Fatto
ComboFix 09-10-28.08 - Administrator 10/29/2009 17:17.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1568 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-09-28 al 2009-10-29 )))))))))))))))))))))))))))))))))))
.
2009-10-29 16:06 . 2009-10-29 16:06 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\thecleaner
2009-10-29 16:06 . 2009-10-29 16:20 -------- d-----w- c:\programmi\The Cleaner
2009-10-29 14:20 . 2009-07-28 15:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-29 14:19 . 2009-10-29 14:19 -------- d-----w- c:\windows\ServicePackFiles
2009-10-29 14:16 . 2009-10-29 14:17 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2009-10-29 14:16 . 2009-10-29 14:16 -------- d-----w- c:\documents and settings\HelpAssistant\amsn
2009-10-29 13:34 . 2009-10-29 13:34 -------- d-----w- c:\programmi\Trend Micro
2009-10-29 13:30 . 2009-10-29 13:30 -------- d-----w- c:\programmi\CCleaner
2009-10-26 19:22 . 2009-10-26 19:22 -------- d-----w- c:\windows\system32\KB905474
2009-10-26 19:22 . 2009-03-10 21:26 1437568 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-26 19:22 . 2009-03-10 21:18 454016 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-26 19:18 . 2009-10-26 19:18 -------- d-----w- c:\programmi\MSXML 6.0
2009-10-26 18:25 . 2009-10-26 18:25 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-25 19:42 . 2009-10-25 19:42 -------- d-----w- c:\programmi\Alwil Software
2009-10-25 17:04 . 2009-10-25 19:37 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-25 16:49 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-25 16:49 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-25 16:45 . 2009-08-04 17:03 2061440 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-25 16:45 . 2009-08-04 17:03 2019328 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-25 16:45 . 2009-08-04 17:03 2184064 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-25 16:45 . 2009-08-04 17:03 2139648 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-25 16:09 . 2009-10-29 13:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-10-25 16:09 . 2009-10-25 16:09 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-24 20:47 . 2009-10-29 14:19 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni
2009-10-24 19:42 . 2009-10-24 19:42 -------- d-----w- c:\documents and settings\HelpAssistant\VASSAL
2009-10-24 19:42 . 2009-10-24 19:42 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-24 19:42 . 2009-10-24 19:42 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-10-24 19:31 . 2009-10-25 16:06 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di rete
2009-10-24 19:31 . 2009-10-24 20:53 -------- d-----w- c:\documents and settings\HelpAssistant\Documenti
2009-10-24 19:31 . 2009-10-24 20:13 -------- d--h--w- c:\documents and settings\HelpAssistant\Impostazioni locali
2009-10-24 19:31 . 2009-10-24 19:42 -------- d-----w- c:\documents and settings\HelpAssistant\Preferiti
2009-10-24 19:31 . 2008-01-30 05:14 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2009-10-24 19:31 . 2008-01-30 05:14 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Avvio
2009-10-24 19:31 . 2008-01-30 04:18 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
2009-10-24 19:31 . 2009-10-29 16:17 -------- d-----w- c:\documents and settings\HelpAssistant
2009-10-24 14:29 . 2009-10-24 14:29 90112 ----a-w- c:\windows\system32\76.scr
2009-10-24 14:00 . 2009-10-24 14:00 90112 --sh--r- c:\windows\system32\fiwsivst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 14:13 . 2008-01-31 02:30 -------- d-----w- c:\programmi\ESET
2009-10-26 22:42 . 2001-08-31 15:00 81990 ----a-w- c:\windows\system32\perfc010.dat
2009-10-26 22:42 . 2001-08-31 15:00 483342 ----a-w- c:\windows\system32\perfh010.dat
2009-10-25 15:47 . 2009-09-12 22:05 196608 ----a-w- c:\windows\system32\15.scr
2009-10-05 21:22 . 2008-06-11 18:16 -------- d-----w- c:\programmi\SQLyog Community
2009-09-25 05:55 . 2004-08-19 16:39 664576 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:55 . 2004-08-19 16:39 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-17 22:49 . 2009-02-24 17:06 -------- d-----w- c:\programmi\Steam
2009-09-16 18:29 . 2009-01-06 15:43 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-16 11:17 . 2008-01-30 20:43 25712 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-16 11:10 . 2009-09-16 11:10 -------- d-----w- c:\programmi\Microsoft
2009-09-16 11:10 . 2009-09-16 11:10 -------- d-----w- c:\programmi\Windows Live
2009-09-16 11:10 . 2009-09-16 11:10 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-09-16 11:07 . 2009-09-16 11:07 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\documents and settings\dadad\Dati applicazioni\AdobeUM
2009-09-11 14:34 . 2004-08-19 16:39 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:43 . 2008-02-12 20:36 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2009-09-08 11:35 . 2008-01-31 05:42 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\teamspeak2
