ComboFix 09-06-26.02 - Stefano Soro 27/06/2009 11.09.48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1014.47 [GMT 2:00]
Eseguito da: c:\documents and settings\Stefano Soro\Documenti\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-05-27 al 2009-06-27 )))))))))))))))))))))))))))))))))))
.
2009-06-24 12:31 . 2009-06-24 12:31 -------- d-----w- c:\programmi\FLV Player
2009-06-24 12:16 . 2009-06-24 12:17 -------- d-----w- c:\documents and settings\Stefano Soro\.gimp-2.6
2009-06-24 12:16 . 2009-06-24 12:16 -------- d-----w- c:\documents and settings\Stefano Soro\.gegl-0.0
2009-06-24 12:15 . 2009-06-24 12:15 -------- d-----w- c:\programmi\GIMP-2.0
2009-06-22 11:25 . 2009-06-22 11:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OfficeRecovery
2009-06-22 11:24 . 2009-06-22 11:25 -------- d-----w- c:\programmi\OfficeRecovery
2009-06-22 11:11 . 2009-06-22 11:11 -------- d-----w- c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\PCHealth
2009-06-22 08:21 . 2009-06-22 08:21 -------- d-----w- c:\windows\LastGood
2009-06-21 15:32 . 2009-06-21 15:32 -------- d-----w- c:\programmi\Visual Productions
2009-06-20 14:38 . 2004-08-19 13:39 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-20 14:38 . 2004-08-19 13:30 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-20 14:37 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-19 09:21 . 2009-06-19 09:21 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\JPEGsnoop
2009-06-16 10:43 . 2009-06-16 10:48 -------- d-----w- c:\programmi\File comuni\Ahead
2009-06-15 12:42 . 2009-06-15 12:42 -------- d-----w- c:\programmi\TorrentFetcher
2009-06-15 12:30 . 2009-06-27 09:06 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Memopal
2009-06-15 12:29 . 2009-06-15 12:29 -------- d-----w- c:\programmi\Memopal
2009-06-15 09:06 . 2009-06-15 09:07 -------- d-----w- c:\programmi\Pygame 1.8 Documents and Examples
2009-06-14 16:01 . 2009-06-14 16:01 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Nero
2009-06-14 15:56 . 2009-06-16 10:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-06-14 15:56 . 2009-06-16 10:43 -------- d-----w- c:\programmi\Nero
2009-06-14 10:48 . 2009-02-05 20:06 23152 ------w- c:\windows\system32\drivers\aswRdr.sys
2009-06-14 10:48 . 2009-02-05 20:06 51376 ------w- c:\windows\system32\drivers\aswTdi.sys
2009-06-14 10:48 . 2009-02-05 20:05 26944 ------w- c:\windows\system32\drivers\aavmker4.sys
2009-06-14 10:48 . 2009-02-05 20:04 97480 ------w- c:\windows\system32\AvastSS.scr
2009-06-14 10:48 . 2009-02-05 20:08 93296 ------w- c:\windows\system32\drivers\aswmon.sys
2009-06-14 10:48 . 2009-02-05 20:08 94032 ------w- c:\windows\system32\drivers\aswmon2.sys
2009-06-14 10:48 . 2009-02-05 20:07 114768 ------w- c:\windows\system32\drivers\aswSP.sys
2009-06-14 10:48 . 2009-02-05 20:07 20560 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-14 10:48 . 2009-02-05 20:11 1256296 ------w- c:\windows\system32\aswBoot.exe
2009-06-14 10:47 . 2009-06-14 10:47 -------- d-----w- c:\programmi\Alwil Software
2009-06-11 14:44 . 2009-06-11 14:44 4096 ----a-w- c:\windows\d3dx.dat
2009-06-11 08:18 . 2009-06-11 08:18 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\TeamViewer
2009-06-09 12:12 . 2009-06-09 12:12 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\TeamViewer
2009-06-09 12:12 . 2009-06-09 12:19 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\TeamViewer
2009-06-09 12:12 . 2009-06-09 12:12 -------- d-----w- c:\programmi\TeamViewer
2009-06-09 12:10 . 2009-06-09 12:10 -------- d-----w- c:\documents and settings\Stefano Soro\temp
