ComboFix 10-12-04.01 - danarzu 05/12/2010 11.46.39.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2523 [GMT 1:00]
Eseguito da: c:\documents and settings\danarzu\Desktop\pippo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {0012F2B4-5CE9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012F2B4-55F9-7C92-0300-000100000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012F2B4-5AF1-7C92-0300-000100000000}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2010-11-05 al 2010-12-05 )))))))))))))))))))))))))))))))))))
.
2010-12-04 17:37 . 2010-12-04 17:37 -------- d-----w- c:\documents and settings\danarzu\Impostazioni locali\Dati applicazioni\Ahead
2010-12-04 16:28 . 2010-12-04 16:28 -------- d-----w- c:\programmi\File comuni\Adobe
2010-12-04 16:07 . 2010-12-04 16:07 388096 ----a-r- c:\documents and settings\danarzu\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-02 06:28 . 2010-12-02 06:28 -------- d-----w- c:\programmi\Trend Micro
2010-11-25 21:07 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-25 21:07 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-25 21:06 . 2010-11-25 21:06 -------- d-----w- c:\programmi\iPod
2010-11-25 21:06 . 2010-11-25 21:06 -------- d-----w- c:\programmi\iTunes
2010-11-25 21:06 . 2010-11-25 21:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-25 21:06 . 2010-11-25 21:06 -------- d-----w- c:\programmi\Apple Software Update
2010-11-25 19:50 . 2010-11-25 19:50 -------- d-----w- c:\documents and settings\danarzu\Dati applicazioni\Apple Computer
2010-11-17 14:38 . 2010-11-17 14:38 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2010-11-16 12:04 . 2009-04-07 20:25 87696 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-16 12:04 . 2009-04-07 20:25 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-11-15 14:48 . 2010-11-15 14:48 -------- d-----w- c:\documents and settings\danarzu\Impostazioni locali\Dati applicazioni\Apple
2010-11-15 14:48 . 2010-11-15 14:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-11-15 14:48 . 2010-11-15 14:48 -------- d-----w- c:\documents and settings\danarzu\Impostazioni locali\Dati applicazioni\Apple Computer
2010-11-11 13:24 . 2010-11-11 13:24 -------- d-----w- c:\windows\SMSC
2010-11-11 13:02 . 2004-09-07 19:00 36096 ----a-w- c:\windows\system32\drivers\SET56.tmp
2010-11-11 13:01 . 2008-04-13 18:13 76800 ----a-w- c:\windows\system32\usbui.dll
2010-11-11 13:01 . 2008-04-13 18:13 76800 ----a-w- c:\windows\system32\dllcache\usbui.dll
2010-11-11 13:01 . 2004-09-07 19:00 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-11 13:01 . 2004-09-07 19:00 57600 ----a-w- c:\windows\system32\dllcache\usbhub.sys
2010-11-11 13:01 . 2004-09-07 19:00 20480 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-11-11 13:01 . 2004-09-07 19:00 20480 ----a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-11-11 13:01 . 2004-09-07 19:00 142976 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-11 13:01 . 2004-09-07 19:00 142976 ----a-w- c:\windows\system32\dllcache\usbport.sys
2010-11-11 13:01 . 2010-03-02 15:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-11-11 12:57 . 2010-11-11 12:57 -------- d-----w- C:\Intel
2010-11-11 12:57 . 2004-02-13 12:49 356352 ----a-w- c:\windows\system32\EMCRI.dll
2010-11-11 12:56 . 2010-11-11 12:56 -------- d-----w- C:\ENE PCMCIA.temp
2010-11-06 17:33 . 2010-11-06 17:33 -------- d-----w- c:\documents and settings\danarzu\Dati applicazioni\Easeware
2010-11-06 17:32 . 2010-11-06 17:32 -------- d-----w- c:\programmi\Easeware
2010-11-06 06:26 . 2010-11-06 06:26 -------- d-----w- c:\programmi\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 14:36 . 2010-11-02 14:36 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2010-11-02 14:36 . 2010-11-02 14:36 249856 ----a-w- c:\windows\system32\pdfmona.dll
2010-10-30 12:15 . 2010-10-30 12:15 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-30 10:15 . 2010-10-30 10:15 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-10-30 09:57 . 2004-09-27 16:15 971 ----a-w- c:\windows\CLEANUP.CMD
2010-10-30 09:57 . 2004-09-21 13:28 8 ----a-w- c:\windows\HotFix.bat
2010-10-05 17:11 . 2010-10-30 15:31 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-10-05 17:11 . 2010-10-30 15:31 359016 ----a-w- c:\windows\vncutil.exe
2010-10-05 17:11 . 2010-10-30 15:31 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-10-05 17:11 . 2010-10-30 15:31 1833576 ----a-w- c:\windows\SkyTel.exe
