Moderatori: m.paolo, kadosh, Luke57
ComboFix 09-07-29.04 - Salvini 30/07/2009 19.12.53.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.684 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvini\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-30 )))))))))))))))))))))))))))))))))))
.
2009-07-16 17:27 . 2009-07-16 17:27 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2009-07-16 16:56 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-16 16:56 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 16:56 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-16 16:56 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\programmi\Avira
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-10 19:14 . 2009-07-10 19:13 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-10 19:13 . 2009-07-10 19:14 -------- d-----w- c:\documents and settings\Salvini\.housecall6.6
2009-07-10 12:31 . 2009-07-10 18:39 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-10 12:31 . 2009-07-10 18:42 -------- d-----w- c:\programmi\PC Tools AntiVirus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 17:16 . 2009-01-29 13:52 9750560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-30 10:47 . 2009-01-29 13:52 116492 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-29 20:40 . 2007-03-12 13:25 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-07-24 15:39 . 2009-07-24 15:39 1705472 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-16 18:19 . 2009-02-13 10:15 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-16 18:17 . 2006-09-14 14:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-16 17:18 . 2009-04-02 12:40 3775176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 11:36 . 2009-02-13 10:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-02-13 10:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:44 . 2009-07-10 12:45 3201024 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-08 18:27 . 2009-06-20 10:21 314712 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-08 18:27 . 2009-06-20 10:21 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-08 18:27 . 2009-06-20 10:21 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-08 18:27 . 2009-06-20 10:21 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-08 18:27 . 2009-06-20 10:21 298336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-08 18:27 . 2009-06-09 17:41 84832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-08 18:27 . 2009-06-20 10:21 1630560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-08 18:25 . 2009-06-04 21:49 246128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-08 18:25 . 2009-06-04 21:49 40288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-08 18:25 . 2009-06-20 10:21 85352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-08 18:25 . 2009-06-20 10:21 664424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-08 18:25 . 2009-06-20 10:21 563064 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-08 18:22 . 2009-06-20 10:21 566632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-08 18:22 . 2009-06-20 10:21 2353480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 18:22 . 2009-06-20 10:21 629072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-08 18:21 . 2009-06-20 10:21 520024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-08 18:20 . 2009-06-20 10:21 1029456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 16:49 . 2004-08-19 13:39 669184 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-19 13:39 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 09:58 . 2009-06-26 09:56 1878984 ----a-w- c:\documents and settings\Salvini\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-26 09:50 . 2006-03-27 15:17 45080 -c--a-w- c:\documents and settings\Salvini\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 12:41 . 2008-10-28 20:46 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\dvdcss
2009-06-16 14:36 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-31 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 17:41 . 2009-06-09 17:41 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 17:41 . 2009-01-29 23:03 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\programmi\Philips
2009-06-06 17:16 . 2006-03-27 15:24 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\InstallShield
2009-06-03 19:09 . 2004-08-19 13:39 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 23:23 . 2009-05-22 23:23 1587712 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-05-07 15:32 . 2004-08-19 13:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 10:07 . 2009-05-04 10:07 2207858 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-24 11:53 . 2008-09-01 14:54 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-24 13:53 . 2006-03-30 14:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
2007-03-11 15:31 . 2005-01-26 17:02 49152 c:\programmi\Brother\Brmfl05a\bak\BrStDvPt.exe
2007-07-04 12:31 . 2005-01-26 16:02 49152 c:\programmi\Brother\Brmfl05a\BrStDvPt.exe
2007-03-11 15:31 . 2005-05-17 16:42 933888 c:\programmi\Brother\ControlCenter2\bak\brctrcen.exe
2007-07-04 12:31 . 2005-05-17 15:42 933888 c:\programmi\Brother\ControlCenter2\brctrcen.exe
2004-12-09 10:14 . 2004-12-09 10:14 1068032 c:\programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
2003-10-14 09:22 . 2003-10-14 09:22 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
2003-10-14 08:22 . 2003-10-14 08:22 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
2007-02-23 13:37 . 2007-03-14 14:18 411648 c:\programmi\Grisoft\AVG Free\bak\avgcc.exe
2007-03-07 20:26 . 2006-12-15 02:23 75520 c:\programmi\Java\jre1.5.0_11\bin\bak\jusched.exe
2006-03-27 16:02 . 2004-03-18 08:33 892928 c:\programmi\Logitech\iTouch\bak\iTouch.exe
2006-06-06 09:07 . 2006-06-06 09:07 40960 c:\programmi\Macrogaming\SweetIM\bak\SweetIM.exe
2004-11-24 10:29 . 2004-11-24 10:29 880640 c:\programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe
2006-06-27 15:21 . 2006-06-27 15:21 1449984 c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
2005-03-11 00:28 . 2005-03-11 00:28 40960 c:\programmi\ScanSoft\PaperPort\bak\IndexSearch.exe
2005-03-10 23:28 . 2005-03-10 23:28 40960 c:\programmi\ScanSoft\PaperPort\IndexSearch.exe
2005-03-11 00:01 . 2005-03-11 00:01 57393 c:\programmi\ScanSoft\PaperPort\bak\pptd40nt.exe
2005-03-10 23:01 . 2005-03-10 23:01 57393 c:\programmi\ScanSoft\PaperPort\pptd40nt.exe
2004-08-19 13:39 . 2004-08-19 13:39 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 13:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-08 65536]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
uninstall.exe [2009-7-30 421888]
VIA RAID TOOL.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2006-3-27 561152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/01/2009 0.49.22 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27/03/2006 17.40.08 75904]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [27/03/2006 18.05.29 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [27/03/2006 18.05.29 20224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1029456]
.
