ComboFix 12-04-01.03 - Administrator 02/04/2012 20.32.46.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1789.1099 [GMT 2:00] Eseguito da: c:\documents and settings\Administrator.PCCOMPUTER\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.PCC\IMPOST~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll c:\documents and settings\Administrator.PCCOMPUTER\Dati applicazioni\facemoods.com c:\documents and settings\Administrator.PCCOMPUTER\Dati applicazioni\Toolbar4 c:\documents and settings\Administrator.PCCOMPUTER\Impostazioni locali\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll c:\documents and settings\All Users\invokesi.exe c:\documents and settings\famiglia\Dati applicazioni\Desktopicon c:\documents and settings\famiglia\Dati applicazioni\Desktopicon\config.ini c:\documents and settings\feb 2004\WINDOWS c:\programmi\facemoods.com c:\programmi\facemoods.com\facemoods\1.4.17.3\facemoods.crx c:\programmi\facemoods.com\facemoods\1.4.17.3\facemoods.png c:\windows\IsUn0410.exe c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\ad302cec1975be50.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\dd593a456c26150f.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\e9276bff210c1e11.fb c:\windows\system32\CddbCdda.dll c:\windows\system32\quartz.dll.tmp . . ((((((((((((((((((((((((( Files Creati Da 2012-03-02 al 2012-04-02 ))))))))))))))))))))))))))))))))))) . . 2012-04-02 12:57 . 2012-04-02 12:57 -------- d-----w- c:\documents and settings\Administrator.PCCOMPUTER\Dati applicazioni\Malwarebytes 2012-04-02 12:56 . 2012-04-02 12:57 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware 2012-04-02 12:56 . 2012-04-02 12:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes 2012-04-02 12:56 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-21 22:56 . 2012-03-21 22:56 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-18 12:27 . 2011-06-22 11:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-27 13:38 . 2012-01-27 13:38 737280 ---ha-w- c:\windows\iun6002.exe 2012-01-12 17:20 . 2004-08-19 13:31 1859968 ---ha-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-16 14:31 3072 ---h--w- c:\windows\system32\iacenc.dll 2010-10-01 00:11 . 2010-12-02 11:19 462112 ---ha-w- c:\programmi\File comuni\ZugoInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{59506042-42a8-4ef6-82c9-35177bfb7f6f}"= "c:\programmi\ZoneAlarm_IT\prxtbZone.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{59506042-42a8-4ef6-82c9-35177bfb7f6f}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59506042-42a8-4ef6-82c9-35177bfb7f6f}] 2011-05-09 09:49 176936 ---ha-w- c:\programmi\ZoneAlarm_IT\prxtbZone.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-12 13:26 1869152 ---ha-w- c:\programmi\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}] 2012-01-11 14:29 241872 ---ha-w- c:\programmi\Softonic\softonic\1.5.11.5\bh\softonic.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programmi\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152] "{59506042-42a8-4ef6-82c9-35177bfb7f6f}"= "c:\programmi\ZoneAlarm_IT\prxtbZone.dll" [2011-05-09 176936] "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\programmi\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{59506042-42a8-4ef6-82c9-35177bfb7f6f}] . [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}] [HKEY_CLASSES_ROOT\Softonic.dskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\Softonic.dskBnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{59506042-42A8-4EF6-82C9-35177BFB7F6F}"= "c:\programmi\ZoneAlarm_IT\prxtbZone.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{59506042-42a8-4ef6-82c9-35177bfb7f6f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LG LinkAir"="c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-09-09 2440552] "KiesHelper"="c:\programmi\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312] "KiesPDLR"="c:\programmi\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200] "VX1000"="c:\windows\vVX1000.exe" [2006-06-29 707376] "LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104] "LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-17 421888] "CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2011-06-09 254696] "AVG_TRAY"="c:\programmi\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "vProt"="c:\programmi\AVG Secure Search\vprot.exe" [2012-03-12 982880] "ISW"="c:\programmi\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944] "ZoneAlarm"="c:\programmi\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360] "APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "KiesTrayAgent"="c:\programmi\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624] "ROC_roc_dec12"="c:\programmi\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/it.special-uninstallation-feedback-appf?lic=&inst=NzctMTA2ODgzNTAyNC1GTCs5LVFJWDErNC1YMjAxMCsyLUxJQysxLUZMMTArMS1TUDErMS1TVVArNC1UVUcrMy1TUDFTMisxLUREVCszMDMwNS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRU4rMS1UQisxLVUxMCsxLVNUMTJGT0krMS1GMTBVRSsx&prod=0&ver=10.0.1409" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336] . c:\documents and settings\famiglia\Menu Avvio\Programmi\Esecuzione automatica\ Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users.WINDOWS\Dati applicazioni\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-12-16 13:02 87424 ---ha-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ContentTransferWMDetector.exe"=c:\programmi\Sony\Content Transfer\ContentTransferWMDetector.exe "iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Programmi\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programmi\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Programmi\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Programmi\\AVG\\AVG10\\avgnsx.exe"= "c:\\Programmi\\AVG\\AVG10\\avgemcx.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\Programmi\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Programmi\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Programmi\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Programmi\\AVG\\AVG2012\\avgemcx.