CIAO R16 TI IVIO LOG DI COMBO
ComboFix 09-04-19.01 - comp01 18/04/2009 20.05.49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.223.40 [GMT 2:00]
Eseguito da: c:\documents and settings\comp01\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups\
04.08.2009,16-02-10\HKEY_CLASSES_ROOT.reg
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups\
04.08.2009,16-02-10\HKEY_CURRENT_CONFIG.reg
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups\
04.08.2009,16-02-10\HKEY_CURRENT_USER.reg
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups\
04.08.2009,16-02-10\HKEY_LOCAL_MACHINE.reg
c:\documents and settings\comp01\Dati applicazioni\QUAD Backups\
04.08.2009,16-02-10\HKEY_USERS.reg
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\ikiukek.dat
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\ikiukek.exe
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\ikiukek_nav.dat
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\ikiukek_navps.dat
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\waeakqk.dat
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\waeakqk_nav.dat
c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\waeakqk_navps.dat
c:\documents and settings\comp01\Menu Avvio\Programmi\QUAD Utilities
c:\documents and settings\comp01\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\comp01\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\comp01\Menu Avvio\Programmi\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\programmi\QUAD Utilities
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\optimize.bin
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\programmi\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-03-19 al 2009-04-19 )))))))))))))))))))))))))))))))))))
.
2009-04-18 04:48 . 2009-04-18 05:59 -------- d-----w c:\windows\BDOSCAN8
2009-04-18 00:42 . 2009-04-18 00:42 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\Malwarebytes
2009-04-18 00:42 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 00:42 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 00:42 . 2009-04-18 00:42 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-04-16 02:42 . 2009-04-16 03:03 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 02:05 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 02:05 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 02:05 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:04 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:04 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:04 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 02:04 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:04 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 15:14 . 2009-04-15 15:14 95 ----a-w c:\windows\wininit.ini
2009-04-15 14:32 . 2009-04-15 14:31 185856 ----a-w c:\windows\system32\framedyn.dll
2009-04-15 14:31 . 2009-04-15 14:31 5415 ----a-w c:\windows\system32\Choice.com
2009-04-15 04:30 . 2009-04-15 04:30 0 ----a-w C:\1885521910
2009-04-15 04:27 . 2009-04-15 04:27 46 ----a-w C:\p2hhr.bat
2009-04-10 14:29 . 2009-04-10 14:29 -------- d-----w c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
2009-04-10 05:35 . 2009-04-10 05:35 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\Systenance
2009-04-09 20:41 . 2009-04-09 20:41 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2009-04-06 17:05 . 2008-10-03 21:05 28672 ----a-w c:\windows\system32\CleanMem.exe
2009-04-06 17:05 . 2009-04-06 17:05 -------- d-----w c:\windows\CleanMem
2009-04-03 01:48 . 2009-03-09 00:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-24 22:32 . 2009-03-24 22:32 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\r2 Studios
2009-03-24 22:32 . 2009-03-24 22:32 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\r2 Studios
2009-03-21 14:06 . 2009-03-21 14:06 1033728 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 01:50 . 2009-01-09 19:19 1090181 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-03-20 07:24 . 2009-03-20 07:24 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\Windows Search
2009-03-20 01:10 . 2006-06-29 12:07 14048 ----a-w c:\windows\system32\spmsg2.dll
2009-03-20 00:30 . 2009-04-07 05:33 -------- d-----w c:\windows\system32\XPSViewer
2009-03-20 00:25 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-20 00:25 . 2008-07-06 12:06 117760 ----a-w c:\windows\system32\prntvpt.dll
2009-03-20 00:25 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-20 00:25 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-20 00:25 . 2008-07-06 12:06 575488 ----a-w c:\windows\system32\xpsshhdr.dll
2009-03-20 00:25 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-03-20 00:25 . 2008-07-06 12:06 1676288 ----a-w c:\windows\system32\xpssvcs.dll
2009-03-20 00:25 . 2009-03-20 00:28 -------- d-----w C:\aaed52da23f63b8a95233d
2009-03-20 00:23 . 2009-03-20 00:25 -------- d-----w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-03-20 00:06 . 2009-03-20 00:06 -------- d-----w c:\windows\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 07:25 . 2004-05-05 14:27 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-18 00:42 . 2009-04-18 00:42 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-17 04:46 . 2003-10-31 19:21 492504 ----a-w c:\windows\system32\perfh010.dat
2009-04-17 04:46 . 2003-10-31 19:21 85330 ----a-w c:\windows\system32\perfc010.dat
2009-04-15 23:49 . 2008-11-08 15:56 -------- d-----w c:\programmi\Telecom Italia
2009-04-15 23:49 . 2004-03-10 15:11 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-15 23:28 . 2009-02-17 06:02 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-12 18:42 . 2004-05-05 21:06 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\QuickTime
