Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to read combofix.txt


  • This topic is locked This topic is locked
3 replies to this topic

#1 alby64

alby64

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:03:56 PM

Posted 31 December 2009 - 06:06 AM

Hello, can you help me to read the combofix.txt ?
Thanks all

ComboFix 09-12-28.03 - Io 31/12/2009 11.01.55.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3582.2841 [GMT 1:00]
Eseguito da: c:\documents and settings\Io\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0000-0200-000003000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3112824338-1346129512-1899532678-1000
c:\$recycle.bin\S-1-5-21-725730728-143550973-3793957283-1000
c:\windows\patchw32.dll
c:\windows\pw32a.dll
M:\install.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-11-28 al 2009-12-31 )))))))))))))))))))))))))))))))))))
.

2009-12-30 15:29 . 2009-12-30 15:30 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Creative
2009-12-30 15:28 . 2009-12-30 15:28 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Nero
2009-12-30 11:43 . 2009-12-30 11:45 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\dvdcss
2009-12-30 00:50 . 2009-12-30 00:50 43616 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-30 00:49 . 2009-12-30 00:49 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Apple Computer
2009-12-30 00:49 . 2009-12-30 00:49 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Apple Computer
2009-12-29 23:46 . 2009-12-30 01:15 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\#ISW.FS#
2009-12-29 23:35 . 2009-12-29 23:35 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\MailFrontier
2009-12-29 23:31 . 2009-12-31 09:05 144 ----a-w- c:\windows\system32\pdfl.dat
2009-12-29 23:31 . 2009-12-29 23:31 80 ----a-w- c:\windows\system32\ibfl.dat
2009-12-29 23:31 . 2009-11-10 06:25 72584 ----a-w- c:\windows\zllsputility.exe
2009-12-29 23:31 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-12-29 23:30 . 2009-11-10 06:24 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-29 23:30 . 2009-11-10 06:24 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-29 23:30 . 2009-12-31 10:02 -------- d-----w- c:\windows\system32\ZoneLabs
2009-12-29 23:30 . 2009-11-10 06:24 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-12-29 23:27 . 2009-12-31 09:51 -------- d-----w- c:\windows\Internet Logs
2009-12-29 20:40 . 2009-12-29 20:41 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Corel
2009-12-29 20:40 . 2009-12-29 20:40 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-29 20:09 . 2009-12-30 10:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-12-29 18:11 . 2009-12-29 18:11 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\TweakNow RegCleaner
2009-12-29 18:11 . 2009-12-29 18:14 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\TeraCopy
2009-12-29 17:37 . 2009-12-29 17:37 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-12-29 17:27 . 2009-12-29 17:27 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-12-29 17:27 . 2006-09-13 04:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP83.DLL
2009-12-29 17:27 . 2006-09-13 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD83.DLL
2009-12-29 17:27 . 2008-04-03 04:00 198656 ----a-w- c:\windows\system32\CNMLM83.DLL
2009-12-29 17:26 . 2009-12-29 17:26 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-12-29 17:26 . 2006-06-29 13:29 106496 ----a-w- c:\windows\system32\cnco160.dll
2009-12-29 17:26 . 2008-01-30 10:12 1302528 ----a-w- c:\windows\system32\CNCC160.DLL
2009-12-29 17:26 . 2008-01-30 10:12 69632 ----a-w- c:\windows\system32\CNCI160.DLL
2009-12-29 17:26 . 2006-05-26 09:54 135168 ----a-w- c:\windows\system32\CNCL160.DLL
2009-12-29 17:26 . 2009-12-29 17:26 -------- d--h--w- c:\programmi\CanonBJ
2009-12-29 17:25 . 2009-12-29 17:25 -------- d-----w- c:\programmi\Canon
2009-12-29 17:14 . 2009-12-29 17:14 53136 ----a-w- c:\windows\system32\PxSecure.dll
2009-12-29 17:14 . 2009-12-29 17:14 47408 ----a-w- c:\windows\system32\drivers\pxrts.sys
2009-12-29 17:14 . 2009-12-29 17:14 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-12-29 17:14 . 2009-12-29 17:14 24496 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2009-12-29 17:14 . 2009-12-30 21:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-12-29 17:07 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-29 17:07 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-29 17:07 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-29 17:07 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-29 17:05 . 2009-12-29 17:05 144 ----a-w- c:\windows\system32\lkfl.dat
