Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1st time with combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 dvd70

dvd70

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 08 August 2009 - 11:13 AM

Dear to all,
I used today for the first time combofix,this is the report:

ComboFix 09-08-07.09 - Giacomo 08/08/2009 11.46.48.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.271 [GMT 2:00]
Eseguito da: c:\documents and settings\Giacomo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090806-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Giacomo\Impostazioni locali\Dati applicazioni\macokui.dat
c:\documents and settings\Giacomo\Impostazioni locali\Dati applicazioni\macokui.exe
c:\documents and settings\Giacomo\Impostazioni locali\Dati applicazioni\macokui_nav.dat
c:\documents and settings\Giacomo\Impostazioni locali\Dati applicazioni\macokui_navps.dat
c:\programmi\\setup.exe
c:\programmi\autorun.inf
c:\recycler\S-1-5-21-1085031214-162531612-725345543-1003
c:\windows\Installer\7420c.msi
c:\windows\Installer\WinRMSrv.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-07-08 al 2009-08-08 )))))))))))))))))))))))))))))))))))
.

2009-08-08 09:13 . 2009-08-08 09:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SITEguard
2009-08-08 09:12 . 2009-08-08 09:12 -------- d-----w- c:\programmi\STOPzilla!
2009-08-08 09:12 . 2009-08-08 09:12 -------- d-----w- c:\programmi\File comuni\iS3
2009-08-08 09:12 . 2009-08-08 09:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\STOPzilla!
2009-08-06 17:05 . 2009-08-06 17:05 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2009-08-06 16:10 . 2009-08-06 16:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-06 15:34 . 2009-08-06 15:34 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-05 13:24 . 2009-08-05 13:24 -------- d-----w- c:\programmi\TomTom International B.V
2009-07-29 10:35 . 2009-08-06 18:22 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-29 10:35 . 2009-08-06 18:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-20 12:57 . 2009-07-20 12:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 12:56 . 2009-07-20 12:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 12:56 . 2009-07-20 12:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-09 13:52 . 2009-07-09 13:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 13:52 . 2009-07-09 13:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 13:51 . 2009-07-09 13:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 13:51 . 2009-07-09 13:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 13:51 . 2009-07-09 13:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 13:50 . 2009-07-09 13:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 13:50 . 2009-07-09 13:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 13:50 . 2009-07-09 13:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 13:47 . 2009-07-09 13:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 16:44 . 2009-04-17 13:30 -------- d-----w- c:\programmi\Spamihilator
2009-08-05 13:24 . 2007-11-17 10:48 -------- d-----w- c:\programmi\TomTom HOME 2
2009-07-29 09:52 . 2009-06-10 11:04 -------- d-----w- c:\programmi\myBabylon_English
2009-07-23 12:55 . 2006-02-09 09:05 -------- d-----w- c:\documents and settings\Giacomo\Dati applicazioni\OpenOffice.org2
2009-07-03 16:55 . 2004-09-01 06:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 16:09 . 2009-05-08 07:15 -------- d-----w- c:\programmi\Samsung
2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\programmi\USB
2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\programmi\PRINTER
2009-07-03 16:09 . 2009-07-03 16:09 -------- d-----w- c:\programmi\MSG
2009-07-03 16:09 . 2009-07-03 16:08 -------- d-----w- c:\programmi\DATA
2009-07-03 16:08 . 2009-07-03 16:08 -------- d-----w- c:\programmi\APPLICATION
2009-07-03 15:52 . 2004-09-06 05:16 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-03 15:35 . 2004-12-11 12:35 -------- d-----w- c:\programmi\File comuni\Adobe
2009-07-01 15:47 . 2009-06-01 14:52 -------- d-----w- c:\programmi\epson
2009-06-29 06:54 . 2004-12-11 20:16 -------- d-----w- c:\programmi\Google
2009-06-16 14:36 . 2004-09-01 06:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-09-01 06:19 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 17:13 . 2008-05-03 08:59 -------- d-----w- c:\programmi\eMule
2009-06-10 13:05 . 2009-06-10 13:05 -------- d-----w- c:\programmi\TorrentSpeeder
2009-06-10 13:02 . 2009-06-10 13:01 -------- d-----w- c:\programmi\eToro
2009-06-10 11:04 . 2009-06-10 11:04 -------- d-----w- c:\programmi\Conduit
