ComboFix 12-07-04.04 - x 05/07/2012 1.21.25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1623 [GMT 2:00]
Eseguito da: c:\documents and settings\x\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5AF1-7C92-0300-000000000000}
AV: Avira Desktop *Disabled/Updated* {00000000-0715-0000-08F2-12001494807C}
AV: Avira Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\ANTONIO\GaugeSound.dll
c:\documents and settings\x\Dati applicazioni\Toolbar4
c:\documents and settings\x\WINDOWS
C:\install.exe
c:\windows\IsUn0410.exe
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05EFED.dll
c:\windows\system32\FE05F051.dll
c:\windows\system32\FE05F3D5.dll
c:\windows\system32\SETC76.tmp
c:\windows\system32\SETC78.tmp
c:\windows\system32\SETC7C.tmp
c:\windows\system32\SETC84.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EPSONSTATUSAGENT2
-------\Service_EPSONStatusAgent2
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-04 al 2012-07-04 )))))))))))))))))))))))))))))))))))
.
.
2012-07-01 18:00 . 2012-07-01 18:04 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\documents and settings\x\Dati applicazioni\Avira
2012-07-01 17:27 . 2012-02-03 13:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-01 17:27 . 2012-02-03 13:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-01 17:27 . 2012-02-03 13:26 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-01 17:27 . 2012-07-01 17:27 -------- d-----w- c:\programmi\Avira
2012-07-01 17:27 . 2012-07-01 17:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-06-29 23:08 . 2012-06-29 23:08 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\ESET
2012-06-29 22:52 . 2012-06-29 22:52 -------- d-----w- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\ESET
2012-06-29 22:34 . 2012-06-29 22:34 -------- d-----w- c:\programmi\ESET
2012-06-29 22:34 . 2012-06-29 22:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2012-06-29 20:18 . 2012-06-29 20:18 -------- d-----w- c:\documents and settings\x\Dati applicazioni\Panda Security
2012-06-29 20:15 . 2012-06-29 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2012-06-29 20:14 . 2012-06-29 20:14 -------- d-----w- C:\temp
2012-06-26 07:11 . 2004-11-14 08:30 40960 ----a-w- c:\programmi\Microsoft Games\Flight Simulator 9\GaugeSound.dll
2012-06-10 21:19 . 2012-06-10 14:44 350208 ----a-w- c:\programmi\Microsoft Games\Flight Simulator 9\d3drm.dll
2012-06-10 21:18 . 2012-06-10 21:18 -------- d-----w- c:\programmi\Abacus
2012-06-08 19:55 . 2012-06-08 19:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2012-06-08 19:48 . 2004-01-29 08:45 73728 ----a-r- c:\windows\system32\nvrszht.dll
2012-06-08 19:48 . 2004-01-29 08:45 139264 ----a-r- c:\windows\system32\nvwrszht.dll
2012-06-08 19:48 . 2004-01-29 08:45 135168 ----a-r- c:\windows\system32\nvwrszhc.dll
2012-06-08 19:48 . 2004-01-29 08:45 249856 ----a-r- c:\windows\system32\nvwrstr.dll
2012-06-08 19:48 . 2004-01-29 08:45 151552 ----a-r- c:\windows\system32\nvrstr.dll
2012-06-08 19:48 . 2004-01-29 08:45 147456 ----a-r- c:\windows\system32\nvrszhc.dll
2012-06-08 19:43 . 2004-01-29 08:45 1880320 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2012-06-08 19:43 . 2004-01-29 08:45 1880320 ----a-r- c:\windows\system32\drivers\nv4_mini.sys
2012-06-08 19:40 . 2004-01-29 08:45 4163968 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-06-08 19:40 . 2004-01-29 08:45 4163968 ----a-r- c:\windows\system32\nv4_disp.dll
2012-06-06 18:59 . 2012-06-06 18:59 770384 ----a-w- c:\programmi\Mozilla Firefox\msvcr100.dll
2012-06-06 18:59 . 2012-06-06 18:59 421200 ----a-w- c:\programmi\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 12:05 . 2008-04-04 19:03 737280 ----a-w- c:\windows\iun6002.exe