2010-10-05 17:11 . 2010-10-30 15:31 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-10-05 17:11 . 2010-10-30 15:31 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-10-05 17:11 . 2010-10-30 15:31 6164584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-10-05 17:11 . 2010-10-30 15:31 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-10-05 17:11 . 2010-10-30 15:31 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-10-05 17:11 . 2010-10-30 15:31 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-10-05 17:10 . 2010-10-30 15:31 2180712 ----a-w- c:\windows\MicCal.exe
2010-10-05 17:10 . 2010-10-30 15:31 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-10-05 17:10 . 2010-10-30 15:31 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-10-05 17:10 . 2010-10-30 15:31 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-09-29 12:11 . 2010-10-30 15:31 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 11:23 . 2004-09-07 19:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 2004-09-07 19:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 2004-09-07 19:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 2004-09-07 19:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:33 . 2006-01-09 18:59 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:33 . 2004-09-07 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:33 . 2004-09-07 19:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:33 . 2004-09-07 19:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 2004-09-07 19:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\danarzu\Menu Avvio\Programmi\Esecuzione automatica\
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-10-31 142336]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Cisco Systems VPN Client.lnk - c:\programmi\Cisco Systems\VPN Client\vpngui.exe [2010-10-31 1421328]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\IDM Computer Solutions\\UltraEdit\\Uedit32.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/10/2010 13.15.47 717296]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [30/10/2010 19.30.15 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [30/10/2010 19.29.31 41424]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30/10/2010 19.30.14 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16/11/2010 13.04.43 87696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/10/2010 16.31.26 1691480]
.
Contenuto della cartella 'Scheduled Tasks'
2010-11-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\programmi\Easeware\DriverEasy\DriverEasy.exe [2010-11-06 19:29]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext =
hxxp://it.intl.acer.yahoo.com/uSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\danarzu\Dati applicazioni\Mozilla\Firefox\Profiles\w8qwsb5a.default\
FF - plugin: c:\programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPJPI142_06.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_06\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPJava131_11.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npoji600.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - c:\documents and settings\danarzu\Dati applicazioni\Mozilla\Firefox\Profiles\w8qwsb5a.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\danarzu\Dati applicazioni\Mozilla\Firefox\Profiles\w8qwsb5a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - c:\documents and settings\danarzu\Dati applicazioni\Mozilla\Firefox\Profiles\w8qwsb5a.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Extension: TubeStop:
tubestop@efinke.com - c:\documents and settings\danarzu\Dati applicazioni\Mozilla\Firefox\Profiles\w8qwsb5a.default\extensions\tubestop@efinke.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-05 11:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\programmi\Avira\AntiVir Desktop\avshadow.exe
c:\programmi\Cisco Systems\VPN Client\cvpnd.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\oracle\bin\omtsreco.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\danarzu\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-05 11:56:23 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-05 10:56
Pre-Run: 3.846.045.696 byte disponibili
Post-Run: 3.866.591.232 byte disponibili
- - End Of File - - A25CD05ABD2B263DF117E4DE10C26118