2009-06-10 11:04 . 2009-06-10 11:04 -------- d-----w- c:\programmi\Babylon
2009-06-10 07:56 . 2009-06-10 07:56 -------- d-----w- c:\documents and settings\Giacomo\Dati applicazioni\Smart Panel
2009-06-10 07:53 . 2009-06-10 07:53 -------- d-----w- c:\documents and settings\Giacomo\Dati applicazioni\InterTrust
2009-06-10 07:52 . 2009-06-10 07:51 -------- d-----w- c:\programmi\NewSoft
2009-06-10 07:51 . 2009-06-10 07:51 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-06-10 07:51 . 2009-06-10 07:51 -------- d-----w- c:\documents and settings\Giacomo\Dati applicazioni\ABBYY
2009-06-10 07:50 . 2009-06-10 07:50 -------- d-----w- c:\programmi\ABBYY
2009-06-10 07:49 . 2009-06-10 07:49 -------- d-----w- c:\programmi\ArcSoft
2009-06-10 07:48 . 2009-06-10 07:46 -------- d-----w- c:\programmi\Smart Panel
2009-06-10 07:48 . 2009-06-10 07:48 -------- d-----w- c:\programmi\File comuni\Python
2009-06-03 19:09 . 2004-09-01 06:19 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 17:05 . 2008-02-09 11:05 249856 ------w- c:\windows\Setup1.exe
2009-05-27 17:05 . 2008-02-09 11:05 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-23 01:07 . 2004-12-11 12:33 84168 ----a-w- c:\documents and settings\Giacomo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-22 18:16 . 2004-09-01 06:19 84354 ----a-w- c:\windows\system32\perfc010.dat
2009-05-22 18:16 . 2004-09-01 06:19 489648 ----a-w- c:\windows\system32\perfh010.dat
2009-05-12 12:13 . 2009-05-12 12:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2008-02-09 11:07 . 2008-02-09 11:05 2408 ----a-w- c:\programmi\ST6UNST.LOG
2007-05-30 02:08 . 2007-05-30 02:08 19229 ----a-w- c:\programmi\Setup.dat
2007-03-19 16:51 . 2007-03-19 16:51 151552 ----a-w- c:\programmi\SetAlti.exe
2007-01-09 17:38 . 2007-01-09 17:38 172032 ----a-w- c:\programmi\SecSNMP.dll
2006-12-09 16:52 . 2006-12-09 16:52 57000 ----a-w- c:\programmi\Autorun.exe
2006-04-07 17:25 . 2006-04-07 17:25 3207168 ----a-w- c:\programmi\Ssres.dll
2005-03-20 15:04 . 2005-03-20 15:04 192512 ----a-w- c:\programmi\Pipe_Dsn.exe
2008-05-05 12:17 . 2008-05-05 12:13 56 --sh--r- c:\windows\system32\5E9D0DEC97.sys
2004-12-11 20:16 . 2004-12-11 20:16 56 --sh--r- c:\windows\system32\DE7F75697D.sys
2008-05-05 12:17 . 2008-05-05 12:17 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-29 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-07-29 09:53 2215960 ----a-w- c:\programmi\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-29 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyB1.dll" [2009-07-29 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 68856]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"PMCLoader"="c:\programmi\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-03-27 644368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2003-10-30 192512]
"PadTouch"="c:\programmi\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 53248]
"TCtryIOHook"="c:\windows\System32\TCtrlIOHook.exe" [2004-08-05 28672]
"ZoomingHook"="c:\windows\System32\ZoomingHook.exe" [2004-07-14 24576]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-30 118784]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 643072]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"dlrblckr.exe"="c:\programmi\Gigaset DECT\gigaset-m34-usb\dlrblckr.exe" [2005-08-18 57460]
"skypeclient.exe"="c:\programmi\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592]
"messengerservice.exe"="c:\programmi\Gigaset DECT\gigaset-m34-software\messengerservice.exe" [2005-08-18 352256]
"keymap.exe"="c:\programmi\Gigaset DECT\gigaset-m34-software\keymap.exe" [2005-08-18 167936]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Spamihilator"="c:\programmi\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2007-05-30 520192]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172032]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-21 88363]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-08-13 266240]
"TFncKy"="TFncKy.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2003-9-15 503869]
Exif Launcher.lnk - c:\programmi\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
Pinnacle Streaming Server.lnk - c:\programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-3-25 603408]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-12-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programmi\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Spamihilator\\cdcc.exe"=
"c:\\Programmi\\Spamihilator\\dccproc.exe"=
"c:\\Programmi\\Spamihilator\\spamihilator.exe"=