2009-06-09 09:29 . 2009-06-09 13:12 -------- d-----w- c:\programmi\UltraVNC
2009-06-09 08:03 . 2009-06-26 16:30 -------- d-----w- C:\BywifiShare
2009-06-09 08:03 . 2009-06-09 08:03 -------- d-----w- C:\BywifiSave
2009-06-09 08:03 . 2009-06-09 15:14 -------- d-----w- c:\programmi\Bywifi
2009-06-08 10:00 . 2009-06-08 10:00 -------- d-----w- c:\programmi\Safari
2009-06-07 16:46 . 2009-06-07 21:51 -------- d-----w- c:\programmi\Notepad++
2009-06-07 16:46 . 2009-06-07 16:49 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Notepad++
2009-06-04 14:11 . 2004-08-03 21:08 25600 ------w- c:\windows\system32\drivers\usbser.sys
2009-06-04 14:11 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-04 13:59 . 2009-06-04 14:11 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\PC Suite
2009-06-04 13:59 . 2009-06-04 14:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-06-04 13:58 . 2009-06-04 13:56 34396584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe
2009-06-04 13:57 . 2009-06-04 13:57 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-06-04 13:57 . 2009-06-04 13:57 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-04 13:57 . 2009-06-04 13:57 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-06-04 13:57 . 2009-06-04 13:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-02 11:01 . 2009-06-02 11:01 -------- d-----w- c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-06-02 10:36 . 2005-01-19 19:21 51200 ------w- c:\windows\system32\drivers\msdv.sys
2009-06-02 10:36 . 2004-08-03 21:10 38912 ------w- c:\windows\system32\drivers\avc.sys
2009-06-02 10:36 . 2004-08-03 21:10 48128 ------w- c:\windows\system32\drivers\61883.sys
2009-05-31 19:36 . 2009-05-31 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\3029F
2009-05-31 19:36 . 2009-06-02 12:53 -------- d-----w- c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\Lphant
2009-05-31 19:35 . 2009-05-31 19:35 -------- d-----w- c:\programmi\Lphant Applications
2009-05-31 07:06 . 2009-06-24 08:06 -------- d-----w- c:\programmi\SpeedFan
2009-05-30 14:17 . 2009-05-30 14:17 -------- d-----w- c:\programmi\vanBasco's Karaoke Player
2009-05-29 16:12 . 2009-05-29 16:12 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\IObit
2009-05-29 16:12 . 2009-05-29 16:12 -------- d-----w- c:\programmi\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 09:25 . 2009-04-07 12:37 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\BitTorrent
2009-06-27 08:34 . 2009-04-07 12:44 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-06-25 21:01 . 2009-04-07 16:26 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Skype
2009-06-25 08:19 . 2009-04-14 18:57 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\TeraCopy
2009-06-24 10:06 . 2009-05-01 20:25 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\FileZilla
2009-06-23 13:08 . 2009-04-08 11:43 69956 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-23 12:16 . 2009-04-08 07:40 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Ahead
2009-06-22 12:04 . 2009-04-07 12:03 99744 ----a-w- c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 11:09 . 2009-04-07 20:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-14 15:47 . 2001-08-31 15:00 70964 ----a-w- c:\windows\system32\perfc010.dat
2009-06-14 15:47 . 2001-08-31 15:00 440738 ----a-w- c:\windows\system32\perfh010.dat
2009-06-14 15:16 . 2009-04-22 17:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-06-09 10:46 . 2009-04-09 09:57 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\dvdcss
