ComboFix 09-01-09.03 - ALEDANY 2009-01-09 17.54.11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1040.18.255.105 [GMT 1:00]
Eseguito da: c:\documents and settings\ALEDANY\Documenti\PROGRAMMI\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\i
c:\windows\system32\wmsoft30608.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-12-09 al 2009-01-09 )))))))))))))))))))))))))))))))))))
.

2009-01-09 20:58 . 2009-01-09 16:20 <DIR> d-------- c:\programmi\WinClamAVShield
2009-01-09 20:58 . 2009-01-09 21:05 93,488 --a------ c:\windows\system32\wmsoft05648.exe
2009-01-09 20:56 . 2009-01-09 16:44 <DIR> d-------- c:\programmi\Spyware Terminator
2009-01-09 20:56 . 2009-01-09 20:56 <DIR> d-------- c:\programmi\Crawler
2009-01-09 20:56 . 2009-01-09 16:52 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-01-09 20:56 . 2009-01-09 17:36 <DIR> d-------- c:\documents and settings\ALEDANY\Dati applicazioni\Spyware Terminator
2009-01-09 20:56 . 2009-01-09 20:56 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-09 20:46 . 2009-01-09 20:46 <DIR> d-------- c:\programmi\Pirelli
2009-01-09 20:46 . 2009-01-09 20:47 126 --a------ c:\windows\PRLTP_USBdrv.ini
2009-01-09 20:45 . 2009-01-09 20:45 <DIR> d-------- c:\programmi\Motive
2009-01-09 20:45 . 2009-01-09 20:45 <DIR> d-------- c:\programmi\File comuni\Motive
2009-01-09 20:45 . 2009-01-09 20:45 <DIR> d-------- c:\programmi\Common Files
2009-01-09 20:45 . 2009-01-09 20:45 <DIR> d-------- c:\programmi\Alice ti aiuta
2009-01-09 20:45 . 2009-01-09 20:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-01-09 20:44 . 2009-01-09 20:44 <DIR> d-------- c:\programmi\Telecom Italia
2009-01-09 20:44 . 2009-01-09 20:46 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-09 20:44 . 2009-01-09 20:46 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-01-09 20:40 . 2009-01-09 20:40 <DIR> d-------- c:\programmi\Hewlett-Packard
2009-01-09 20:40 . 2001-01-15 22:06 667,648 --a------ c:\windows\system32\ipeistor12.dll
2009-01-09 20:39 . 2001-08-03 11:21 438,272 -ra------ c:\windows\system32\hpgmatk.dll
2009-01-09 20:39 . 1998-10-06 18:57 327,168 --a------ c:\windows\IsUn0410.exe
2009-01-09 20:39 . 2000-10-09 18:57 102,400 -ra------ c:\windows\system32\hpgmastr.dll
2009-01-09 20:39 . 2001-08-14 13:24 90,112 -ra------ c:\windows\system32\hpsjvset.dll
2009-01-09 20:39 . 2001-08-03 11:23 40,960 -ra------ c:\windows\system32\hpgmausd.dll
2009-01-09 20:39 . 2001-08-17 21:53 13,824 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-09 20:39 . 2001-08-17 21:53 13,824 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-09 20:39 . 2001-08-14 13:15 11,185 -ra------ c:\windows\system32\hpgmasti.inf
2009-01-09 17:20 . 2009-01-09 17:20 202 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-01-09 17:19 . 2009-01-09 17:19 <DIR> d-------- c:\windows\LastGood
2009-01-09 17:19 . 2009-01-09 17:20 <DIR> d-------- c:\programmi\Google
2009-01-09 16:51 . 2009-01-09 16:51 <DIR> d-------- c:\windows\system32\bits
2009-01-09 16:49 . 2004-07-01 23:05 360,448 --a--c--- c:\windows\system32\dllcache\qmgr.dll
2009-01-09 16:49 . 2004-07-01 23:05 331,776 --a------ c:\windows\system32\winhttp.dll
2009-01-09 16:49 . 2004-07-01 23:05 17,408 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-09 16:49 . 2004-07-01 23:05 17,408 --a--c--- c:\windows\system32\dllcache\qmgrprxy.dll
2009-01-09 16:49 . 2004-07-01 23:05 7,680 -----c--- c:\windows\system32\dllcache\bitsprx2.dll
2009-01-09 16:49 . 2004-07-01 23:05 7,680 --------- c:\windows\system32\bitsprx2.dll
2009-01-09 16:49 . 2004-07-01 23:05 7,168 -----c--- c:\windows\system32\dllcache\bitsprx3.dll
2009-01-09 16:49 . 2004-07-01 23:05 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-09 16:48 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-09 16:48 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-09 16:48 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-09 16:48 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-01-09 16:48 . 2008-10-16 14:12 35,864 --a------ c:\windows\system32\wucltui.dll.mui
2009-01-09 16:48 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-09 16:48 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-01-09 16:48 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui
2009-01-09 16:48 . 2008-10-16 14:07 19,480 --a------ c:\windows\system32\wuaueng.dll.mui
2009-01-09 16:47 . 2009-01-09 16:47 <DIR> d---s---- c:\documents and settings\ALEDANY\UserData
2009-01-09 11:00 . 2009-01-09 10:18 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 19:45 155,995 ----a-w c:\windows\java\Packages\IXJ5ZBZ5.ZIP
2009-01-09 09:45 --------- d-----w c:\documents and settings\ALEDANY\Dati applicazioni\vlc
2009-01-09 09:44 --------- d-----w c:\programmi\VideoLAN
2009-01-09 09:43 --------- d-----w c:\programmi\CCleaner
2009-01-09 09:15 --------- d-----w c:\programmi\microsoft frontpage
2009-01-09 09:13 --------- d-----w c:\programmi\Servizi in linea
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-08-31 13312]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2001-08-02 1077277]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-01-09 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-09 2267136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-31 13312]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-01-09 217088]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-09 142592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
c:\windows\Fonts\wmsncs.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-Wmsncs Service - c:\windows\Fonts\wmsncs.exe
HKU-Default-Run-NvidMediaCenter - c:\programmi\File comuni\System\wmsncs.exe
HKU-Default-Run-Spool Driver Service - c:\windows\System32\spool\drivers\wmsncs.exe
HKU-Default-Run-Wins Service - c:\windows\System32\wins\wmsncs.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.libero.it/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {95DF0C7E-C78C-445E-A785-7185D1B450EF} = 85.37.17.16 85.38.28.68
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\Toolbar\ctbr.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 17:55:19
Windows 5.1.2600 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

- - - - - - - > 'lsass.exe'(676)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
c:\windows\System32\dssenh.dll
.
Ora fine scansione: 2009-01-09 17.56.24
ComboFix-quarantined-files.txt 2009-01-09 16:56:20

Pre-Run: 36.499.034.112 byte disponibili
Post-Run: 36,518,838,272 byte disponibili

WinXP_IT_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

156