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/05/2009 14.13.12 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/04/2008 8.23.10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/04/2008 8.23.10 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12.38.14 92008]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]
S0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys --> c:\windows\system32\drivers\avgntmgr.sys [?]
S1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys --> c:\windows\system32\DRIVERS\avgntdd.sys [?]
S2 gupdate1c9e51928410464;Google Update Service (gupdate1c9e51928410464);c:\programmi\Google\Update\GoogleUpdate.exe [04/06/2009 15.34.16 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Atkcfg;Cordless Device Configuration;c:\windows\system32\drivers\atkcfg.sys [18/08/2005 9.30.42 46592]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/11/2008 16.14.11 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/11/2008 16.14.11 3072]
S3 Gig5gu;Cordless Internet Access;c:\windows\system32\drivers\gig5gu.sys [18/08/2005 9.32.04 55680]
S3 Gigsrf;Cordless Device Line Access;c:\windows\system32\drivers\gigsrf.sys [18/08/2005 9.31.48 94592]
S3 Gigtnc;Cordless PC Control;c:\windows\system32\drivers\gigtnc.sys [18/08/2005 9.31.06 45440]
S3 siellif;siellif;c:\windows\system32\drivers\siellif.sys [01/03/2005 12.33.18 113408]
S3 Sieupapp;Cordless Device Update;c:\windows\system32\drivers\sieupapp.sys [18/08/2005 9.28.52 32128]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-06 c:\windows\Tasks\avast! Antivirus.job
- c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2006-03-03 21:03]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-04 13:34]

2009-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-04 13:34]

2009-08-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2004-12-18 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-01 02:14]

2004-12-25 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-01 02:14]

2004-12-11 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-01 02:14]

2009-07-01 c:\windows\Tasks\SyncBack Backup.job
- c:\programmi\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 11:00]

2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{D3C366C0-AEFF-4021-9330-FCF684967D26}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-08-07 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-macokui - c:\documents and settings\giacomo\impostazioni locali\dati applicazioni\macokui.exe
HKCU-Run-SpybotSD TeaTimer - c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-PMCRemote - (no file)
HKLM-Run-avgnt - c:\programmi\AntiVir PersonalEdition Classic\avgnt.exe
HKLM-Run-UDC Integration - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Giacomo\Dati applicazioni\Mozilla\Firefox\Profiles\pe990qsa.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia [it]
FF - prefs.js: browser.startup.homepage - hxxp://it.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - plugin: c:\programmi\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\programmi\Java\j2re1.4.2_05\bin\NPOJI610.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npJoostPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 12:03
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3103845367-4040245139-2167264142-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,52,56,45,de,5f,
b6,14,21,c8,28,51,af,b0,29,a3,98,72,27,88,1f,c7,d3,49,11,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,cc,8c,a1,f8,4f,
3d,37,f3,71,3b,04,66,8b,46,0d,96,94,da,1d,01,17,3b,d5,3d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d6,69,fb,44,6e,
bc,98,bb,25,da,ec,7e,55,20,c9,26,a9,85,7e,b4,5b,21,b3,16,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,6b,7b,f1,b0,b6,
63,ab,a1,3e,1e,9e,e0,57,5a,93,61,b0,b9,ae,f8,3c,2f,df,3b,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,6d,21,31,7d,16,
c6,65,7b,cd,44,cd,b9,a6,33,6c,cd,93,2b,91,21,ea,2b,d6,86,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,3b,a5,5e,0c,c4,
b0,77,65,b0,18,ed,a7,3f,8d,37,a4,7c,a9,5f,a1,4f,fc,70,c5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,fa,24,3e,8a,bf,
1a,b1,49,31,77,e1,ba,b1,f8,68,02,d3,8e,e6,04,66,f2,53,0a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,b7,75,98,c1,e5,
eb,57,38,83,6c,56,8b,a0,85,96,ab,00,f2,00,b5,c5,72,b1,f6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,bf,f6,2f,60,4e,
82,c7,61,51,fa,6e,91,28,9e,14,cc,35,5f,ec,a2,ca,2a,d9,0e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,5a,c5,cb,2c,2c,
de,d7,f0,b1,cd,45,5a,a8,c4,f8,b9,a4,3b,96,fa,ba,6e,00,1b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c2,b4,23,5e,47,
9a,8e,49,e3,0e,66,d5,eb,bc,2f,6b,ad,a4,f1,f3,62,7c,24,09,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c0,41,a9,0a,4e,
6d,35,3b,fa,ea,66,7f,d4,3b,6b,70,f3,5a,1a,e2,00,63,42,96,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\*+AB]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="????????\02"
"ReinstallString"="??"
"DeviceInstanceIds"=multi:"busati.inf\00"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Canon\CAL\CALMAIN.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\rundll32.exe
c:\programmi\Apoint2K\ApntEx.exe
c:\programmi\Gigaset DECT\gigaset-m34-software\appsvr.exe
c:\windows\system32\TPSBattM.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Ora fine scansione: 2009-08-08 12.11.05 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2009-08-08 10:11

Pre-Run: 19.508.998.144 byte disponibili
Post-Run: 19.697.938.432 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\wubildr.mbr="Ubuntu"

380 --- E O F --- 2009-08-07 14:06

WHAT ABOUT?!

I'm not very good in english.

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:51 AM

Posted 08 August 2009 - 11:21 AM

ComboFix logs should not be posted outside the HijackThis forums and only when requested. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users