2009-12-29 16:21 . 2009-12-29 16:21 -------- d-----w- c:\documents and settings\IoWeb\Impostazioni locali\Dati applicazioni\Mozilla
2009-12-29 16:20 . 2009-07-04 08:24 -------- d--h--w- c:\documents and settings\IoWeb\Risorse di stampa
2009-12-29 16:20 . 2009-07-04 08:24 -------- d--h--w- c:\documents and settings\IoWeb\Risorse di rete
2009-12-29 16:20 . 2009-07-04 08:24 -------- d-----r- c:\documents and settings\IoWeb\Menu Avvio
2009-12-29 16:20 . 2009-07-04 07:30 -------- d--h--w- c:\documents and settings\IoWeb\Modelli
2009-12-09 14:45 . 2009-12-09 14:45 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Windows Search
2009-12-09 14:40 . 2009-12-09 14:40 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Avira
2009-12-09 14:01 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-09 14:01 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-09 14:01 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-09 08:46 . 2009-12-09 08:56 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-12-09 08:46 . 2009-12-09 08:46 131 ----a-w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-12-09 08:44 . 2009-12-09 13:54 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2009-12-09 08:34 . 2009-12-09 08:34 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-12-09 08:34 . 2009-12-09 08:34 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Identities
2009-12-09 08:34 . 2009-12-09 08:34 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Windows Desktop Search
2009-12-09 08:33 . 2009-12-09 08:50 -------- d-----w- c:\programmi\Windows Desktop Search
2009-12-09 08:33 . 2009-12-09 08:33 -------- d-----w- c:\windows\system32\GroupPolicy
2009-12-09 08:33 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-12-09 08:33 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-12-09 08:33 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-12-09 08:32 . 2009-12-09 08:32 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-12-09 08:31 . 2009-12-09 10:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-09 08:31 . 2009-12-09 08:31 -------- d-----w- c:\windows\system32\LogFiles
2009-12-09 08:30 . 2009-12-09 08:30 -------- d-----w- c:\windows\system32\URTTEMP
2009-12-09 08:11 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-09 08:08 . 2009-12-09 08:08 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2009-12-07 23:21 . 2009-12-07 23:21 152576 ----a-w- c:\documents and settings\Io\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-07 23:20 . 2009-12-07 23:20 79488 ----a-w- c:\documents and settings\Io\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-07 23:03 . 2009-10-29 07:40 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-07 23:03 . 2009-10-29 07:40 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-07 23:03 . 2009-10-29 07:40 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-07 23:03 . 2009-10-29 07:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-07 23:03 . 2009-10-29 07:40 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-07 23:03 . 2009-10-29 07:40 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-07 23:00 . 2009-12-30 09:05 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Temp
2009-12-07 22:42 . 2009-12-07 22:42 -------- d-sh--w- c:\documents and settings\Io\PrivacIE
2009-12-07 22:40 . 2009-12-07 22:40 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\McAfee
2009-12-07 22:35 . 2009-12-07 22:35 -------- d-----w- c:\programmi\File comuni\McAfee
2009-12-07 22:34 . 2009-12-07 22:35 -------- d-----w- c:\programmi\McAfee
2009-12-07 22:34 . 2009-12-07 22:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-12-07 22:29 . 2009-12-07 22:29 -------- d-sh--w- c:\documents and settings\Io\IETldCache
2009-12-07 22:20 . 2009-12-07 22:20 -------- d-----w- c:\programmi\MSXML 4.0
2009-12-07 22:14 . 2009-12-09 08:11 -------- d-----w- c:\windows\ie8updates
2009-12-07 22:13 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-07 22:13 . 2009-12-07 22:13 -------- dc-h--w- c:\windows\ie8
2009-12-07 22:10 . 2008-04-13 18:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-07 21:59 . 2009-12-07 21:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky SDK