2009-04-10 05:34 . 2009-04-10 05:34 -------- d-----w c:\programmi\Index.dat Analyzer
2009-04-09 20:49 . 2008-12-26 05:48 -------- d-----w c:\programmi\Google
2009-04-09 04:57 . 2009-04-09 04:57 -------- d-----w c:\programmi\CCleaner
2009-04-09 04:50 . 2009-04-09 04:48 -------- d-----w c:\programmi\Disk Cleaner
2009-04-07 18:02 . 2004-07-08 12:51 71224 -c--a-w c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-07 04:25 . 2009-04-06 17:05 -------- d-----w c:\programmi\CleanMem
2009-04-07 03:50 . 2009-04-07 03:50 -------- d-----w c:\programmi\Trend Micro
2009-04-06 20:51 . 2009-02-17 06:02 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-06 01:33 . 2009-04-06 01:33 -------- d-----w c:\programmi\Mz_CpuAcc
2009-04-03 01:47 . 2009-03-05 04:50 -------- d-----w c:\programmi\Java
2009-03-28 14:49 . 2009-03-03 19:58 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\vlc
2009-03-24 22:32 . 2009-03-24 22:32 -------- d-----w c:\programmi\r2 Studios
2009-03-20 00:29 . 2009-03-20 00:29 -------- d-----w c:\programmi\MSBuild
2009-03-20 00:29 . 2009-03-20 00:29 -------- d-----w c:\programmi\Reference Assemblies
2009-03-15 18:16 . 2009-02-22 18:18 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\live-player
2009-03-13 04:19 . 2008-11-27 21:12 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\IObit
2009-03-13 04:19 . 2008-11-27 21:12 -------- d-----w c:\programmi\IObit
2009-03-12 07:09 . 2009-02-17 02:14 -------- d-----w c:\programmi\Opera
2009-03-09 03:19 . 2009-01-31 07:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2003-10-31 19:21 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-06 05:13 . 2009-02-28 08:11 -------- d-----w c:\programmi\JLC's Software
2009-03-03 00:03 . 2006-06-23 12:28 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 16:57 . 2009-02-28 16:57 -------- d-----w c:\programmi\Windows Media Connect 2
2009-02-28 08:12 . 2009-02-28 08:12 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\JLC's Software
2009-02-22 18:23 . 2009-02-22 18:18 -------- d-----w c:\programmi\Live-Player
2009-02-21 10:29 . 2004-05-12 13:32 -------- d-----w c:\documents and settings\comp01\Dati applicazioni\AdobeUM
2009-02-20 17:08 . 2004-08-19 22:39 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2002-09-09 13:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2003-10-31 19:21 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2003-10-31 19:21 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2003-10-31 19:21 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2003-10-31 19:21 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2005-07-26 04:38 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2003-10-31 19:21 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2003-10-31 19:21 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2003-10-31 19:21 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2003-10-31 19:21 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-23 02:43 . 2009-01-23 02:43 413184 ----a-w c:\windows\system32\paintball.scr
2009-01-23 02:18 . 2009-01-23 02:18 297984 ----a-w c:\windows\Turn3DShuttleExplorer.scr
2008-11-30 06:37 . 2008-11-30 06:37 71224 -c--a-w c:\documents and settings\EDDY II\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-11-26 19:35 . 2008-11-26 19:35 71224 -c--a-w c:\documents and settings\Administrator.PORTATILE01\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-11-26 19:35 . 2008-11-26 19:35 154 -c--a-w c:\documents and settings\Administrator.PORTATILE01\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-07-17 18:34 . 2008-07-17 18:34 135 -c--a-w c:\documents and settings\comp01\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-12-04 19:22 . 2008-12-04 19:22 32768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008111720081124\index.dat
2008-12-04 19:22 . 2008-12-04 19:22 32768 -csha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008120420081205\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\programmi\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Download Express\\dep.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Live-Player\\live-player.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9453:TCP"= 9453:TCP:WWW
R2 gupdate1c9b9537a742990;Servizio di Google Update (gupdate1c9b9537a742990);c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 133104]
R3 NT_DIO;NT_DIO; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
S3 ENE;ENE;c:\windows\system32\DRIVERS\EMCR7SK.sys [2002-12-24 79392]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bepbpeh
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-18 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2009-04-06 21:05]
2009-04-15 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SpybotSD.exe [2009-02-17 14:31]
2009-04-15 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\programmi\Spybot - Search & Destroy\SDUpdate.exe [2009-04-06 13:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{E2BA40A2-74F3-42BD-F434-2604812C8953} - (no file)
SharedTaskScheduler-{E2BA40A2-74F3-42BD-F434-2604812C8953} - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\comp01\Dati applicazioni\Mozilla\Firefox\Profiles\7a0jlblo.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\comp01\Dati applicazioni\Mozilla\Firefox\Profiles\7a0jlblo.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\comp01\Dati applicazioni\Mozilla\Firefox\Profiles\7a0jlblo.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-18 20:11
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-04-18 20.15.16
ComboFix-quarantined-files.txt 2009-04-18 18:15
Pre-Run: 30.316.318.720 byte disponibili
Post-Run: 30.140.125.184 byte disponibili
222 --- E O F --- 2009-04-16 03:04
