHideIP
2011-03-02 12:11 . 2008-03-13 21:27 41088 ----a-r- c:\windows\system32\drivers\MOSUMAC.SYS
2011-03-01 04:48 . 2011-03-01 04:48 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\AVSoftware
2011-03-01 04:41 . 2011-02-28 22:55 303240 ----a-w- c:\windows\system32\AVLib.dll
2011-03-01 04:39 . 2011-03-01 04:39 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{1E32E3B5-4057-437A-89C0-748BD3766F81}
2011-03-01 04:34 . 2011-03-01 04:34 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PackageAware
2011-03-01 03:48 . 2011-03-01 03:48 -------- d-----w- c:\programmi\AnalogX
2011-02-25 02:09 . 2011-03-02 04:59 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\IObit
2011-02-23 04:27 . 2011-02-23 04:30 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\JonDo
2011-02-23 01:57 . 2011-02-23 01:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-20 20:50 . 2010-12-03 19:54 555696 ----a-w- c:\programmi\Mozilla Firefox\uninstall\helper.exe
2011-02-19 08:35 . 2011-02-19 08:35 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\K-Meleon
2011-02-19 08:34 . 2011-02-19 08:36 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\K-Meleon
2011-02-19 08:32 . 2011-02-21 19:24 -------- d-----w- c:\programmi\K-Meleon
2011-02-19 06:30 . 2011-02-19 06:30 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2011-02-19 06:29 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 06:29 . 2011-02-19 06:29 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-02-19 06:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 06:28 . 2011-02-19 06:30 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-02-19 05:45 . 2011-02-19 05:45 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2011-02-19 05:44 . 2011-02-19 05:44 -------- d-----w- c:\programmi\IObit
2011-02-18 19:51 . 2011-02-19 00:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FreeFixer
2011-02-18 19:51 . 2011-02-18 19:51 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\FreeFixer
2011-02-18 19:48 . 2011-02-19 05:07 -------- d-----w- c:\programmi\FreeFixer
2011-02-14 01:16 . 2011-02-14 01:18 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Temp
2011-02-14 01:15 . 2011-02-14 01:20 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google
2011-02-14 00:29 . 2011-02-14 00:29 -------- d-----w- c:\programmi\VS Revo Group
2011-02-13 15:59 . 2011-02-15 02:19 26624 ----a-w- c:\windows\system32\dll.dll
2011-02-13 15:58 . 2011-02-15 05:28 296574 ----a-w- c:\windows\system32\shimg.dll
2011-02-13 11:26 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-02-13 02:39 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-02-13 02:39 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-02-13 02:39 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-02-13 02:32 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-02-13 02:32 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2011-02-13 02:17 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-12 19:47 . 2011-02-12 19:47 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\TuneUp Software
2011-02-12 19:43 . 2011-02-12 23:56 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2011-02-12 19:40 . 2011-02-12 19:40 -------- dcsh--w- c:\documents and settings\All Users\Dati applicazioni\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-02-12 02:58 . 2010-12-09 15:14 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-12 02:57 . 2010-12-09 15:14 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-11 07:32 . 2011-02-11 17:08 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-02-06 23:37 . 2011-02-06 23:37 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\abelhadigital.com
2011-02-06 23:37 . 2011-02-06 23:37 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\abelhadigital.com
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-04-13 17:13 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-13 17:11 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-13 16:50 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-13 17:13 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2008-04-13 17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:53 . 2008-04-13 17:13 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2008-04-13 17:13 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 16:50 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-13 17:13 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-13 17:13 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 15:19 2402512 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 17:14 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-13 17:14 172032 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:11 3872080 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Utente\\Documenti\\Download\\pdf_converter.exe"=
"c:\\Documents and Settings\\Utente\\Desktop\\Hide The IP\\HideTheIP.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3957:TCP"= 3957:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [02/03/2011 13.11.22 41088]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [08/09/2010 23.25.19 164352]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys
c:\windows\system32\DRIVERS\Rts516xIR.sys
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-05 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-03-05 10:28]
.
2011-03-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://it.ask.com?o=102876&l=dis&gct=hpIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Utente\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
LSP: c:\windows\system32\AVLib.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\nmzv559c.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
hxxp://it.ask.com?o=102876&l=dis&gct=hpFF - prefs.js: keyword.URL -
hxxp://websearch.ask.com/redirect?clien ... YYYYYIT&q=FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 81
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 81
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 81
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free Hide IP:
support@free-hideip.com - %profile%\extensions\support@free-hideip.com
FF - Ext: Ask Toolbar:
toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
URLSearchHooks-{09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-05 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\AVLib.dll
.
Ora fine scansione: 2011-03-05 17:08:21
ComboFix-quarantined-files.txt 2011-03-05 16:08
.
Pre-Run: 2.497.867.776 byte disponibili
Post-Run: 2.545.467.392 byte disponibili
.
- - End Of File - - 1C846CCF800E1959E7A0E1BFF53F3AA5