2009-12-07 21:58 . 2007-12-30 04:01 307200 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-07 21:58 . 2007-12-30 04:01 172032 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-07 21:58 . 2007-12-30 04:01 90112 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-07 21:57 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-07 21:57 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-07 21:54 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-07 21:54 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-07 21:54 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-07 21:54 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-07 21:53 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-07 21:53 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-07 21:53 . 2009-12-07 21:53 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Opera
2009-12-07 21:53 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-07 21:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-07 21:51 . 2009-12-29 23:46 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 21:51 . 2009-12-09 14:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-07 21:49 . 2009-12-09 08:12 -------- d--h--w- c:\windows\$hf_mig$
2009-12-07 21:42 . 2009-12-07 23:00 -------- d-----w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Google
2009-12-07 21:41 . 2009-10-07 18:06 106496 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-07 21:41 . 2009-10-08 10:31 3204096 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-07 21:41 . 2009-03-19 22:57 40960 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-07 21:41 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-12-07 21:41 . 2008-12-14 07:24 169936 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\FlashGot.exe
2009-12-07 21:41 . 2009-09-23 21:29 28672 ----a-w- c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-07 21:17 . 2009-12-30 00:58 1 ----a-w- c:\documents and settings\Io\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-07 21:17 . 2009-12-07 21:17 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\OpenOffice.org
2009-12-07 21:15 . 2009-12-07 21:15 7424000 ----a-r- c:\documents and settings\Io\Dati applicazioni\Microsoft\Installer\{43A650AA-D1DC-4C52-8819-D7848B3A08DA}\soffice.exe
2009-12-07 21:14 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-07 21:14 . 2009-12-07 23:22 -------- d-----w- c:\programmi\Java
2009-12-07 21:08 . 2009-12-07 21:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-12-07 21:08 . 2009-12-07 21:08 -------- d-----w- c:\documents and settings\Io\Dati applicazioni\Logitech
2009-12-07 21:05 . 2008-05-02 01:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-12-07 21:05 . 2008-05-02 01:40 84496 ----a-w- c:\windows\system32\KemXML.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 19:54 . 2009-12-30 19:56 1831936 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-30 19:53 . 2009-12-30 19:56 2860544 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-29 22:08 . 2003-04-08 12:00 95268 ----a-w- c:\windows\system32\perfc010.dat
2009-12-29 22:08 . 2003-04-08 12:00 518478 ----a-w- c:\windows\system32\perfh010.dat
2009-12-29 16:21 . 2009-12-29 16:21 75360 ----a-w- c:\documents and settings\IoWeb\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-29 16:21 . 2009-12-29 16:21 -------- d-----w- c:\documents and settings\IoWeb\Dati applicazioni\CheckPoint
2009-12-29 16:21 . 2009-12-29 16:21 -------- d-----w- c:\documents and settings\IoWeb\Dati applicazioni\ATI
2009-12-07 23:15 . 2009-07-04 05:43 75360 ----a-w- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-12-07 21:06 . 2009-12-07 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-12-07 21:06 . 2009-12-07 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-12-07 21:06 . 2009-12-07 21:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-07 11:09 . 2009-12-07 11:09 -------- d-----w- c:\programmi\File comuni\ATI Technologies
2009-11-04 15:18 . 2009-12-07 08:02 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2009-12-07 11:06 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2009-12-07 08:02 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2009-12-07 11:06 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2009-12-07 11:06 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-12-07 11:06 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2009-12-07 11:06 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2009-12-07 11:06 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-12-07 11:06 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-12-07 11:06 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45 . 2009-12-07 11:06 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2009-12-07 11:06 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45 . 