ComboFix 09-12-09.02 - Mario 10/12/2009 14.22.26.6.1 - x86
Eseguito da: c:\documents and settings\Mario\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$t001.tmp
C:\$t002.tmp
C:\$t011.tmp
C:\$t012.tmp
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-11-10 al 2009-12-10 )))))))))))))))))))))))))))))))))))
.
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Adobe Systems
2009-12-03 14:04 . 2009-12-03 14:04 -------- d-----w- c:\programmi\File comuni\Adobe Systems Shared
2009-11-29 13:05 . 2009-11-29 13:05 -------- d-----w- c:\programmi\Microsoft
2009-11-12 10:22 . 2008-05-29 00:03 37176 ----a-w- c:\documents and settings\Mario\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 13:18 . 2009-09-13 15:02 -------- d-----w- c:\programmi\File comuni\Akamai
2009-12-08 20:37 . 2008-10-18 09:46 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Azureus
2009-12-07 21:20 . 2009-08-09 13:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-07 21:20 . 2009-09-20 16:40 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-06 17:01 . 2008-08-22 21:03 -------- d-----w- c:\programmi\Google
2009-12-05 19:28 . 2008-04-05 08:26 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-12-03 15:14 . 2009-08-09 13:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-08-09 13:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 14:08 . 2008-03-10 08:14 149736 ----a-w- c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-03 14:04 . 2008-03-10 15:57 -------- d-----w- c:\programmi\File comuni\Adobe
2009-11-29 11:08 . 2004-08-19 12:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2009-11-29 11:08 . 2004-08-19 12:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2009-11-23 22:42 . 2008-10-18 09:44 -------- d-----w- c:\programmi\Vuze
2009-11-22 19:43 . 2009-02-07 09:19 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\LimeWire
2009-10-25 20:49 . 2008-03-15 21:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-16 10:26 . 2002-04-09 07:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-16 10:25 . 2009-09-03 21:51 -------- d-----w- c:\programmi\Total Video Converter
2009-10-16 10:25 . 2009-09-12 12:23 -------- d-----w- c:\programmi\MAGIX
2009-10-12 16:22 . 2009-01-24 21:09 21036 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-12 16:22 . 2009-01-24 21:09 15132 ----atw- c:\windows\system32\SIntf32.dll
2009-10-12 16:22 . 2009-01-24 21:09 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-09-11 14:17 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-09-18 257096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe -atboottime" [X]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Ralink Wireless Utility.lnk - c:\programmi\RALINK\Common\RaUI.exe [2008-3-10 675840]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [09/04/2002 8.01.54 11264]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [19/08/2004 13.00.00 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [25/07/2009 13.51.25 57344]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [18/12/2006 17.53.02 1121536]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2009 21.52.27 717296]
S2 gupdate1ca136b7c496576;Servizio di Google Update (gupdate1ca136b7c496576);c:\programmi\Google\Update\GoogleUpdate.exe [02/08/2009 13.19.27 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\MAGIX\Common\Database\bin\fbserver.exe [12/09/2009 13.39.17 1527900]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Mario\Dati applicazioni\Mozilla\Firefox\Profiles\larisuly.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-AdobeBridge - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-10 14:34
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Ora fine scansione: 2009-12-10 14:44:07
ComboFix-quarantined-files.txt 2009-12-10 13:44
Pre-Run: 83.379.138.560 byte disponibili
Post-Run: 83.355.897.856 byte disponibili
- - End Of File - - 0D20D8474AD093B65AAEAB8F197D13D3