ComboFix 10-04-21.01 - Ricky 22/04/2010 0.21.34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.223 [GMT 2:00]
Eseguito da: c:\documents and settings\Ricky\Desktop\ComboFix.exe
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Creati Da 2010-03-21 al 2010-04-21 )))))))))))))))))))))))))))))))))))
.
2010-04-18 22:24 . 2010-04-18 22:24 -------- d-----w- c:\documents and settings\Ricky\Dati applicazioni\Malwarebytes
2010-04-18 22:24 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 22:24 . 2010-04-18 22:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-18 22:24 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 22:24 . 2010-04-18 22:24 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-16 22:04 . 2010-04-16 22:04 -------- d-----w- c:\programmi\Trend Micro
2010-04-06 17:10 . 2008-09-09 09:03 315510 ----a-w- c:\windows\system32\RAPI.dll
2010-04-06 17:10 . 2008-08-07 12:42 16512 ----a-w- c:\windows\system32\drivers\RAPIProtocol.sys
2010-04-06 17:10 . 2008-06-13 18:11 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-04-06 17:10 . 2008-06-13 18:11 1093632 ----a-w- c:\windows\system32\libeay32.dll
2010-04-06 17:10 . 2010-04-06 17:10 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-06 17:08 . 2008-08-28 14:52 627072 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-04-06 17:08 . 2008-08-28 14:38 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-04-06 17:08 . 2008-08-28 14:38 15312 ----a-w- c:\windows\system32\RaCoInst.dat
2010-04-06 17:08 . 2010-04-06 17:10 -------- d-----w- c:\programmi\Ralink
2010-04-06 17:08 . 2010-04-06 17:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ralink Driver
2010-04-06 17:07 . 2010-04-06 17:07 -------- d-----w- c:\documents and settings\Ricky\Dati applicazioni\InstallShield
2010-04-06 17:01 . 2010-04-06 17:02 -------- d-----w- c:\documents and settings\Filippo\Impostazioni locali\Dati applicazioni\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 22:38 . 2009-09-03 18:56 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-21 22:38 . 2009-09-03 18:56 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-21 22:37 . 2009-09-03 19:01 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-21 22:37 . 2009-09-03 18:56 284280 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-21 22:37 . 2009-09-03 18:56 284280 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-16 20:11 . 2010-04-16 20:11 443912 ----a-w- c:\documents and settings\Ricky\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-04-13 18:50 . 2005-10-19 17:50 55 ----a-w- c:\windows\popcinfo.dat
2010-04-09 19:39 . 2002-09-23 17:49 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-09 19:39 . 2002-09-23 17:49 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-06 17:08 . 2005-10-17 22:41 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-10 08:02 . 2002-09-23 17:57 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:10 . 2005-10-21 15:50 664576 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:10 . 2004-08-19 22:39 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2002-09-23 17:44 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:31 . 2002-09-09 13:34 2062080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:31 . 2002-09-23 17:48 2185088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-07 20:09 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:45 . 2002-09-23 17:34 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2002-09-23 17:55 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-05-15 40960]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-10-10 7286784]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-08-26 180269]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2007-10-19 286720]
"APVXDWIN"="c:\programmi\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\programmi\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-3-14 2756608]
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Ralink Wireless Utility.lnk - c:\programmi\Ralink\Common\RaUI.exe [2010-4-6 1630208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"6466:TCP"= 6466:TCP:Services
"6467:TCP"= 6467:TCP:Services
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [03/09/2009 20.52.12 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [03/09/2009 20.56.23 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [03/09/2009 20.56.40 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [03/09/2009 20.56.23 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [03/09/2009 20.56.39 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [03/09/2009 20.56.23 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [03/09/2009 20.50.12 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [03/09/2009 20.56.40 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [03/09/2009 20.50.11 177416]
R2 PskSvcRetail;Panda PSK service;c:\programmi\Panda Security\Panda Global Protection 2010\psksvc.exe [03/09/2009 20.56.09 28928]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [03/09/2009 21.01.43 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [03/09/2009 20.54.12 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 ZSMC0305;PC CAMERA 188;c:\windows\system32\drivers\usbVM305.sys [08/01/2008 21.42.28 390379]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-21 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page =
www.fastweb.itIE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ricky\Dati applicazioni\Mozilla\Firefox\Profiles\hk4edo8m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.fastweb.it/myfastpage/res/
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Associazioni dei file -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %*
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-Free Download Manager - c:\programmi\Free Download Manager\fdm.exe
HKCU-Run-BlazeServoTool - c:\programmi\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe
HKLM-Run-3DNADesktop - c:\programmi\3DNA\Resources\3dnasys.exe
AddRemove-DIVXCodec - c:\windows\rundll.exe
AddRemove-Donald Duck Demo - c:\windows\UbiSoft\SetupUbi.exe
AddRemove-Trivial Pursuit Genus Edition Deluxe - c:\programmi\Zylom Games\Trivial Pursuit Genus Edition Deluxe\GameInstlr.exe
AddRemove-Turtle Odyssey 2 Deluxe - c:\programmi\Zylom Games\Turtle Odyssey 2 Deluxe\GameInstlr.exe
AddRemove-Zylom Games Player Plugin - c:\programmi\Zylom Games\UninstallPlugin.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-22 00:38
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1528)
c:\windows\system32\avldr.dll
- - - - - - - > 'explorer.exe'(2812)
c:\programmi\Panda Security\Panda Global Protection 2010\pavoepl.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\programmi\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
c:\windows\System32\nvsvc32.exe
c:\programmi\Panda Security\Panda Global Protection 2010\PsCtrls.exe
c:\programmi\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\programmi\File comuni\Panda Security\PavShld\pavprsrv.exe
c:\programmi\panda security\panda global protection 2010\firewall\PSHOST.EXE
c:\programmi\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Ralink\Common\RalinkRegistryWriter.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\programmi\Panda Security\Panda Global Protection 2010\pavsrv51.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\programmi\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
c:\programmi\Panda Security\Panda Global Protection 2010\PavBckPT.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-22 00:48:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-21 22:48
Pre-Run: 11.873.402.880 byte disponibili
Post-Run: 12.707.287.040 byte disponibili
- - End Of File - - 6FF308C3D52A20D24DCB9796E8F0E924