Contenuto della cartella 'Scheduled Tasks'
2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/oggi/index.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Salvini\Dati applicazioni\Mozilla\Firefox\Profiles\b58vhy3a.default\
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\windows\system32\DNAML\npdbplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 19:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1380)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-07-30 19.19.10
ComboFix-quarantined-files.txt 2009-07-30 17:19
Pre-Run: 28.474.597.376 byte disponibili
Post-Run: 28.471.877.632 byte disponibili
187 --- E O F --- 2009-07-29 19:56
ComboFix 09-07-29.04 - Salvini 30/07/2009 20.06.55.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.667 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvini\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-30 )))))))))))))))))))))))))))))))))))
.
2009-07-16 17:27 . 2009-07-16 17:27 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2009-07-16 16:56 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-16 16:56 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 16:56 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-16 16:56 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\programmi\Avira
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-10 19:14 . 2009-07-10 19:13 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-10 19:13 . 2009-07-10 19:14 -------- d-----w- c:\documents and settings\Salvini\.housecall6.6
2009-07-10 12:31 . 2009-07-10 18:39 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-10 12:31 . 2009-07-10 18:42 -------- d-----w- c:\programmi\PC Tools AntiVirus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 18:10 . 2009-01-29 13:52 9838624 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-30 18:02 . 2009-01-29 13:52 117716 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-30 17:58 . 2007-03-12 13:25 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-07-30 17:28 . 2006-09-14 14:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-24 15:39 . 2009-07-24 15:39 1705472 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-16 18:19 . 2009-02-13 10:15 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-16 17:18 . 2009-04-02 12:40 3775176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 11:36 . 2009-02-13 10:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-02-13 10:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:44 . 2009-07-10 12:45 3201024 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-08 18:27 . 2009-06-20 10:21 314712 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-08 18:27 . 2009-06-20 10:21 25440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-08 18:27 . 2009-06-20 10:21 169312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-08 18:27 . 2009-06-20 10:21 348496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-08 18:27 . 2009-06-20 10:21 298336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-08 18:27 . 2009-06-09 17:41 84832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-08 18:27 . 2009-06-20 10:21 1630560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-08 18:25 . 2009-06-04 21:49 246128 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-08 18:25 . 2009-06-04 21:49 40288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-08 18:25 . 2009-06-20 10:21 85352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-08 18:25 . 2009-06-20 10:21 664424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-08 18:25 . 2009-06-20 10:21 563064 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-08 18:22 . 2009-06-20 10:21 566632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-08 18:22 . 2009-06-20 10:21 2353480 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-08 18:22 . 2009-06-20 10:21 629072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-08 18:21 . 2009-06-20 10:21 520024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-08 18:20 . 2009-06-20 10:21 1029456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 16:49 . 2004-08-19 13:39 669184 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-19 13:39 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 09:58 . 2009-06-26 09:56 1878984 ----a-w- c:\documents and settings\Salvini\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-26 09:50 . 2006-03-27 15:17 45080 -c--a-w- c:\documents and settings\Salvini\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 12:41 . 2008-10-28 20:46 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\dvdcss
2009-06-16 14:36 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-31 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 17:41 . 2009-06-09 17:41 15688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-09 17:41 . 2009-01-29 23:03 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\programmi\Philips
2009-06-06 17:16 . 2006-03-27 15:24 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\InstallShield