2009-09-08 11:31 . 2008-02-12 20:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2009-09-06 14:25 . 2009-09-06 14:25 -------- d-----w- c:\programmi\IKEA HomePlanner
2009-09-06 14:25 . 2008-01-31 05:31 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-09-04 20:45 . 2004-08-19 16:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:14 . 2004-08-19 16:39 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:05 . 2004-08-19 16:39 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:03 . 2004-08-19 16:34 2139648 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:03 . 2004-08-19 15:34 2019328 ------w- c:\windows\system32\ntkrnlpa.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\programmi\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\programmi\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]
"ftIWindows Server IP Verification Service"="c:\windows\system32\fiwsivst.exe" [2009-10-24 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"ftIWindows Server IP Verification Service"="c:\windows\system32\fiwsivst.exe" [2009-10-24 90112]
"msmacro32"="c:\windows\msmacro32.exe" [BU]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^HDDlife.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Utilità controllo supporti di Picture Motion Browser.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Utilità controllo supporti di Picture Motion Browser.lnk
backup=c:\windows\pss\Utilità controllo supporti di Picture Motion Browser.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programmi\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Programmi\\World of Warcraft\\Launcher.exe"=
"c:\\Programmi\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Programmi\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Giochi\\WowMatrix.exe"=
"c:\\Programmi\\Curse\\CurseClient.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\fiwsivst.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [1/9/2007 5:17 PM 20539]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [8/28/2008 5:34 PM 176128]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [7/14/2008 9:09 PM 81920]
S2 fIWSIVSt;fItWindows Server IP Verification Service;c:\windows\system32\fiwsivst.exe [10/24/2009 3:00 PM 90112]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\cdiskdun.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\cdiskdun.sys [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\bd607273.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\bd607273.nmc\nse\bin\ndiskio.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [7/14/2008 9:10 PM 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [7/14/2008 9:10 PM 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [7/14/2008 9:10 PM 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [7/14/2008 9:10 PM 104960]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\bd607273.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\bd607273.nmc\nse\bin\unhookmbrs.sys [?]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-10-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-26 21:18]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {AEDDEA62-0E56-4FDB-9585-5DCFDB232B86} = 182.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xqlj83dq.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - prefs.js: keyword.URL -
hxxp://search.freecause.com/search?fr=f ... hoo.com&p=FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\xqlj83dq.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-nod32kui - c:\programmi\Eset\nod32kui.exe
HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
AddRemove-avast! - c:\programmi\Alwil Software\Avast4\aswRunDll.exe
AddRemove-NOD32 - c:\programmi\Eset\Setup\setup.exe
AddRemove-Risiko Digital II - c:\programmi\Risiko Digital II\uninstall.exe
AddRemove-Xfire - c:\programmi\Xfire\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-29 17:26
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-57989841-484061587-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dc,37,0a,54,ba,48,cb,66,06,54,4b,3b,a7,4c,c9,8a,40,ac,5e,6a,d1,31,92,
70,77,36,56,6f,05,9a,53,4e,ed,ee,9c,19,0a,93,21,0e,e7,e5,77,49,97,1f,cf,99,\
"??"=hex:a9,5e,33,c5,10,9a,69,a6,1e,9d,1f,8d,99,df,7c,4a
[HKEY_USERS\S-1-5-21-57989841-484061587-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:ea,27,4b,94,f1,d9,b5,c5,1c,37,d0,ac,73,67,0c,87,8e,51,c2,c6,d7,
b3,6d,4c,b1,0b,bb,75,ee,f8,b0,9a,66,8e,00,77,d8,aa,16,d3,b7,13,4b,a0,96,49,\
"rkeysecu"=hex:9b,db,46,71,dd,44,ba,47,01,22,83,01,d9,cb,32,39
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(816)
c:\programmi\Microsoft Office\Office10\msohev.dll
c:\windows\system32\browselc.dll
c:\programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\windows\system32\ODBC32.dll
.
Ora fine scansione: 2009-10-29 17:29
ComboFix-quarantined-files.txt 2009-10-29 16:29
ComboFix2.txt 2009-10-29 14:12
Pre-Run: 156,160,847,872 byte disponibili
Post-Run: 156,122,017,792 byte disponibili
- - End Of File - - 8BC6BBAF3CF52566BFE2CBECA327B937
Registrazione
pensavo fosse combofix