ComboFix 14-05-13.01 - marcello vindigni 14/05/2014 10.12.31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1556 [GMT 2:00]
Eseguito da: c:\documents and settings\marcello vindigni\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
.
.
((((((((((((((((((((((((( Files Creati Da 2014-04-14 al 2014-05-14 )))))))))))))))))))))))))))))))))))
.
.
2014-05-13 15:16 . 2014-05-13 15:16 -------- d-----w- c:\programmi\Trend Micro
2014-05-11 22:04 . 2014-05-12 17:22 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\programmi\Malwarebytes Anti-Malware
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2014-05-11 22:03 . 2014-04-03 07:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 22:03 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 22:00 . 2014-05-11 22:00 -------- d-----w- c:\windows\CryptoGuard
2014-05-07 16:50 . 2014-05-10 18:48 -------- d-----w- c:\programmi\Microsoft Games
2014-05-06 13:24 . 2014-05-06 13:24 -------- d-----w- c:\documents and settings\marcello vindigni\Phone Browser
2014-05-06 06:52 . 2014-05-06 22:10 -------- d-----w- C:\AdwCleaner
2014-05-05 15:03 . 2014-05-11 06:37 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2014-05-05 14:02 . 2014-05-05 14:02 -------- d-----w- c:\documents and settings\marcello vindigni\.android
2014-05-05 13:12 . 2014-05-05 13:12 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\cache
2014-05-05 13:12 . 2014-05-05 13:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-04-20 10:43 . 2014-04-14 17:47 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-20 10:43 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 16:37 . 2014-04-18 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg_Update_0414b
2014-04-17 18:35 . 2014-04-17 18:40 -------- d-----w- c:\programmi\Unlocker
2014-04-17 17:09 . 2014-04-17 17:09 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Avg2014
2014-04-14 17:21 . 2014-04-14 17:23 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Paint.NET
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\FileViewPro
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\OfficeRecovery
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OfficeRecovery.d7cc0641
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 07:19 . 2014-02-17 09:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2014-05-05 07:35 . 2013-10-13 06:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-05 07:35 . 2013-10-13 06:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-18 13:02 . 2013-11-04 20:57 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-03-31 14:11 . 2013-08-01 15:08 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 14:11 . 2013-09-30 23:49 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-03-27 20:15 . 2013-10-31 22:00 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-27 20:14 . 2013-11-05 20:50 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-27 20:04 . 2013-10-24 21:28 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-27 20:04 . 2013-10-31 21:30 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-27 20:03 . 2013-09-09 23:43 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-27 20:03 . 2013-09-16 23:57 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-03-08 16:17 . 2014-03-08 16:17 724992 ----a-w- c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\programmi\AVG\AVG2014\avgui.exe" [2014-04-06 5180432]
"GB_UPDATE"="c:\programmi\Razer\Razer Game Booster\AutoUpdate.exe" [2013-06-05 2051688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-07-26 439568]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-06-07 10:31 819712 ----a-w- c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
2013-05-20 15:46 499712 ----a-w- c:\programmi\Greenshot\Greenshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 ----a-w- c:\programmi\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-06-29 14:29 176128 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-06-24 13:08 860160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24/10/2013 23.28.32 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31/10/2013 23.30.08 238872]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/09/2013 1.43.20 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [05/11/2013 22.50.48 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [04/11/2013 22.57.30 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17/09/2013 1.57.26 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [01/11/2013 0.00.28 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01/08/2013 17.08.52 211224]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2014\avgwdsvc.exe [27/03/2014 22.10.20 291912]
R2 TeamViewer9;TeamViewer 9;c:\programmi\TeamViewer\Version9\TeamViewer_Service.exe [04/12/2013 19.05.43 5341536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/05/2014 0.03.28 23256]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2014\avgidsagent.exe [18/04/2014 15.22.28 3645456]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes Anti-Malware\mbamservice.exe [12/05/2014 0.03.30 857912]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 9.15.08 172192]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [15/12/2013 11.30.56 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [15/12/2013 11.30.55 100736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programmi\Razer\Razer Game Booster\Driver\WinRing0.sys [13/12/2013 18.50.44 14416]
S3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);c:\windows\system32\DRIVERS\vnetusbr.sys --> c:\windows\system32\DRIVERS\vnetusbr.sys [?]
S4 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes Anti-Malware\mbamscheduler.exe [12/05/2014 0.03.30 1809720]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 11.58.16 3275136]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003Core.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003UA.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2014-05-14 c:\windows\Tasks\User_Feed_Synchronization-{4E985625-38A6-4C61-A29A-8067BE8D5E4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://
www.google.it/
uDefault_Search_URL = hxxp://
www.google.com
mStart Page =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\marcello vindigni\Dati applicazioni\Mozilla\Firefox\Profiles\x8oupw31.default-1399302629015\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-ALUAlert - c:\programmi\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Photo Downloader - c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Google Update - c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISTray - c:\programmi\Spyware Doctor\pctsTray.exe
MSConfigStartUp-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-{5F8E5D66-5217-40EB-868D-757BC3F31645} - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{5F8E5~1\Setup.exe
AddRemove-Aero Files - Texture Booster Pack FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-AlphaSim Ka-50 'Black Shark' for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal_FS9Ka50.exe
AddRemove-Carenado F-33A Por Guatesim - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-JustFlight F-117 Nighthawk for FS9 and FSX - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-Mirage 2000 N Basic Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-pack 1 du Rafale B FS9 - c:\programmi\Microsoft games\Flight simulator 9\RafaleBpack1.exe
AddRemove-Rafale C for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Rafale C FS9_Eng.exe
AddRemove-Tailwind Twin Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Tailwind_Uninstal.exe
AddRemove-WoS INSTALLERS FSD PIPER CESSNA 02A WITH FSD REPAINTS - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2014-05-14 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2014-05-14 10:22:06
ComboFix-quarantined-files.txt 2014-05-14 08:22
.
Pre-Run: 48.941.703.168 byte disponibili
Post-Run: 48.895.840.256 byte disponibili
.
- - End Of File - - 6BB2B49458D1CD2F4412E2F1AB41AAAE
828E02D5C4A4FBE53441EE9DBEE51F43