2009-06-08 10:35 . 2009-04-07 12:52 -------- d-----w- c:\programmi\DivX
2009-06-08 10:34 . 2009-04-07 12:52 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-06-06 07:43 . 2009-05-08 17:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VMware
2009-06-06 07:09 . 2009-05-25 15:27 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\VMware
2009-06-05 11:36 . 2009-04-07 12:33 -------- d-----w- c:\programmi\AVG
2009-06-04 14:42 . 2009-04-08 13:40 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-06-04 14:42 . 2009-04-08 13:40 -------- d-----w- c:\programmi\DVDVideoSoft
2009-06-04 14:11 . 2009-06-04 14:11 0 ------w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-04 14:11 . 2009-06-04 14:11 0 ------w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-04 14:00 . 2009-06-04 13:59 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Nokia
2009-06-04 13:59 . 2009-06-04 13:59 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-06-04 13:59 . 2009-06-04 13:59 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-04 13:59 . 2009-06-04 13:58 -------- d-----w- c:\programmi\Nokia
2009-06-04 13:58 . 2009-06-04 13:58 -------- d-----w- c:\programmi\DIFX
2009-06-04 13:58 . 2009-06-04 13:58 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-05-30 14:31 . 2009-04-09 12:15 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-05-30 12:33 . 2009-04-07 12:35 -------- d-----w- c:\programmi\MagicISO
2009-05-29 16:10 . 2009-04-07 19:38 -------- d-----w- c:\programmi\TuneUp Utilities 2009
2009-05-27 19:16 . 2009-05-27 19:16 -------- d-----w- c:\programmi\Google
2009-05-27 12:49 . 2009-05-27 12:49 -------- d-----w- c:\programmi\Brice Lambson
2009-05-26 05:44 . 2009-05-08 18:44 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\VMware
2009-05-25 18:57 . 2009-05-25 18:57 10134 ----a-r- c:\documents and settings\Stefano Soro\Dati applicazioni\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-05-25 18:57 . 2009-05-25 18:56 -------- d-----w- c:\programmi\File comuni\Logitech
2009-05-25 18:57 . 2009-05-25 18:57 10134 ----a-r- c:\documents and settings\Stefano Soro\Dati applicazioni\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-05-25 18:57 . 2009-05-25 18:57 -------- d-----w- c:\programmi\File comuni\Acer
2009-05-25 18:56 . 2009-05-25 18:56 -------- d-----w- c:\programmi\Acer
2009-05-25 16:11 . 2009-04-07 12:14 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-05-25 15:58 . 2009-05-06 19:08 -------- d-----w- c:\programmi\Smart PC Solutions
2009-05-25 15:58 . 2009-05-06 19:08 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Smart PC Solutions
2009-05-25 15:57 . 2009-05-21 12:37 -------- d-----w- c:\programmi\CPU Thermometer
2009-05-25 15:36 . 2009-05-25 15:36 -------- d-----w- c:\programmi\MSN Messenger
2009-05-25 15:15 . 2009-04-07 11:40 22980 ------w- c:\windows\system32\emptyregdb.dat
2009-05-25 15:15 . 2009-04-18 21:42 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-05-24 20:43 . 2009-05-24 20:43 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\Media Player Classic
2009-05-24 20:43 . 2009-05-24 20:43 -------- d-----w- c:\programmi\Real Alternative
2009-05-24 15:26 . 2009-05-24 15:26 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\InstallShield
2009-05-24 06:52 . 2009-05-24 06:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2009-05-14 19:10 . 2009-05-10 19:27 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\gtk-2.0
