boFix 09-09-09.09 - Caterina 10/09/2009 20.24.27.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.1021.305 [GMT 2:00]
Eseguito da: c:\users\Caterina\Alessandro\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\8957c.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-08-10 al 2009-09-10 )))))))))))))))))))))))))))))))))))
.
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Caterina\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Xander\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Alessandro\AppData\Local\temp
2009-09-10 18:32 . 2009-09-10 18:32 -------- d-----w- c:\users\Alessandro.PC-Caterina\AppData\Local\temp
2009-09-10 08:43 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 08:43 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 08:43 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 08:43 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 08:41 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 08:41 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 08:41 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 08:41 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 08:41 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 08:41 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 08:41 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 08:41 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 08:41 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 08:41 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 08:13 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 21:47 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:46 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-18 15:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-18 15:33 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-18 15:33 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-18 15:32 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-18 15:32 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-18 15:32 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-18 15:32 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-18 15:32 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:07 . 2008-09-23 11:12 -------- d-----w- c:\programdata\NOS
2009-09-10 18:03 . 2007-04-28 17:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-10 11:59 . 2008-04-17 15:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 11:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 15:38 . 2007-03-28 14:35 -------- d-----w- c:\users\Caterina\AppData\Roaming\OpenOffice.org2
2009-08-23 15:37 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-08-23 15:37 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-07-26 09:06 . 2009-07-26 09:06 -------- d-----w- c:\programdata\Long slow road itch
2009-07-26 09:06 . 2009-07-26 09:06 -------- d-----w- c:\programdata\SETTINGS POP TIME
2009-07-26 09:05 . 2009-07-26 09:05 -------- d-----w- c:\program files\Circle Deveopement
2009-07-26 09:05 . 2007-03-27 22:31 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-07 14:44 . 2009-04-16 17:38 3061792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-15 15:24 . 2009-07-20 12:08 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-20 12:08 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-20 12:08 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-20 12:08 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=""
![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
"?????????"="??????????????e"
"Nurb Four"="c:\programdata\Great 16 16.ifiuisg" [X]
"ROAD ITCH AMOK PING"="c:\programdata\dvd setup mess.jjmjlu6" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 483328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 185896]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6007E185-6FA7-41DE-A4C1-87031D2460DA}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{0DB0F79B-ED8B-46F6-AE0D-BF96D6155FF9}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{1607A58E-78D1-4C2E-A494-E9A2C99B1BE3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EE4F3998-B944-45DB-95A5-D8468A2D9F07}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{54ED7752-78FE-4443-A188-A0E1358A5254}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{ACB059BE-42A9-4806-8DF2-F292AFB1E0A0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{FEC99AFD-EA8C-4A33-983C-A84F9BC44AF5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1A00FE06-2BDE-4A22-A6CA-D8AE623416FE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4DFBBA13-054F-4A99-A67E-5EAF4BF97200}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8BCC34C0-1817-4FC0-B600-339E4BC7C59C}"= UDP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{20FE6BAC-DCF0-421A-AED9-A8EEB5F13F29}"= TCP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{3B254BA5-FE7C-4F23-9C78-26916D420F85}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3BEC5129-630A-4016-B94D-BE7A7481F922}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{22CDFDE3-A95F-4385-BD62-A78F3F5C2CAE}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{FFE870A7-7543-4EDA-906F-D12589923917}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF9A50B2-8736-4B8C-87DE-FA813887B59E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B831175C-37BB-4A0A-B012-4E4464065CB3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{54C03F67-5E02-46F0-98DC-49EC9C35BD64}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CF523663-9134-4DFD-822D-1887E74C24DE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2F8096D-5992-407F-BA5A-FE707A211604}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [03/06/2008 11.23.34 179712]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\System32\drivers\lv321av.sys [23/09/2008 20.16.44 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 8.40.22 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [25/04/2007 14.32.42 31232]
S2 gupdate1c9b614e4c763e2;Servizio di Google Update (gupdate1c9b614e4c763e2);c:\program files\Google\Update\GoogleUpdate.exe [05/04/2009 19.35.19 133104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [03/06/2008 11.21.19 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {D2DB751E-59BD-413E-2ED0-00AE16C567E4} /qb
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]
2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]
2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{AA8F071B-9E8D-409B-AFBB-5AEA805622D0}.job
- c:\windows\system32\msfeedssync.exe [2009-05-12 11:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.libero.it/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page =
hxxp://it.intl.acer.yahoo.comuSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CE21037E-F121-4AFD-BCD8-FB9C566CBDC1} = 213.230.129.10 213.230.155.10
FF - ProfilePath - c:\users\Caterina\AppData\Roaming\Mozilla\Firefox\Profiles\k87vw8ev.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/ig?hl=itFF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-avgnt - c:\program files\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-RunOnce-Uninstall Adobe Download Manager - c:\users\Caterina\AppData\Local\Temp\nos_uninstall_Adobe.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-10 20:32
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\eNetHook.dll
.
Ora fine scansione: 2009-09-10 20.36.26
ComboFix-quarantined-files.txt 2009-09-10 18:36
Pre-Run: 23.001.849.856 byte disponibili
Post-Run: 22.900.359.168 byte disponibili
255 --- E O F --- 2009-09-10 18:10
Esegui 
da _Xander_ » gio set 10, 2009 12:28 pm 
