Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.218 [GMT 2:00]
Eseguito da: c:\documents and settings\Mino\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik.dat
c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik_nav.dat
c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik_navps.dat
c:\windows\system32\AutoRun.inf
c:\windows\Uninstall.ini
.
((((((((((((((((((((((((( Files Creati Da 2010-07-10 al 2010-08-10 )))))))))))))))))))))))))))))))))))
.
2010-08-10 17:01 . 2010-08-10 16:58 398336 ----a-w- c:\windows\system32\CF4617.exe
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Conduit
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\programmi\Conduit
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-08-10 16:57 . 2010-08-10 16:57 -------- d-----w- c:\programmi\Softonic-IT
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\windows\LastGood
2010-08-10 16:13 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-10 16:13 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-10 16:13 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-10 16:13 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\programmi\Avira
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-08-04 19:47 . 2010-08-04 19:47 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Threat Expert
2010-08-04 17:26 . 2010-08-04 17:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-07-29 19:32 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-29 19:25 . 2010-07-29 19:25 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\PCHealth
2010-07-29 09:36 . 2010-07-29 09:36 -------- d-----w- c:\programmi\File comuni\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 18:23 . 1979-12-31 22:00 80356 ----a-w- c:\windows\system32\perfc010.dat
2010-08-04 18:23 . 1979-12-31 22:00 474824 ----a-w- c:\windows\system32\perfh010.dat
2010-06-14 14:31 . 2004-09-17 10:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-06-03 16:24 2736736 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\programmi\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"PCMService"="c:\programmi\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-09-16 185632]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-11-14 286720]
"StxTrayMenu"="c:\programmi\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [22/05/2007 18.58.38 5632]
R2 Seagate Sync Service;Seagate Sync Service;c:\programmi\Seagate\Sync\SeaSyncServices.exe [18/01/2007 13.20.24 24120]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/04/2010 17.02.22 102656]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [01/01/1980 160896]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*Deregistered* - SymEvent
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenuto della cartella 'Scheduled Tasks'
2010-08-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2007-05-22 08:20]
2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-08-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
2010-04-21 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2530241
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.69.25.47.96.downloads.estara.c ... 5OneCC.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
HKCU-RunOnce-Ceedo Repair - c:\docume~1\Mino\IMPOST~1\Temp\AutoDetect.exe
HKLM-Run-NBKeyScan - c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-sotgcik - c:\documents and settings\mino\impostazioni locali\dati applicazioni\sotgcik.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 19:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-08-10 19:52:39
ComboFix-quarantined-files.txt 2010-08-10 17:52
log file:
Pre-Run: 9.049.899.008 byte disponibili
Post-Run: 9.457.582.080 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 33C4B2286A373E0AE95A0ACC53C006A5