ComboFix 12-06-08.02 - Administrator 06/06/2012 14.24.46.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1015.388 [GMT 2:00] Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *Enabled/Outdated* {7C925233-F0B8-0012-18EE-917C3807927C} . . ((((((((((((((((((((((((( Files Creati Da 2012-05-06 al 2012-06-06 ))))))))))))))))))))))))))))))))))) . . 2012-05-14 23:00 . 2012-05-14 23:00 -------- d-----w- c:\programmi\ClearProg 2012-05-14 22:16 . 2012-06-06 11:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Odezx 2012-05-14 22:16 . 2012-05-14 22:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Uhcuez 2012-05-14 22:16 . 2012-05-14 22:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Awry . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot_2012-05-14_22.42.23 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-27 17:26 . 2012-06-06 12:22 75408 c:\windows\system32\perfc010.dat + 2004-08-27 17:26 . 2012-06-06 12:22 63324 c:\windows\system32\perfc009.dat + 2004-08-27 17:26 . 2012-06-06 12:22 450730 c:\windows\system32\perfh010.dat + 2004-08-27 17:26 . 2012-06-06 12:22 404104 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408] "Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] "IPLA!"="c:\programmi\ipla\ipla.exe" [2012-05-11 19858432] "PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] "Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-06-15 15141768] "DriverScanner"="c:\programmi\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296] "Iwawcuyfte"="c:\documents and settings\Administrator\Dati applicazioni\Awry\ewsy.exe" [2012-03-14 360448] "eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2010-04-07 5758976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824] "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688] "Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" [2005-03-08 13924864] "PTHOSTTR"="c:\programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728] "SetRefresh"="c:\programmi\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "ArcSoft Connection Service"="c:\programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864] "HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] . c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584] Sonic CinePlayer Quick Launch.lnk - c:\programmi\File comuni\Sonic Shared\CineTray.exe [2005-7-30 114688] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\Messenger\\msmsgs.exe"= "c:\\Programmi\\eMule\\emule.exe"= "c:\\Programmi\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programmi\\SAMSUNG\\Intelli-studio\\iStudio.exe"= "c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"= "c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7455:TCP"= 7455:TCP:yztrydc . R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26/01/2010 19.21.16 47360] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [07/02/2010 3.11.13 135664] S2 zskbdrva;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [20/08/2004 0.39.46 14336] S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [07/02/2010 3.11.13 135664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs zskbdrva . Contenuto della cartella 'Scheduled Tasks' . 2012-06-06 c:\windows\Tasks\DriverScanner.job - c:\programmi\Uniblue\DriverScanner\dsmonitor.exe [2011-10-15 09:22] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-07 01:11] . 2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-07 01:11] . . ------- Scansione supplementare ------- . uStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-06 13:31 Windows 5.1.2600 Service Pack 2 NTFS . scansione processi nascosti ... . scansione entrate autostart nascoste ... . Scansione files nascosti ... . Scansione completata con successo Files nascosti: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zskbdrva] "ServiceDll"="c:\windows\system32\ovbxua.dll" . --------------------- Dlls caricate dai processi in esecuzione --------------------- . - - - - - - - > 'explorer.exe'(2624) c:\programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA . Ora fine scansione: 2012-06-06 13:33:39 ComboFix-quarantined-files.txt 2012-06-06 11:33 ComboFix2.txt 2012-05-14 22:44 ComboFix3.txt 2011-12-12 21:38 . Pre-Run: 12.315.832.320 byte disponibili Post-Run: 12.340.125.696 byte disponibili . - - End Of File - - A30268A5B34694640085675B52D32FD6