2009-05-12 19:47 . 2009-05-12 19:28 152576 ----a-w- c:\documents and settings\Stefano Soro\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-12 19:28 . 2009-05-12 19:28 410984 ------w- c:\windows\system32\deploytk.dll
2009-05-12 19:28 . 2009-05-12 19:28 -------- d-----w- c:\programmi\Java
2009-05-12 18:28 . 2009-05-12 18:27 -------- d-----w- c:\programmi\AoA Audio Extractor
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ipswitch
2009-05-11 14:54 . 2009-05-11 14:54 -------- d-----w- c:\programmi\Ipswitch
2009-05-10 20:18 . 2009-05-10 19:26 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\.purple
2009-05-10 20:12 . 2009-05-10 20:12 2087 ----a-w- c:\documents and settings\Stefano Soro\Dati applicazioni\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-05-10 19:41 . 2009-05-10 19:41 15240 ----a-w- c:\documents and settings\Stefano Soro\Dati applicazioni\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-05-10 19:27 . 2009-05-10 19:27 2099 ----a-w- c:\documents and settings\Stefano Soro\Dati applicazioni\.purple\certificates\x509\tls_peers\login.live.com
2009-05-10 19:25 . 2009-05-10 19:25 -------- d-----w- c:\programmi\File comuni\GTK
2009-05-08 17:37 . 2009-04-07 12:37 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\DNA
2009-05-03 14:07 . 2009-04-08 07:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-05-01 21:02 . 2009-05-01 21:02 823296 ------w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ------w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ------w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ------w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ------w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ------w- c:\windows\system32\DivX.dll
2009-05-01 20:25 . 2009-05-01 20:25 -------- d-----w- c:\programmi\FileZilla FTP Client
2009-05-01 20:19 . 2009-05-01 20:19 -------- d-----w- c:\documents and settings\Stefano Soro\Dati applicazioni\SmartFTP
2009-04-22 17:27 . 2009-04-22 17:27 29926 ----a-r- c:\documents and settings\Stefano Soro\Dati applicazioni\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2009-04-16 20:33 . 2009-04-16 20:28 68448 ----a-w- c:\documents and settings\MAC OS X\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-15 19:58 . 2009-04-15 19:58 69632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 4.28.17.0\SetupAdmin.exe
2009-04-09 09:11 . 2009-04-09 09:11 3532 ----a-w- C:\drmHeader.bin
2009-04-08 12:02 . 2009-04-07 11:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-07 20:10 . 2009-04-07 20:11 69722 ------w- c:\windows\system32\SynTPFcs.dll
2009-04-07 20:10 . 2009-04-07 20:11 94298 ------w- c:\windows\system32\SynTPAPI.dll
2009-04-07 20:10 . 2009-04-07 20:11 192672 ------w- c:\windows\system32\drivers\SynTP.sys
2009-04-07 20:10 . 2009-04-07 20:11 114688 ------w- c:\windows\system32\SynCtrl.dll
2009-04-07 20:10 . 2009-04-07 20:11 82013 ------w- c:\windows\system32\SynCOM.dll
2009-04-07 19:25 . 2009-04-15 16:57 100944 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2009-04-07 19:25 . 2009-04-15 16:56 79888 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-04-07 19:25 . 2009-04-15 16:56 87696 ------w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-04-07 19:25 . 2009-04-15 16:55 41424 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-04-07 19:25 . 2009-04-15 16:56 133648 ------w- c:\windows\system32\VBoxNetFltNotify.dll
2009-04-07 12:43 . 2009-04-07 12:43 0 ----a-w- c:\windows\nsreg.dat
2009-04-02 14:29 . 2009-04-02 14:29 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2007-01-03 10:48 . 2007-01-03 10:48 426733 --sh--r- c:\windows\system32\firefoxset.exe
.