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 2.14.28 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 7.30.10 32592] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [26/01/2010 18.55.56 39472] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/01/2010 17.12.32 15328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 7.23.48 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 2.14.38 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 7.25.22 4433248] R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2012\avgwdsvc.exe [02/08/2011 7.09.08 192776] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 16.44.20 27016] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 16.44.28 497280] R2 LMIGuardianSvc;LMIGuardianSvc;c:\programmi\LogMeIn\x86\LMIGuardianSvc.exe [17/12/2010 19.02.57 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [11/08/2008 13.41.00 12856] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [28/01/2010 17.12.12 220128] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 17.15.22 1051976] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\programmi\File comuni\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12/03/2012 15.28.17 918880] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 2.14.26 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 2.14.28 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 7.21.42 16720] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 9.11.22 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 9.11.20 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 9.11.20 12928] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 11.18.08 10064] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14.16.28 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14.16.28 130384] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [20/02/2010 21.09.32 135664] S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [02/08/2010 17.19.22 14336] S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [02/08/2010 17.19.24 20864] S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [02/08/2010 17.19.26 19968] S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [02/08/2010 17.19.28 24960] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [01/01/2012 16.53.07 30312] S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [20/02/2010 21.09.32 135664] S3 PORTIO64;PORTIO64;e:\documenti\Documenti\JungleFlasher v0.1.77 Beta (179)\portio32.sys [20/12/2010 20.25.19 2560] S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [28/01/2010 17.12.22 32736] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [01/01/2012 16.53.07 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [01/01/2012 16.53.08 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [01/01/2012 16.53.08 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [01/01/2012 16.53.09 114280] . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenuto della cartella 'Scheduled Tasks' . 2012-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-20 19:09] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-20 19:09] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-796845957-839522115-500Core.job - c:\documents and settings\Administrator.PCCOMPUTER\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 20:29] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-796845957-839522115-500UA.job - c:\documents and settings\Administrator.PCCOMPUTER\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-02-27 20:29] . . ------- Scansione supplementare ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.it/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator.PCCOMPUTER\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206 IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208 IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210 IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205 IE: LG Air Sync Option - c:\programmi\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator.PCCOMPUTER\Menu Avvio\Programmi\IMVU\Run IMVU.lnk TCP: Interfaces\{6B7CDFFE-338D-40D1-9781-90C400B4089A}: NameServer = 208.67.222.222,208.67.220.220 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programmi\File comuni\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-10 - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Notify-WgaLogon - (no file) AddRemove-Easy-WebPrint - c:\windows\IsUn0410.exe AddRemove-01_Simmental - c:\programmi\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\programmi\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\programmi\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\programmi\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\programmi\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\programmi\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\programmi\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\programmi\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\programmi\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\programmi\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\programmi\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\programmi\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\programmi\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\programmi\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\programmi\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\programmi\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\programmi\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\programmi\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\programmi\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-02 20:44 Windows 5.1.2600 Service Pack 3 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_USERS\S-1-5-21-725345543-796845957-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,3b,1b,35,83,17, 85,bb,65,be,03,a6,0c,5f,cf,53,8f,ed,bf "{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,66,61, 81,7c,c6,78,07,9d,60,36,49,56,4d,30,a8 . [HKEY_USERS\S-1-5-21-725345543-796845957-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,b6,c3,1d,cc,fb,44,40,ae,e2,a9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,b6,c3,1d,cc,fb,44,40,ae,e2,a9,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(824) c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(3556) c:\windows\system32\WININET.dll c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\programmi\Nokia\Nokia PC Suite 6\phonebrowser.dll c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\programmi\AVG\AVG2012\avgcsrvx.exe c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programmi\Bonjour\mDNSResponder.exe c:\windows\system32\crypserv.exe c:\programmi\AVG\AVG2012\avgnsx.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\AVG\AVG2012\avgemcx.exe c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE c:\programmi\Microsoft LifeCam\MSCamSvc.exe c:\programmi\CDBurnerXP\NMSAccessU.exe c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\programmi\PC Connectivity Solution\ServiceLayer.exe c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Ora fine scansione: 2012-04-02 21:04:31 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-04-02 19:04 . Pre-Run: 50.299.305.984 byte disponibili Post-Run: 57.169.174.528 byte disponibili . WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /TUTag=K3MVMZ /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /TUTag=K3MVMZ-BAK . - - End Of File - - FAAB8F016F90F994AEEDF83D47CEDB46