2012-07-04 10:15 . 2010-11-04 14:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-07-01 08:50 . 2011-07-20 07:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-30 21:13 . 2012-03-31 08:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 21:13 . 2011-06-15 22:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 12:55 . 2012-04-08 12:55 1273541 ----a-w- c:\windows\Reggio Calabria Scenery Uninstaller.exe
2012-06-17 09:43 . 2012-01-06 00:12 85472 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-01-29 2899968]
"nwiz"="nwiz.exe" [2004-01-29 782336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-01-29 46080]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Exif Launcher.lnk]
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
backup=c:\windows\pss\C6 Messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Avvio^Programmi^Esecuzione automatica^setup_9.0.0.722_07.04.2011_14-39.lnk]
backup=c:\windows\pss\setup_9.0.0.722_07.04.2011_14-39.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-02-03 13:26 258512 ----a-w- c:\programmi\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-04-06 19:40 137536 ----atw- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
2010-07-12 06:52 548864 ----a-w- c:\programmi\Greenshot\Greenshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-10-28 15:00 6440042 ----a-w- c:\programmi\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\programmi\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\ZebraNetworkSystems\\NeoRouter\\NRService.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programmi\\ZebraNetworkSystems\\NeoRouter\\NRClient.exe"=
"c:\\Documents and Settings\\x\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 22215762;22215762 Boot Guard Driver;c:\windows\system32\drivers\22215762.sys [07/04/2011 16.52.17 37392]
R1 22215761;22215761;c:\windows\system32\drivers\22215761.sys [07/04/2011 16.52.17 128016]
R1 68288221;68288221;c:\windows\system32\drivers\68288221.sys [07/04/2011 16.59.47 128016]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [01/07/2012 19.27.46 36000]
R1 setup_9.0.0.722_07.04.2011_14-39drv;setup_9.0.0.722_07.04.2011_14-39drv;c:\windows\system32\drivers\6828822.sys [07/04/2011 16.59.47 315408]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [01/07/2012 19.27.48 86224]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [24/12/2008 20.31.34 8192]
R2 NRClientService;NeoRouter Client Service;c:\programmi\ZebraNetworkSystems\NeoRouter\NRService.exe [17/07/2011 21.51.48 1952328]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [31/07/2011 11.33.49 114432]
R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [28/08/2005 22.04.04 44032]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [09/01/2008 23.29.23 267136]
S0 68288222;68288222 Boot Guard Driver;c:\windows\system32\DRIVERS\68288222.sys
c:\windows\system32\DRIVERS\68288222.sys
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 10.21.47 250056]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [31/07/2011 11.33.49 100736]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [24/09/2010 17.59.53 105344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 17.14.47 113120]
S3 nrtap;NeoRouter Virtual Network Interface;c:\windows\system32\drivers\nrtap.sys [01/09/2009 21.06.02 24576]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programmi\IObit\Game Booster 3\Driver\WinRing0.sys [17/05/2012 10.00.02 14416]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:13]
.
2012-06-11 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\programmi\Easeware\DriverEasy\DriverEasy.exe [2011-09-10 17:20]
.
2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2052111302-1326574676-839522115-1003Core.job
- c:\documents and settings\x\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-04-06 19:40]
.
2012-05-17 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\programmi\IObit\Game Booster 3\AutoUpdate.exe [2011-09-29 15:57]
.
