Ecco il log di Combofix
ComboFix 09-11-23.04 - agostino 24/11/2009 15.08.37.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2558.1833 [GMT 1:00]
Eseguito da: c:\documents and settings\agostino\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\agostino\Dati applicazioni\Desktopicon
c:\documents and settings\agostino\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\agostino\Dati applicazioni\Desktopicon\uninst.exe
C:\InfoSat.txt
c:\windows\AUTOLNCH.REG
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISRD
-------\Service_ndisrd
((((((((((((((((((((((((( Files Creati Da 2009-10-24 al 2009-11-24 )))))))))))))))))))))))))))))))))))
.
2009-11-23 09:58 . 2009-11-23 09:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-11-23 09:57 . 2009-11-24 00:51 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Azureus
2009-11-23 09:57 . 2009-11-23 09:57 -------- d-----w- c:\programmi\Vuze
2009-11-22 09:18 . 2009-11-13 11:15 497944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-11-22 09:18 . 2009-11-13 11:15 3963648 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-11-22 09:17 . 2009-11-13 11:15 877848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-11-22 09:17 . 2009-11-13 11:15 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-11-18 13:39 . 2009-11-18 13:39 -------- d-----w- c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\OOoLive
2009-11-16 16:01 . 2008-12-04 00:25 120832 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Mozilla\Firefox\Profiles\3h6ti7k2.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-11-14 15:15 . 2009-11-23 18:50 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\vlc
2009-11-13 12:44 . 2009-11-13 12:49 -------- d-----w- c:\programmi\Unlocker
2009-11-13 12:24 . 2009-11-13 12:24 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-11-13 11:15 . 2009-11-14 16:45 -------- d-----w- C:\$AVG
2009-11-13 11:15 . 2009-11-13 11:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-13 11:15 . 2009-11-13 11:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-13 11:15 . 2009-11-13 11:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-13 11:15 . 2009-11-13 11:15 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-13 11:15 . 2009-11-24 07:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-13 11:14 . 2009-11-13 11:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-11-13 10:54 . 2009-11-13 10:54 -------- d-----w- c:\programmi\Java
2009-11-13 10:52 . 2009-11-13 10:52 152576 ----a-w- c:\documents and settings\agostino\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 16:05 . 2009-03-07 18:11 1337985056 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-24 14:32 . 2001-08-31 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-11-24 14:32 . 2001-08-31 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-11-24 14:26 . 2009-03-07 18:11 15682004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-24 14:26 . 2007-09-26 16:34 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-11-24 14:26 . 2007-09-26 16:34 384 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2009-11-24 09:25 . 2008-08-22 11:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-24 09:25 . 2009-08-12 11:43 -------- d-----w- c:\programmi\SpywareBlaster
2009-11-24 09:24 . 2009-09-17 10:12 -------- d-----w- c:\programmi\Navilog1
2009-11-21 18:23 . 2008-11-14 12:36 -------- d-----w- c:\programmi\Innovative Solutions
2009-11-20 14:20 . 2009-10-11 14:57 -------- d-----w- c:\programmi\QuickTime Alternative
2009-11-14 16:37 . 2008-12-08 18:44 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\TeraCopy
2009-11-14 15:44 . 2008-11-20 13:08 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\IObit
2009-11-14 15:41 . 2008-12-15 20:12 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Any Video Converter
2009-11-14 15:41 . 2007-09-26 17:20 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Vso
2009-11-14 15:41 . 2009-10-11 14:40 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-11-14 15:41 . 2009-01-06 13:50 -------- d-----w- c:\programmi\Any Video Converter Professional
2009-11-14 15:41 . 2007-09-26 16:21 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-11-13 12:28 . 2007-09-26 17:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-11-13 10:54 . 2008-12-08 14:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-19 09:28 . 2009-10-19 09:28 213888 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-19 09:28 . 2009-10-19 09:28 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-10-19 09:28 . 2008-11-14 11:07 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-19 09:28 . 2008-11-14 11:07 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-10-19 09:28 . 2008-10-31 18:16 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-19 09:28 . 2009-10-19 09:28 -------- d-----w- c:\programmi\Acronis
2009-10-17 21:08 . 2009-10-17 16:17 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-17 21:06 . 2009-10-17 16:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-17 16:43 . 2009-10-17 16:43 -------- d-----w- c:\programmi\AVG
2009-10-17 08:48 . 2009-06-30 13:11 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-17 07:38 . 2008-12-27 20:21 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\wsInspector
2009-10-15 09:16 . 2009-10-15 09:16 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\aignes
2009-10-15 09:14 . 2009-10-15 09:14 -------- d-----w- c:\programmi\AM-DeadLink
2009-10-14 07:55 . 2007-09-26 17:14 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-14 07:52 . 2009-10-14 07:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-14 07:51 . 2009-10-14 07:51 -------- d-----w- c:\programmi\NOS
2009-10-14 07:16 . 2008-12-03 10:44 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\Skype
2009-10-14 07:13 . 2008-10-18 12:39 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\skypePM
2009-10-11 14:59 . 2009-10-11 14:59 -------- d-----w- c:\programmi\Real Alternative
2009-10-11 14:58 . 2008-12-24 15:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-10-11 14:36 . 2009-03-07 13:55 -------- d-----w- c:\programmi\Combined Community Codec Pack
2009-10-11 13:59 . 2009-10-11 13:59 43646 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_EF7BC6DDBE20B4C1311492.exe
2009-10-11 13:59 . 2009-10-11 13:59 43646 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_D707CE1C009F1381803C2C.exe