2009-06-03 19:09 . 2004-08-19 13:39 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 23:23 . 2009-05-22 23:23 1587712 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-05-07 15:32 . 2004-08-19 13:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 10:07 . 2009-05-04 10:07 2207858 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-24 11:53 . 2008-09-01 14:54 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-10-24 13:53 . 2006-03-30 14:45 313472 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
2007-03-11 15:31 . 2005-01-26 17:02 49152 c:\programmi\Brother\Brmfl05a\bak\BrStDvPt.exe
2007-07-04 12:31 . 2005-01-26 16:02 49152 c:\programmi\Brother\Brmfl05a\BrStDvPt.exe
2007-03-11 15:31 . 2005-05-17 16:42 933888 c:\programmi\Brother\ControlCenter2\bak\brctrcen.exe
2007-07-04 12:31 . 2005-05-17 15:42 933888 c:\programmi\Brother\ControlCenter2\brctrcen.exe
2004-12-09 10:14 . 2004-12-09 10:14 1068032 c:\programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
2003-10-14 09:22 . 2003-10-14 09:22 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
2003-10-14 08:22 . 2003-10-14 08:22 155648 c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
2007-02-23 13:37 . 2007-03-14 14:18 411648 c:\programmi\Grisoft\AVG Free\bak\avgcc.exe
2007-03-07 20:26 . 2006-12-15 02:23 75520 c:\programmi\Java\jre1.5.0_11\bin\bak\jusched.exe
2006-03-27 16:02 . 2004-03-18 08:33 892928 c:\programmi\Logitech\iTouch\bak\iTouch.exe
2006-06-06 09:07 . 2006-06-06 09:07 40960 c:\programmi\Macrogaming\SweetIM\bak\SweetIM.exe
2004-11-24 10:29 . 2004-11-24 10:29 880640 c:\programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe
2006-06-27 15:21 . 2006-06-27 15:21 1449984 c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
2005-03-11 00:28 . 2005-03-11 00:28 40960 c:\programmi\ScanSoft\PaperPort\bak\IndexSearch.exe
2005-03-10 23:28 . 2005-03-10 23:28 40960 c:\programmi\ScanSoft\PaperPort\IndexSearch.exe
2005-03-11 00:01 . 2005-03-11 00:01 57393 c:\programmi\ScanSoft\PaperPort\bak\pptd40nt.exe
2005-03-10 23:01 . 2005-03-10 23:01 57393 c:\programmi\ScanSoft\PaperPort\pptd40nt.exe
2004-08-19 13:39 . 2004-08-19 13:39 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 13:39 . 2008-04-14 02:14 15360 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-10 40960]
"SetDefPrt"="c:\programmi\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\programmi\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-08 520024]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-08 65536]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
uninstall.exe [2009-7-30 421888]
VIA RAID TOOL.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2006-3-27 561152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/01/2009 0.49.22 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27/03/2006 17.40.08 75904]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [27/03/2006 18.05.29 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [27/03/2006 18.05.29 20224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1029456]
.
Contenuto della cartella 'Scheduled Tasks'
2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/oggi/index.html
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Salvini\Dati applicazioni\Mozilla\Firefox\Profiles\b58vhy3a.default\
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\windows\system32\DNAML\npdbplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 20:10
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(4048)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\programmi\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-07-30 20.13.17
ComboFix-quarantined-files.txt 2009-07-30 18:13
Pre-Run: 28.480.421.888 byte disponibili
Post-Run: 28.439.994.368 byte disponibili
189 --- E O F --- 2009-07-29 19:56
AWF::
c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\programmi\Brother\Brmfl05a\bak\BrStDvPt.exe
c:\programmi\Brother\ControlCenter2\bak\brctrcen.exe
c:\programmi\File comuni\PCSuite\DataLayer\bak\DATALA~1.EXE
c:\programmi\File comuni\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
c:\programmi\Grisoft\AVG Free\bak\avgcc.exe
c:\programmi\Logitech\iTouch\bak\iTouch.exe
c:\programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe
c:\programmi\ScanSoft\PaperPort\bak\IndexSearch.exe
c:\programmi\ScanSoft\PaperPort\bak\pptd40nt.exe
c:\windows\system32\bak\ctfmon.exe
File::
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
uninstall.exe
ComboFix 09-07-29.04 - Salvini 31/07/2009 19.29.42.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.696 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvini\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Salvini\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
FILE ::
"c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\"
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\2712c8.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-06-28 al 2009-07-31 )))))))))))))))))))))))))))))))))))
.