2012-06-23 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2011-04-09 07:43]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
TCP: DhcpNameServer = 212.52.97.25 193.70.152.25
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\x\Dati applicazioni\Mozilla\Firefox\Profiles\nqudbkr0.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/firefox?client=fir ... t:officialFF - prefs.js: keyword.URL -
hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-L&H Power Translator Pro 7.0 - c:\windows\ISUN0410.EXE
AddRemove-SiS7012 - c:\programmi\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-07-05 01:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="8626C700E238A2AC6188461307A47FB4D4C4A6C6BF005801A66FDF08573ED11B52D7D3D36DA52E83FD99880B19E973C240C534C055DE5C8FC117A1B042B020FC9A3CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74C5D575E7D6A3B98088C4FBD69F09BEFF04F4B2145162C4D07EDF48AFDA971DD23729E2B6FB7DDFB90E0FDA67E4BBB17301411C85032579AB9691FA11E1349A798413DDF94CEC31C4B45EAFEBCB8F5EDDF09BDCF001903D175751BC0B2007C3257078183B86F7C7A205565FB2948C3AE727619FE1A14ED523DA6C8656319B2A214C4866C04BC3AA19421DFE48FB87E665F1A0F322B223CCD1906AEA01B38F9710771897F658F14EC33AAF113FD81E576A0A12FDA81F477CC9490F3170B6DC2E8EDF56CB50E75848C08E9D678C4CC9E1534332E7BB0F48C28BF366683277DE32A0831B49EF1AC6987A5486B167C76AECC9E65632D10BAC9102D5D7731A75D16A71B748DDCCA2D05B4A2263584FC90827A64C34A9C3A16E507F5DE3A0388BAF7AAEF86C426951C7EC216D658EEE4E168D0924F05098D097863B587E9ED0A75884DD1214AC31458DFB0A01FA29498E11555B57C54C8304AFBCF0B9761F9AF9F2E8013F135154BF09754E0BC80473CBF9F60E0B2A1C185C3D34B19C423C6C201B208861CC08D832B78D400DD8671B9DB81A0AB4DF9713C94432A0A3953034F95437A86B4C8B14A00B731A424EA0B40CC1D98309D0B68BF8FF11086113BF5240D7244EE45D01BF11B70B87DA80925425B341E8C67AA4AC6BAEB7AC05CC578574AB327A04DFCFA0DDC2211BDF4DEE274056ED8E4E1CFCEC651A337EAA107774064E134803E1990F7DA2DB2180990FAD07C57C9DDB99543F9416D68BCD832737A29395376FC92B4CCDC59E9C75763B998A45E40A30FBD8862AC7F0672EF200465955C42EF657ACF6F5F51D80B47C3FCC91A56E2E375AA90BFE977D9CBC64F50A75ECF8F5C43075F039321F1A3B2BF392E29F72B527465661C8555048B34DD16A76B7C1F32DB92F8715D3E00546A8AF44DD2DCE6250A192540BBFDF5F8FE922712D7B12868E11AC0E755FD1FEAB0FACC764D05B8962495FB3D01BA7662E555E757721FB77C02C0F0D7481A4032BB0D6DBB01D59566A84F306579B5A0951935D22ABE5BABEE584BD775B531A87D385D9CF30D9347556E5D1A4F8102E3E4BDDF7484F5DE3AC4F724583B54C56FA04431B1B742EBEB2C417DA657281182AA6D2DEDA182076986E55968E48ABE82F5726D1566A56CF4B3610D551CADBD9340B414F481041695401D9D91F4F5E523DCCA9E4921F10B28BB8391B9808AC2800714B2D1E94E306E048CC4F230E6696535C7F1604F931D20164F33FC2C6842"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSIT.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-05 01:40:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-04 23:40
.
Pre-Run: 41.521.115.136 byte disponibili
Post-Run: 41.493.495.808 byte disponibili
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EB1319C6B0B1FB66AD4897D87CDBBCA5
Esegui ![[nonono]](http://www.megalab.it/forum/images/smilies/Nonsonodaccordo.gif "Non sono d'accordo!")
da popmart68 » mer lug 04, 2012 10:19 am 
![[B)]](http://www.megalab.it/forum/images/smilies/bash.gif "Martellate")
![[brindisi]](http://www.megalab.it/forum/images/smilies/cheers.gif "Brindisi")
![[V]](http://www.megalab.it/forum/images/smilies/sad.gif "Triste")