2009-12-07 11:06 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2009-12-07 11:06 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2009-12-07 11:06 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2009-12-07 08:02 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-10-29 07:40 . 2003-04-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-12-07 08:02 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-12-07 08:02 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-12-07 08:01 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2003-04-08 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-04-08 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-04-08 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 13:57 . 2008-07-29 18:59 613888 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2003-04-08 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2003-04-08 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\utilita'\CDeDVD\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="e:\programmi\SECURITY SUITE\ZoneAlarm\zlclient.exe" [2009-11-10 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Io\Menu Avvio\Programmi\Esecuzione automatica\
ERUNT AutoBackup.lnk - e:\utilita'\SYSOPERATIVO\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Io^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Io\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- e:\programmi\Adobe\Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-30 18:52 16200 ----a-w- e:\programmi\FOTORITOCCO\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 10:03 868352 ------w- c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2009-11-27 17:37 1723904 ----a-w- e:\utilita'\SYSOPERATIVO\FCleaner\FCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-07 22:59 135664 ----atw- c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- e:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:38 1289000 ----a-w- e:\utilita'\SYSOPERATIVO\ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2009-09-01 15:31 1086760 ----a-w- e:\utilita'\CDeDVD\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
2008-08-13 16:24 2245984 ----a-w- c:\programmi\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2008-11-24 15:48 916800 ----a-w- e:\utilita'\SYSOPERATIVO\RFA\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-10-28 22:07 96816 ----a-w- e:\programmi\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2009-11-10 06:24 1037192 ----a-w- e:\programmi\SECURITY SUITE\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\utilita'\SYSOPERATIVO\ActiveSync\rapimgr.exe"= e:\utilita'\SYSOPERATIVO\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\utilita'\SYSOPERATIVO\ActiveSync\wcescomm.exe"= e:\utilita'\SYSOPERATIVO\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\utilita'\SYSOPERATIVO\ActiveSync\WCESMgr.exe"= e:\utilita'\SYSOPERATIVO\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\UTILITA'\\INTERNET\\uTorrent\\uTorrent.exe"=
"e:\\PROGRAMMI\\VMware Workstation\\vmware-authd.exe"=
"e:\\PROGRAMMI\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\PROGRAMMI\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\PROGRAMMI\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\UTILITA'\\INTERNET\\BROWSERS\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/12/2009 18.14.49 30280]
R2 a2free;a-squared Free Service;e:\programmi\SECURITY SUITE\a-squared Free\a2service.exe [07/12/2009 22.11.39 1858144]
R2 AntiVirMailService;Avira AntiVir MailGuard;e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\avmailc.exe [09/12/2009 15.01.34 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\sched.exe [09/12/2009 15.01.35 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\avwebgrd.exe [09/12/2009 15.01.35 434945]
R2 CSIScanner;CSIScanner;e:\programmi\SECURITY SUITE\Prevx\prevx.exe [29/12/2009 18.14.48 6256296]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.sys [27/10/2009 16.58.32 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC.exe [27/10/2009 16.58.58 476528]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [07/12/2009 23.35.01 93320]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [29/12/2009 18.14.49 47408]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [08/04/2003 13.00.00 5120]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [28/10/2008 23.08.58 54960]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 2.46.34 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 2.46.56 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 2.46.42 72728]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [29/12/2009 18.14.48 24496]