2009-07-16 17:27 . 2009-07-16 17:27 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2009-07-16 16:56 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-16 16:56 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-16 16:56 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-16 16:56 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\programmi\Avira
2009-07-16 16:55 . 2009-07-16 16:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-07-10 19:14 . 2009-07-10 19:13 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-10 19:13 . 2009-07-10 19:14 -------- d-----w- c:\documents and settings\Salvini\.housecall6.6
2009-07-10 12:31 . 2009-07-10 18:39 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-10 12:31 . 2009-07-10 18:42 -------- d-----w- c:\programmi\PC Tools AntiVirus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 17:32 . 2009-01-29 13:52 10164256 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-31 17:21 . 2007-03-11 15:27 -------- d-----w- c:\programmi\ScanSoft
2009-07-31 17:21 . 2007-03-11 15:27 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-07-31 17:21 . 2007-03-15 14:08 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\ScanSoft
2009-07-31 17:20 . 2006-06-30 11:41 -------- d-----w- c:\programmi\Nokia
2009-07-31 17:16 . 2009-01-29 13:52 121340 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-31 17:15 . 2009-01-29 22:47 -------- d-----w- c:\programmi\Lavasoft
2009-07-31 17:15 . 2007-12-26 14:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2009-07-31 17:13 . 2007-03-12 13:25 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-07-31 17:09 . 2006-09-14 14:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-31 16:55 . 2006-03-27 15:24 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-31 16:54 . 2006-03-27 15:24 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-07-31 16:54 . 2006-03-27 15:25 -------- d-----w- c:\programmi\Common Files
2009-07-31 16:53 . 2006-03-27 15:25 -------- d-----w- c:\programmi\Alice ti aiuta
2009-07-24 15:39 . 2009-07-24 15:39 1705472 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-16 18:19 . 2009-02-13 10:15 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-16 17:18 . 2009-04-02 12:40 3775176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 11:36 . 2009-02-13 10:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-02-13 10:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:44 . 2009-07-10 12:45 3201024 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-26 16:49 . 2004-08-19 13:39 669184 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:49 . 2004-08-19 13:39 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 09:58 . 2009-06-26 09:56 1878984 ----a-w- c:\documents and settings\Salvini\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-26 09:50 . 2006-03-27 15:17 45080 -c--a-w- c:\documents and settings\Salvini\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-22 12:41 . 2008-10-28 20:46 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\dvdcss
2009-06-16 14:36 . 2004-08-19 13:39 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-31 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\programmi\Philips
2009-06-06 17:16 . 2009-06-06 17:16 -------- d-----w- c:\documents and settings\Salvini\Dati applicazioni\InstallShield
2009-06-03 19:09 . 2004-08-19 13:39 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 23:23 . 2009-05-22 23:23 1587712 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-05-07 15:32 . 2004-08-19 13:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 10:07 . 2009-05-04 10:07 2207858 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-24 11:53 . 2008-09-01 14:54 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-08 65536]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-09 1519616]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
uninstall.exe [2009-7-31 421888]
VIA RAID TOOL.lnk - c:\programmi\VIA\RAID\raid_tool.exe [2006-3-27 561152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [27/03/2006 17.40.08 75904]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [27/03/2006 18.05.29 20480]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [27/03/2006 18.05.29 20224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/oggi/index.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Salvini\Dati applicazioni\Mozilla\Firefox\Profiles\b58vhy3a.default\
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programmi\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\windows\system32\DNAML\npdbplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 19:32
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-07-31 19.35.30
ComboFix-quarantined-files.txt 2009-07-31 17:35
ComboFix2.txt 2009-07-30 18:13
Pre-Run: 29.737.066.496 byte disponibili
Post-Run: 29.696.786.432 byte disponibili
144 --- E O F --- 2009-07-29 19:56
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\Programmi\Java\jre1.5.0_11\bin\bak\jusched.exe|C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" completed successfully.
File move operation "C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe|C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" completed successfully.
File "C:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\uninstall.exe" deleted successfully.
Folder "C:\DOCUME~1\Salvini\IMPOST~1\Temp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Visitano il forum: Nessuno e 18 ospiti