ComboFix 09-09-29.04 - ermanno 30/09/2009 20.46.24.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.549 [GMT 2:00]
Eseguito da: c:\documents and settings\ermanno\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ermanno\Dati applicazioni\wiaserva.log
c:\windows\Installer\7d7697.msi
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32
((((((((((((((((((((((((( Files Creati Da 2009-08-28 al 2009-09-30 )))))))))))))))))))))))))))))))))))
.
2009-09-28 18:49 . 2009-09-28 18:49 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\ImgBurn
2009-09-28 18:48 . 2009-09-28 18:48 -------- d-----w- c:\programmi\ImgBurn
2009-09-28 16:19 . 2009-09-28 16:19 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-09-28 16:19 . 2009-09-28 16:19 -------- d-----w- c:\programmi\DVDVideoSoft
2009-09-17 11:33 . 2009-09-17 11:33 -------- d-----w- C:\Hotspot Shield
2009-09-17 11:32 . 2009-09-17 11:33 -------- d-----w- c:\programmi\Hotspot Shield
2009-09-16 16:05 . 2009-09-16 16:05 -------- d-----w- c:\programmi\StreamTorrent 1.0
2009-09-16 15:58 . 2009-09-16 15:58 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\StreamTorrent
2009-09-15 20:04 . 2009-09-15 20:04 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-11 15:43 . 2009-09-11 15:45 -------- d-----w- c:\programmi\Best MIDI to MP3
2009-09-09 20:25 . 2009-09-09 20:25 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\Music Recognition
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 18:36 . 2009-06-19 19:47 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\ZipGenius
2009-09-25 17:30 . 2009-07-01 15:50 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\uTorrent
2009-09-06 18:33 . 2009-06-22 20:12 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\Skype
2009-09-06 18:10 . 2009-06-22 20:14 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\skypePM
2009-08-30 09:20 . 2009-08-30 09:20 -------- d-----w- c:\documents and settings\ermanno\Dati applicazioni\Apple Computer
2009-08-30 09:20 . 2009-08-30 09:20 -------- d-----w- c:\programmi\iTunes
2009-08-30 09:20 . 2009-08-30 09:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-30 09:20 . 2009-08-30 09:20 -------- d-----w- c:\programmi\iPod
2009-08-30 09:20 . 2009-08-30 09:19 -------- d-----w- c:\programmi\File comuni\Apple
2009-08-30 09:20 . 2009-08-30 09:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-08-30 09:20 . 2009-08-30 09:20 -------- d-----w- c:\programmi\Bonjour
2009-08-30 09:20 . 2009-08-30 09:19 -------- d-----w- c:\programmi\QuickTime
2009-08-30 09:19 . 2009-08-30 09:19 -------- d-----w- c:\programmi\Apple Software Update
2009-08-30 09:19 . 2009-08-30 09:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-08-12 18:17 . 2009-06-20 13:17 -------- d-----w- c:\programmi\Band in a box
2009-07-09 10:16 . 2009-08-30 09:19 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-08-30 09:19 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-17 11:32 218160 ----a-w- c:\programmi\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-03-06 16858112]
"AdslTaskBar"="stmctrl.dll" - c:\windows\system32\stmctrl.dll [2003-03-27 151552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\ermanno\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Sopcast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Sopcast\\SopCast.exe"=
"c:\\Programmi\\StreamTorrent 1.0\\StreamTorrent.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/06/2009 9.41.23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/06/2009 9.41.23 20560]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [20/06/2009 10.07.57 37836]
R2 HssSrv;Hotspot Shield Routing Service;c:\programmi\Hotspot Shield\HssWPR\hsssrv.exe [15/09/2009 22.04.58 331824]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [19/06/2009 22.54.11 59466]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [15/09/2009 22.04.58 32768]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [19/06/2009 22.54.10 538925]
S3 HssTrayService;Hotspot Shield Tray Service;c:\programmi\Hotspot Shield\bin\HssTrayService.exe [15/09/2009 22.29.04 57640]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\ermanno\Dati applicazioni\Mozilla\Firefox\Profiles\08rmp1cy.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.corriere.it/FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-30 20:53
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1993962763-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFE3DD19-A219-A690-46E3-A3D9ACC98426}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaanlijlcohhkmaacg"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
"hagofofjgkhdgcek"=hex:6b,61,63,6b,63,64,6c,67,66,61,6c,6c,68,67,6b,6e,62,65,
69,6e,6b,6f,00,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Hotspot Shield\bin\openvpnas.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-30 20.55.34 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-30 18:55
Pre-Run: 123.687.215.104 byte disponibili
Post-Run: 124.306.460.672 byte disponibili
158