ComboFix 10-01-20.06 - Lucia 21/01/2010 18.11.38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3070.2694 [GMT 1:00]
Eseguito da: c:\documents and settings\Lucia\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\documents and settings\Lucia\Preferiti\Videos.url
c:\programmi\Java\jre6\bin\jucheck.exe
La copia infetta di c:\windows\system32\drivers\iaStor.sys è stata trovata e disinfettata
ipristinata copia da - Kitty ate it :p
.
((((((((((((((((((((((((( Files Creati Da 2009-12-21 al 2010-01-21 )))))))))))))))))))))))))))))))))))
.
2010-01-16 20:51 . 2010-01-16 20:51 41984 ----a-w- c:\windows\system32\xxupuykyz65.dll
2010-01-12 15:11 . 2010-01-12 15:11 -------- d-----w- c:\documents and settings\Lucia\Impostazioni locali\Dati applicazioni\In_The_Money_LLC
2010-01-12 15:11 . 2010-01-16 17:12 -------- d-----w- c:\documents and settings\Lucia\Impostazioni locali\Dati applicazioni\In The Money
2010-01-12 15:11 . 2010-01-12 15:11 -------- d-----w- c:\programmi\In The Money
2009-12-28 15:58 . 2009-12-28 15:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Boss Media
2009-12-28 15:57 . 2009-12-28 15:57 -------- d-----w- c:\documents and settings\Lucia\Impostazioni locali\Dati applicazioni\Boss Media
2009-12-28 15:57 . 2010-01-12 15:10 -------- d-----w- c:\programmi\Poker Club by Lottomatica
2009-12-25 19:48 . 2010-01-20 19:23 -------- d-----w- c:\programmi\PokerStars.IT
2009-12-23 18:55 . 2009-12-27 20:12 -------- d-----w- c:\documents and settings\Lucia\Impostazioni locali\Dati applicazioni\FullTiltPoker
2009-12-23 18:55 . 2010-01-12 19:15 -------- d-----w- c:\programmi\Full Tilt Poker
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 17:18 . 2008-07-28 19:23 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\Skype
2010-01-21 17:17 . 2008-07-16 11:11 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\skypePM
2010-01-19 16:40 . 2008-07-28 19:15 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\uTorrent
2010-01-19 15:32 . 2007-04-11 15:25 304920 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-12 15:11 . 2008-07-03 09:46 69680 ----a-w- c:\documents and settings\Lucia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-12 15:11 . 2001-08-31 11:00 69988 ----a-w- c:\windows\system32\perfc010.dat
2010-01-12 15:11 . 2001-08-31 11:00 437882 ----a-w- c:\windows\system32\perfh010.dat
2010-01-10 20:24 . 2009-10-29 11:44 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\Hamachi
2010-01-03 11:11 . 2009-03-15 10:13 -------- d-----w- c:\programmi\Metin2_Italiano
2009-12-10 13:47 . 2009-11-26 13:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-08 09:48 . 2009-12-08 09:48 -------- d-----w- c:\programmi\File comuni\Skype
2009-12-08 09:48 . 2009-12-08 09:48 -------- d-----r- c:\programmi\Skype
2009-12-08 09:48 . 2008-07-16 11:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-11-30 19:28 . 2009-11-30 19:28 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\Zeon
2009-11-30 19:28 . 2009-11-30 19:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zeon
2009-11-30 19:28 . 2009-11-30 19:28 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\ScanSoft
2009-11-29 14:58 . 2009-11-29 14:58 -------- d-----r- c:\documents and settings\Lucia\Dati applicazioni\Brother
2009-11-26 13:50 . 2009-11-26 13:50 -------- d-----w- c:\programmi\Avira
2009-11-26 13:50 . 2009-11-26 13:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-11-25 18:05 . 2009-11-25 18:05 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-11-25 18:05 . 2009-11-25 18:05 -------- d-----w- c:\programmi\Brother
2009-11-25 18:05 . 2008-06-14 11:31 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-25 18:05 . 2009-11-25 18:05 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\InstallShield
2009-11-25 18:04 . 2009-11-25 18:04 -------- d-----w- c:\programmi\Nuance
2009-11-25 18:04 . 2009-11-25 18:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-11-25 18:04 . 2009-11-25 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-11-25 18:03 . 2009-11-25 18:03 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-11-25 18:03 . 2008-06-14 11:31 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-11-25 18:03 . 2009-11-25 18:03 -------- d-----w- c:\programmi\ScanSoft
2009-11-25 18:02 . 2009-11-25 18:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Brother
2009-11-24 17:58 . 2009-11-24 14:25 -------- d-----w- c:\documents and settings\Lucia\Dati applicazioni\U3
2009-10-29 11:43 . 2009-10-29 11:43 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\programmi\P2P_Energy\tbP2P_.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-07-02 08:18 2215960 ----a-w- c:\programmi\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\programmi\P2P_Energy\tbP2P_.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\programmi\P2P_Energy\tbP2P_.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-28 202032]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-06 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\Lucia\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\America's Army\\System\\ArmyOps.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\JavaSoft\\JRE\\1.3.1_13\\bin\\javaw.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Lucia\\Desktop\\MIO SERVER\\mc.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\Lucia\\Desktop\\Server Tizzi\\mc.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Lucia\\Desktop\\Client ITA by Babau94\\mc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [26/11/2009 14.50.13 108289]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/06/2008 14.44.28 193840]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;c:\windows\system32\drivers\ADM8511.SYS [16/06/2008 11.50.46 20160]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16/07/2009 14.39.45 91472]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys

c:\windows\system32\DRIVERS\VBoxNetFlt.sys
![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
.
Contenuto della cartella 'Scheduled Tasks'
2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext =
hxxp://java.com/it/download/help/index.xmluInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: {A24D6F01-53EF-4C73-AED0-7461CF54A881} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Lucia\Dati applicazioni\Mozilla\Firefox\Profiles\1a4biqy1.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/firefox?client=fir ... t:officialFF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?FORM=IEFM1&q=.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-21 18:17
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Brother\ControlCenter3\brccMCtl.exe
c:\programmi\Brother\Brmfcmon\BrMfcmon.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\programmi\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-01-21 18:20:22 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-01-21 17:20
Pre-Run: 117.638.123.520 byte disponibili
Post-Run: 117.643.444.224 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4F9C8CC0C8F2BB9801E84B7DF9AA1FDA