R3 SymSnapService;SymSnapService;c:\programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 16.13.46 1558000]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/12/2009 18.39.04 691696]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 0324941260225306mcinstcleanup;McAfee Application Installer Cleanup (0324941260225306);c:\docume~1\Io\IMPOST~1\Temp\032494~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Io\IMPOST~1\Temp\032494~1.EXE c:\progra~1\FILECO~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmi\File comuni\Creative Labs Shared\Service\CTAELicensing.exe [07/12/2009 18.45.17 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 2.46.34 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 2.46.56 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 2.46.42 72728]
S3 icsak;icsak;c:\programmi\CheckPoint\ZAForceField\AK\icsak.sys [27/10/2009 16.58.32 35448]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\avsda.dll
LSP: e:\programmi\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\z492q9xo.Io\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\programmi\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\programmi\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\programmi\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Io\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\programmi\Adobe\Reader\Reader\browser\nppdf32.dll
FF - plugin: e:\utilita'\INTERNET\BROWSERS\Opera\program\plugins\npdsplay.dll
FF - plugin: e:\utilita'\INTERNET\BROWSERS\Opera\program\plugins\NPOFF12.DLL
FF - plugin: e:\utilita'\INTERNET\BROWSERS\Opera\program\plugins\npwmsdrm.dll
FF - plugin: e:\utilita'\VIDEO\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01.
.
------- Associazioni dei file -------
.
txtfile="%WinDir%\NOTEPAD.EXE" %1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Corel Photo Downloader - c:\programmi\File comuni\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
AddRemove-DAEMON Tools Toolbar - c:\programmi\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\Io\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="A1CC93B15FEEA47F2D934F58C08D93860FC038A82B609511B86846190D8CD941C92D12D3150C59DEB3C5D335A25B634AFA47EEA5C6E832347C4791BAD8680DACC9D0E32D18E1047E139FC71DDDA0B45A24B1A424DF67A0D66BA9C7C084FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DA6171C11EC38DE3D6081EFF5DA4CC61FEE991BD9C3072421C20C1355BB256F2AECCB769DECBE1E0C4944922DCB5D6A2136A9DE497756399798E54F9AEB39485A3B88696102D0B80070D435A3BEB3E14C104EF88075DAF3C63E6BC407B658ED59004050A1929063052CCDA690A88C8CA21AD322F10755B238B2B8BAE3DB64DA58C2809FA275205217A6CFA7CF15ED7E09430B89358B4B055BCBF06B1FAD04BBF05BDABE4D1167F097DF7FEB659F9E7E4A4FC74F02F507AF0331B8064E14A0F11D78688A2CE111DDCAA9031EF3792B8991D5E38B374A13AB6361BAAEA68B6994BC9BC251F0F88CEB58AB86D9C368E4CC71C33BC65724422598AB247B8321D06A139B87D8EC7A8D214D60B932C3C55DAD6057AE8087322A7CA1B526F662780B74C7215B589A1D8AB81A96CF2A04FE7044352524A990B5A247DEF777A068CA13E0E529E2FC1530BDA092EF023BB9143759309502A8E207C9CC193FCF6C5B61A8975C074A659B1128FAEF640A523D9B12EEEF62B6D70F8D0189F8AB6FC0271D4C3100DF3FA591358C1E4DBEA7D18BBEA6387C1E3184CA48EAAF8CB3957859EFC37A862E75C68024F096AC9D200D46BADC1BBD2AE770EFCB74A1481E89E2A4E19A768C3F234393FBA121F0F23ACE3161DF35813F5252FC3CC8F801099342E08C9DD992B3020E1B6B2D31E487C0D1B596A0547869ED5413D3590371E403CD8822600FF88352870A37676BB1740549605452FD39883A94F8E15ABD38F6A8B1BBE3B8B10AF6D48AF9B7E6ACEAA8D859E3A76EE73C4F3D251848C6E05756D90CBB29BF156EAB5261A45907830267161B923231FD5F477F8BFDFCD9523571716F705E54BD3893934CEA1CE530D1C7171B6729195FE34A0CC15E0A16B01D884B6463029866D8F568015193E8AA95B2BADAFD56EA616F8975358C8E40CA3CB04A64C5A6F2FA29EAA2A57E6AB49DECE866CE1795AF0A8A874FC9053D62A5A652535FE8F50D1EE36099D63F5A37E7DDFD80E0195A3395A39DB254E25B47FAD0A9D0B8C32855A5A819282504B41D1B50D4746E0CA705F18CF5BB9E6A4202B595C9B045708E7E1A7AAAAC93DF5CD9FD90ACB3C69C18F9C4F8918BE77F62E7F6B494E353300C7D39C07E899A0ACCA58B4E12B0B09B57AA6584C347DFAE3C1114CE44601F64178DF347512527DF0FFBF01F67E1E37EA9F15DA9B496AFA3685B946C659E5D"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTServ.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(956)
e:\programmi\SECURITY SUITE\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2009-12-31 11:09:23
ComboFix-quarantined-files.txt 2009-12-31 10:09