------- Sigcheck -------
[-] 2007-01-03 10:51 296960 F959D929A6A22D78E3A6851A9361CE18 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bywifi"="c:\programmi\Bywifi\bywifi.exe" [2009-06-05 1048576]
"Memopal"="c:\programmi\Memopal\Memopal.exe" [2009-06-05 1435928]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Firefox Setup"="firefoxset.exe" - c:\windows\system32\firefoxset.exe [2007-01-03 426733]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-04-07 761946]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"bywifi"="c:\programmi\Bywifi\bywifi.exe" [2009-06-05 1048576]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-01-03 172032]
"Firefox Setup"="firefoxset.exe" - c:\windows\system32\firefoxset.exe [2007-01-03 426733]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Firefox Setup"="firefoxset.exe" - c:\windows\system32\firefoxset.exe [2007-01-03 426733]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-01-03 123904]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Lphant Applications\\Lphant\\Lphant.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bywifi\\bywifi.exe"=
"c:\\Programmi\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\firefoxset.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/06/2009 12.48.23 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15/04/2009 18.57.07 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15/04/2009 18.55.35 41424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/06/2009 12.48.23 20560]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [15/04/2009 18.56.20 87696]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15/04/2009 18.56.55 79888]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - ODSERV
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-706699826-1801674531-1003.job
- c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-07 12:53]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comuInternet Settings,ProxyOverride = local
TCP: {5EEA9351-2EBC-48AA-A3CB-D7ED873CD683} = 212.216.112.112,151.99.125.2
FF - ProfilePath - c:\documents and settings\Stefano Soro\Dati applicazioni\Mozilla\Firefox\Profiles\xdksy6vx.default\
FF - prefs.js: browser.startup.homepage -
hxxp://it.start2.mozilla.com/firefox?cl ... t:officialFF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Stefano Soro\Impostazioni locali\Dati applicazioni\Google\Update\1.2.145.5\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see
hxxp://www.mozilla.org/unix/customizing.html#prefs */
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url -
hxxp://localhost:9000/proxy.pac.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-27 11:24
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,fb,e3,b1,a2,33,
25,de,0d,2e,e8,e1,00,eb,16,2b,de,02,e7,13,87,4d,28,37,7e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,35,0c,d0,bd,a7,
b6,d0,73,46,47,15,b0,92,4b,c7,ef,e4,3c,61,e7,82,07,88,c8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ca,a7,ec,d0,0b,
8b,6d,ef,7a,45,05,fd,91,e8,6f,31,c8,61,f7,29,ca,5f,83,b2,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,f8,b3,14,a8,66,
a2,b6,83,6b,65,49,6a,7e,99,74,f7,1c,07,57,7f,86,2c,02,5d,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a9,f7,1f,8e,be,
25,4b,e6,e9,02,6c,fa,fb,1d,47,57,e5,f6,89,16,58,a7,c3,b7,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,80,e1,90,11,80,
da,77,f9,50,93,e5,ab,ec,6a,4e,ab,39,fa,19,90,a0,db,f6,ec,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,45,79,bd,92,1e,
fb,62,04,97,20,4e,9a,c7,f1,35,ee,bc,05,e3,f6,db,1b,17,84,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b0,08,b3,b5,9b,
35,79,d1,aa,52,c6,00,84,3c,26,64,8f,36,b0,3a,62,a8,e2,fd,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,93,0f,43,ce,df,
aa,8d,11,b2,46,9a,e2,1b,fe,1b,94,d5,cb,e9,0c,cf,ec,eb,8a,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,64,9a,a7,9e,55,
b7,7a,1e,37,a4,aa,c3,a6,15,56,0a,c3,51,78,5d,5e,25,f4,31,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,01,c0,d5,7b,cb,
60,71,f6,f8,31,0f,a9,5f,a0,ec,fb,0f,20,ca,b7,94,91,bd,3d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,69,e6,07,0e,b3,
da,05,19,05,73,21,dd,54,d8,4a,c5,cf,0f,c2,8e,4a,3a,cc,81,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\DNSAPI.dll
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\WLDAP32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
Ora fine scansione: 2009-06-27 11.29.00
ComboFix-quarantined-files.txt 2009-06-27 09:28
ComboFix2.txt 2009-04-13 14:57
Pre-Run: 13.767.426.048 byte disponibili
Post-Run: 16.477.569.024 byte disponibili
358