ComboFix 10-07-10.02 - utente1 13/07/2010 18.58.43.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.278 [GMT 2:00]
Eseguito da: c:\documents and settings\utente1\Documenti\Download\ComboFix.exe
.
((((((((((((((((((((((((( Files Creati Da 2010-06-13 al 2010-07-13 )))))))))))))))))))))))))))))))))))
.
2010-07-10 18:39 . 2010-07-10 18:39 398336 ----a-w- c:\windows\system32\CF26847.exe
2010-07-10 18:38 . 2010-07-10 19:02 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\UseNeXT
2010-07-10 18:38 . 2010-07-10 18:38 -------- d-----w- c:\programmi\UseNeXT
2010-07-10 18:38 . 2010-07-10 18:38 398336 ----a-w- c:\windows\system32\CF26726.exe
2010-07-10 18:22 . 2010-07-10 18:21 398336 ----a-w- c:\windows\system32\CF23415.exe
2010-07-10 18:21 . 2010-07-11 13:04 -------- d-----w- c:\documents and settings\utente1\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-07-10 18:21 . 2010-07-11 09:05 -------- d-----w- c:\programmi\Softonic-IT
2010-07-10 18:21 . 2010-03-18 18:48 52224 ----a-w- c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
2010-07-10 18:21 . 2010-03-18 18:48 101376 ----a-w- c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
2010-07-10 18:13 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\39466212.sys
2010-07-10 18:13 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\3946621.sys
2010-07-10 18:10 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\78615312.sys
2010-07-10 18:10 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7861531.sys
2010-07-10 17:35 . 2010-07-10 17:35 825 -c--a-w- C:\FindyKill_Upload_Me_SIRIO-82346D2A6.zip
2010-07-10 15:50 . 2010-07-13 16:54 -------- dc----w- C:\FyK
2010-07-10 13:20 . 2010-07-10 13:20 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\Malwarebytes
2010-07-10 13:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 13:20 . 2010-07-10 13:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-10 13:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 13:20 . 2010-07-10 13:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-10 09:49 . 2010-07-13 16:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-06-17 17:53 . 2010-07-11 13:02 -------- d-----w- c:\programmi\Mozilla Thunderbird
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 16:39 . 2007-01-26 09:06 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\OpenOffice.org2
2010-07-10 18:54 . 2009-09-20 18:34 90112 ----a-w- c:\windows\DUMP828d.tmp
2010-07-10 10:05 . 2007-01-31 17:58 -------- d-----w- c:\programmi\Alwil Software
2010-06-17 17:53 . 2009-04-04 12:43 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\Thunderbird
2010-06-02 06:47 . 2009-07-21 19:43 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\dvdcss
2010-05-25 18:45 . 2010-04-08 17:26 -------- d-----w- c:\programmi\Messenger_Plus_Live_Italy
2010-05-19 19:45 . 2009-03-30 18:36 -------- d-----w- c:\documents and settings\utente1\Dati applicazioni\TeamViewer
2010-05-19 19:45 . 2009-03-30 18:36 -------- d-----w- c:\programmi\TeamViewer
2010-05-06 10:32 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2006-03-02 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-03-17 07:24 . 2007-03-17 07:24 90340 -c--a-w- c:\programmi\Discovery_Networks.kml
2007-03-17 07:22 . 2007-03-17 07:22 389 -c--a-w- c:\programmi\3D_Warehouse_it.kmz
2007-03-05 18:15 . 2007-03-05 18:15 503448 -c--a-w- c:\programmi\signature995.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{08d495ab-a86c-47b0-82ef-da87bf92f730}"= "c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll" [2010-05-25 2515552]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSof1.dll" [2010-07-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
2010-05-25 18:45 2515552 ----a-w- c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-07-11 09:05 2515552 ----a-w- c:\programmi\Softonic-IT\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{08d495ab-a86c-47b0-82ef-da87bf92f730}"= "c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll" [2010-05-25 2515552]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSof1.dll" [2010-07-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{08D495AB-A86C-47B0-82EF-DA87BF92F730}"= "c:\programmi\Messenger_Plus_Live_Italy\tbMes1.dll" [2010-05-25 2515552]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\programmi\Softonic-IT\tbSof1.dll" [2010-07-11 2515552]
[HKEY_CLASSES_ROOT\clsid\{08d495ab-a86c-47b0-82ef-da87bf92f730}]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"Google Update"="c:\documents and settings\utente1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-02-01 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MaxMenuMgr"="c:\programmi\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="c:\programmi\Skype\Phone\IEPlugin\unins000.exe" [2007-03-23 674138]
c:\documents and settings\utente1\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.0.lnk - c:\programmi\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 19:15 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:tcp
"4672:UDP"= 4672:UDP:udp
"4772:UDP"= 4772:UDP:emule udp
R0 39466212;39466212 Boot Guard Driver;c:\windows\system32\drivers\39466212.sys [10/07/2010 20.13.09 37392]
R0 78615312;78615312 Boot Guard Driver;c:\windows\system32\drivers\78615312.sys [10/07/2010 20.10.49 37392]
S1 39466211;39466211;c:\windows\system32\DRIVERS\39466211.sys

c:\windows\system32\DRIVERS\39466211.sys
![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 78615311;78615311;c:\windows\system32\DRIVERS\78615311.sys

c:\windows\system32\DRIVERS\78615311.sys
![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S1 setup_9.0.0.722_10.07.2010_19-54drv;setup_9.0.0.722_10.07.2010_19-54drv;c:\windows\system32\drivers\3946621.sys [10/07/2010 20.13.09 315408]
S2 FreeAgentGoNext Service;Seagate Service;c:\programmi\Seagate\SeagateManager\Sync\FreeAgentService.exe [01/05/2009 15.35.54 181544]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [31/01/2010 17.22.13 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programmi\LogMeIn\x86\RaInfo.sys

c:\programmi\LogMeIn\x86\RaInfo.sys
![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys

c:\windows\system32\Drivers\SSPORT.sys
![Confuso [?]](http://www.megalab.it/forum/images/smilies/confused.gif)
S2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [03/06/2009 14.46.36 92008]
.
Contenuto della cartella 'Scheduled Tasks'
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-31 15:22]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-31 15:22]
2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-839522115-682003330-1004Core.job
- c:\documents and settings\utente1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-01 09:57]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-839522115-682003330-1004UA.job
- c:\documents and settings\utente1\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-01 09:57]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBRDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://go.microsoft.com/fwlink/?LinkId=69157FF - prefs.js: keyword.URL -
hxxp://search.live.com/results.aspx?mkt ... =MICI05&q=FF - component: c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{08d495ab-a86c-47b0-82ef-da87bf92f730}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\utente1\Dati applicazioni\Mozilla\Firefox\Profiles\s4jy9zxo.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\utente1\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-13 19:03
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2010-07-13 19:07:47
ComboFix-quarantined-files.txt 2010-07-13 17:07
ComboFix2.txt 2010-07-11 11:00
ComboFix3.txt 2010-07-10 21:00
ComboFix4.txt 2010-07-10 20:14
ComboFix5.txt 2010-07-13 16:58
Pre-Run: 42.392.702.976 byte disponibili
Post-Run: 42.520.776.704 byte disponibili
- - End Of File - - 93188163049A32A0DAFA7D166095E6C9