Pre-Run: 16.994.373.632 byte disponibili
Post-Run: 16.917.020.672 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - BBDF9FD0E17BFB483964742BC55086C2

BC AdBot (Login to Remove)

 


#2 alby64

alby64
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:03:56 PM

Posted 31 December 2009 - 11:07 AM

Possible infection on my PC.
Please help me to read this information



DDS (Ver_09-12-01.01) - NTFSx86
Run by Io at 12.30.43,84 on 31/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3582.2353 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0200-000003000000}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Creative\Shared Files\CTAudSvc.exe
E:\PROGRAMMI\SECURITY SUITE\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRAMMI\SECURITY SUITE\a-squared Free\a2service.exe
E:\PROGRAMMI\SECURITY SUITE\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
E:\PROGRAMMI\SECURITY SUITE\Prevx\prevx.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
E:\UTILITA'\CDeDVD\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Java\jre6\bin\jusched.exe
E:\PROGRAMMI\SECURITY SUITE\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
E:\PROGRAMMI\SECURITY SUITE\ZoneAlarm\zlclient.exe
E:\UTILITA'\CDeDVD\DAEMON Tools Lite\daemon.exe
E:\UTILITA'\SYSOPERATIVO\ActiveSync\wcescomm.exe
C:\WINDOWS\system32\oodag.exe
E:\UTILITA'\SYSOPE~1\ACTIVE~1\rapimgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\vmnat.exe
E:\PROGRAMMI\SECURITY SUITE\Avira\AntiVir Desktop\avmailc.exe
E:\PROGRAMMI\SECURITY SUITE\Avira\AntiVir Desktop\AVWEBGRD.EXE
E:\PROGRAMMI\VMware Workstation\vmware-authd.exe
E:\PROGRA~1\SECURI~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\PROGRAMMI\SECURITY SUITE\Prevx\prevx.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programmi\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\UTILITA'\INTERNET\BROWSERS\Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
E:\UTILITA'\SYSOPERATIVO\JGsoft\EditPadPro\EditPadPro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Io\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\programmi\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools Lite] "e:\utilita'\cdedvd\daemon tools lite\daemon.exe" -autorun
uRun: [H/PC Connection Agent] "e:\utilita'\sysoperativo\activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\programmi\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [StartCCC] "c:\programmi\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [avgnt] "e:\programmi\security suite\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "e:\programmi\security suite\zonealarm\zlclient.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\io\menuav~1\progra~1\esecuz~1\erunta~1.lnk - e:\utilita'\sysoperativo\erunt\AUTOBACK.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&sporta in Microsoft Excel - e:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - e:\utilita'\sysope~1\active~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - e:\utilita'\sysope~1\active~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: e:\programmi\security suite\avira\antivir desktop\avsda.dll
LSP: e:\programmi\vmware workstation\vsocklib.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260211028296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260222342750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\programmi\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\programmi\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\programmi\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\io\datiap~1\mozilla\firefox\profiles\z492q9xo.io\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=mcafee&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\utilita'\internet\browsers\firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\utilita'\internet\browsers\firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01e:\utilita'\internet\browsers\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile="%WinDir%\NOTEPAD.EXE" %1

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 12.33.42,96 ===============

Attached Files


Edited by Orange Blossom, 31 December 2009 - 09:13 PM.
Merged topics. ~ OB


#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:56 PM

Posted 09 January 2010 - 12:45 PM

Hello and welcome to Bleeping Computer! :(

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:08:56 PM

Posted 14 January 2010 - 08:04 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users