2009-10-11 13:59 . 2009-10-11 13:59 43646 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_81A4006ABC1B62DCE5F5CA.exe
2009-10-11 13:59 . 2009-10-11 13:59 43646 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_21F3885A18D238E15AAE81.exe
2009-10-11 13:59 . 2009-10-11 13:59 29926 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_455EF241629E11584EA727.exe
2009-10-11 13:59 . 2009-10-11 13:59 109534 ----a-r- c:\documents and settings\agostino\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_6FEFF9B68218417F98F549.exe
2009-10-11 13:58 . 2009-10-11 13:58 -------- d-----w- c:\programmi\Macrium
2009-10-11 08:09 . 2009-10-11 08:09 -------- d-----w- c:\documents and settings\agostino\Dati applicazioni\dcunningham.net
2009-09-17 11:17 . 2007-09-26 17:30 76960 ----a-w- c:\documents and settings\agostino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-11 14:17 . 2004-08-19 13:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:52 . 2009-07-14 08:50 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 12:54 . 2009-06-29 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-06-29 19:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-19 13:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2007-01-03 10:56 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[7] 2004-08-19 . 4166454E2BCFCC20D1B8A5AC9FEAB243 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2007-01-03 . EFA21A3FE23BBCFDB6F61A3AF723E05A . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll
[-] 2007-03-08 . BAB4F995E526484A235A276E269AAF7F . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[7] 2004-08-19 . 5B33B4265966EE063C7FBEA28958D9C2 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\programmi\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"filehippo.com"="c:\programmi\filehippo.com\UpdateChecker.exe" [2009-07-27 155648]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\Nero PhotoShow 4\data\xtras\mssysmgr.exe" [2006-01-13 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-17 45056]
"SBDrvDet"="c:\programmi\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\updateservice\isuspm.exe" [2004-06-14 221184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SMSTray"="c:\programmi\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"ThreatFire"="c:\programmi\ThreatFire\TFTray.exe" [2009-09-23 382224]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-10-06 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Pinnacle Scheduler.lnk - c:\programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-9-27 245760]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-13 11:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/10/2009 10.16.25 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/10/2009 10.16.25 59664]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [11/08/2004 17.22.54 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/11/2009 12.15.13 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/11/2009 12.15.17 360584]
R1 is-QVPF3drv;is-QVPF3drv;c:\windows\system32\drivers\38729904.sys [07/03/2009 19.10.59 148496]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [04/10/2009 9.44.03 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [04/10/2009 9.42.37 1195008]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [13/11/2009 12.15.00 285392]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [26/09/2007 17.28.18 15840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [25/08/2009 11.16.36 220128]
R2 ThreatFire;ThreatFire;c:\programmi\ThreatFire\TFService.exe service --> c:\programmi\ThreatFire\TFService.exe service [?]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [26/09/2007 17.56.01 698368]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [04/10/2009 9.42.42 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [04/10/2009 9.43.57 257432]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [26/09/2007 18.07.59 44544]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [26/09/2007 18.11.17 6400]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/10/2009 10.16.25 33552]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [19/08/2004 14.39.46 14336]
S3 SASENUM;SASENUM; [x]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [02/03/2009 13.17.03 49632]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-24 c:\windows\Tasks\PandaUSBVaccine.job
- c:\programmi\Panda USB Vaccine\RunInteractiveWin.exe [2009-08-09 10:30]
2009-11-24 c:\windows\Tasks\User_Feed_Synchronization-{A6A01747-FD5F-45F8-86D4-862341F42BC4}.job
- c:\windows\system32\msfeedssync.exe [2007-01-03 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\agostino\Dati applicazioni\Mozilla\Firefox\Profiles\3h6ti7k2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-eBay Icon - c:\documents and settings\agostino\Dati applicazioni\Desktopicon\uninst.exe
AddRemove-PhotoRazor - c:\programmi\PhotoRazor\uninstall.exe uninstall
AddRemove-QcDrv - c:\programmi\File comuni\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
AddRemove-Tweak UI 2.10 - c:\windows\system32\mshta.exe res://c:\windows\system32\TweakUI.exe/uninstall.hta
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-24 16:32
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1744)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\programmi\ThreatFire\TFWAH.dll
- - - - - - - > 'lsass.exe'(1840)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
c:\programmi\ThreatFire\TFWAH.dll
- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\programmi\ThreatFire\TfWah.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\programmi\ThreatFire\TFNI.dll
c:\programmi\ThreatFire\TFMon.dll
c:\programmi\ThreatFire\TFRK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\TeraCopy\TeraCopyExt.dll
c:\programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\programmi\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
c:\programmi\WinRAR\rarext.dll
c:\programmi\Malwarebytes' Anti-Malware\mbamext.dll
c:\windows\system32\browselc.dll
c:\programmi\7-Zip\7-zip.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\CTsvcCDA.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Panda USB Vaccine\USBVaccine.exe
c:\programmi\ThreatFire\TFService.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-24 17:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-24 16:12
Pre-Run: 17.296.678.912 byte disponibili
Post-Run: 17.433.120.768 byte disponibili
- - End Of File - - 130C1ED64DAF54894A6E3D7F5582825A