Free Malware Removal Forum

by **edgar73** » August 10th, 2010, 2:34 pm

ComboFix 10-08-09.03 - Mino 10/08/2010 19.33.11.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.218 [GMT 2:00]
Eseguito da: c:\documents and settings\Mino\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik.dat
c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik_nav.dat
c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\sotgcik_navps.dat
c:\windows\system32\AutoRun.inf
c:\windows\Uninstall.ini

.
((((((((((((((((((((((((( Files Creati Da 2010-07-10 al 2010-08-10 )))))))))))))))))))))))))))))))))))
.

2010-08-10 17:01 . 2010-08-10 16:58 398336 ----a-w- c:\windows\system32\CF4617.exe
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Conduit
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\programmi\Conduit
2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Softonic-IT
2010-08-10 16:57 . 2010-08-10 16:57 -------- d-----w- c:\programmi\Softonic-IT
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\windows\LastGood
2010-08-10 16:13 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-10 16:13 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-10 16:13 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-10 16:13 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\programmi\Avira
2010-08-10 16:13 . 2010-08-10 16:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-08-04 19:47 . 2010-08-04 19:47 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\Threat Expert
2010-08-04 17:26 . 2010-08-04 17:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-07-29 19:32 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-29 19:25 . 2010-07-29 19:25 -------- d-----w- c:\documents and settings\Mino\Impostazioni locali\Dati applicazioni\PCHealth
2010-07-29 09:36 . 2010-07-29 09:36 -------- d-----w- c:\programmi\File comuni\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 18:23 . 1979-12-31 22:00 80356 ----a-w- c:\windows\system32\perfc010.dat
2010-08-04 18:23 . 1979-12-31 22:00 474824 ----a-w- c:\windows\system32\perfh010.dat
2010-06-14 14:31 . 2004-09-17 10:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-06-03 16:24 2736736 ----a-w- c:\programmi\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\programmi\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\programmi\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"PCMService"="c:\programmi\Aspire Arcade\PCMService.exe" [2004-03-25 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-09-16 185632]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-11-14 286720]
"StxTrayMenu"="c:\programmi\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [22/05/2007 18.58.38 5632]
R2 Seagate Sync Service;Seagate Sync Service;c:\programmi\Seagate\Sync\SeaSyncServices.exe [18/01/2007 13.20.24 24120]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/04/2010 17.02.22 102656]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [01/01/1980 160896]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*Deregistered* - SymEvent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2007-05-22 08:20]

2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-08-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2010-04-21 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2530241
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.69.25.47.96.downloads.estara.c ... 5OneCC.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe
HKCU-Run-MsnMsgr - c:\programmi\Windows Live\Messenger\MsnMsgr.Exe
HKCU-RunOnce-Ceedo Repair - c:\docume~1\Mino\IMPOST~1\Temp\AutoDetect.exe
HKLM-Run-NBKeyScan - c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-sotgcik - c:\documents and settings\mino\impostazioni locali\dati applicazioni\sotgcik.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 19:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-08-10 19:52:39
ComboFix-quarantined-files.txt 2010-08-10 17:52

log file:
Pre-Run: 9.049.899.008 byte disponibili
Post-Run: 9.457.582.080 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 33C4B2286A373E0AE95A0ACC53C006A5

by **NonSuch** » August 10th, 2010, 7:37 pm

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<

Free Malware Removal Forum

interpreting combofix log file

interpreting combofix log file

Re: interpreting combofix log file

Who is online