- 2
- 0
- CPU
- intel(R) pentium 4 cpu 3.20 ghz
- Scheda Madre
- ASUSTEK COMPUTER INC. P5VD2-MX SE
- RAM
- 1024
- GPU
- SAPPHIRE RADEON X1550 SERIES SECONDARY
- Monitor
- plug & play
- OS
- windows
ciao.non riesco ad installare nessun antivirus e ogni volta che provo ad accedere alla pagina mi appare il messaggio....IMPOSSIBILE CONTATTARE IL SERVERE....riporto il report di combofi così magari vi è più facile aiutarmi.grazie
ComboFix 14-11-17.01 - Alessandro 19/11/2014 6.33.58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2353 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessandro\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
c:\windows\system32\AegisI5Installer.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2014-10-19 al 2014-11-19 )))))))))))))))))))))))))))))))))))
.
.
2014-11-18 21:38 . 2014-11-18 21:38 -------- d-----w- c:\windows\ERUNT
2014-11-18 21:26 . 2014-11-18 21:33 -------- d-----w- C:\AdwCleaner
2014-11-18 05:49 . 2014-11-18 05:49 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2014-11-18 05:44 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-11-18 05:44 . 2014-11-18 05:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2014-11-18 05:44 . 2014-11-18 05:49 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2014-11-09 13:42 . 2014-11-09 13:42 -------- d-----w- c:\programmi\File comuni\Java
2014-11-09 13:42 . 2014-11-09 13:41 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-11-09 07:17 . 2014-11-09 07:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LizardSales
2014-11-09 06:33 . 2014-11-18 21:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\smdmf
2014-11-09 06:30 . 2014-11-09 06:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2014-11-02 06:50 . 2014-11-02 06:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Wondershare
2014-11-02 06:49 . 2014-11-02 06:49 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Wondershare
2014-11-02 06:49 . 2014-11-02 06:50 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 07:08 . 2012-07-04 15:56 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-16 07:08 . 2012-07-04 15:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 13:41 . 2010-06-28 17:39 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 08:26 . 2012-12-19 19:07 262112 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" [2002-04-10 74240]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Wondershare Helper Compact.exe"="c:\programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eNMTray.exe"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" -autorun
"Google Update"="c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" /background
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\eRAgent.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Documents and Settings\\Alessandro\\Desktop\\giochi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23130:TCP"= 23130:TCP:CollaborationIME ShellCommon
"19126:TCP"= 19126:TCP:CollaborationIME schemasPages
"61906:UDP"= 61906:UDP:CollaborationIME MediaDownloaded
"36772:UDP"= 36772:UDP:CollaborationIME CollaborationSystem
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 18.14.09 721904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [18/11/2014 6.44.43 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [18/11/2014 6.44.54 2088408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 14.28.52 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 6.24.44 10064]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe --> c:\windows\system32\SupportAppXL\onda_mon.exe [?]
S2 rcores;rcores;c:\windows\rcore.exe --> c:\windows\rcore.exe [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [18/11/2014 6.44.56 171928]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 7.15.08 172192]
S2 xyvozikpz;Component Backup;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 19.00.00 14336]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [24/08/2010 17.28.44 105088]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [24/08/2010 17.28.44 110592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
xyvozikpz
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 07:08]
.
2014-11-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2014-11-18 10:52]
.
2014-11-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2014-11-18 09:41]
.
2014-11-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2014-11-18 09:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\ejk1othp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2014-11-13 19:26; {397c9522-cee1-476f-8dba-8a4b16ef63c3}; c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\ejk1othp.default\extensions\{397c9522-cee1-476f-8dba-8a4b16ef63c3}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Avast Free Antivirus 10.0.2206 Packages - c:\documents and settings\Alessandro\Dati applicazioni\0V1L2Z2Z1T1I1L1T\Avast Free Antivirus 10.0.2206 Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-19 06:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xyvozikpz]
"ServiceDll"="c:\windows\system32\vmohjdnv.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1384)
c:\windows\system32\igfxdev.dll
.
Ora fine scansione: 2014-11-19 06:44:04
ComboFix-quarantined-files.txt 2014-11-19 05:44
ComboFix2.txt 2014-11-18 21:23
ComboFix3.txt 2012-01-12 06:51
.
Pre-Run: 1.304.764.416 byte disponibili
Post-Run: 1.342.513.152 byte disponibili
.
- - End Of File - - 95E92ABC8096529D300ECFF790F89436
6FC6F9186C07BCA94E140F63BFE6E9B4
ComboFix 14-11-17.01 - Alessandro 19/11/2014 6.33.58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2353 [GMT 1:00]
Eseguito da: c:\documents and settings\Alessandro\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
c:\windows\system32\AegisI5Installer.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2014-10-19 al 2014-11-19 )))))))))))))))))))))))))))))))))))
.
.
2014-11-18 21:38 . 2014-11-18 21:38 -------- d-----w- c:\windows\ERUNT
2014-11-18 21:26 . 2014-11-18 21:33 -------- d-----w- C:\AdwCleaner
2014-11-18 05:49 . 2014-11-18 05:49 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2014-11-18 05:44 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-11-18 05:44 . 2014-11-18 05:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2014-11-18 05:44 . 2014-11-18 05:49 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2014-11-09 13:42 . 2014-11-09 13:42 -------- d-----w- c:\programmi\File comuni\Java
2014-11-09 13:42 . 2014-11-09 13:41 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-11-09 07:17 . 2014-11-09 07:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LizardSales
2014-11-09 06:33 . 2014-11-18 21:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\smdmf
2014-11-09 06:30 . 2014-11-09 06:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
2014-11-02 06:50 . 2014-11-02 06:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Wondershare
2014-11-02 06:49 . 2014-11-02 06:49 -------- d-----w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Wondershare
2014-11-02 06:49 . 2014-11-02 06:50 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-16 07:08 . 2012-07-04 15:56 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-16 07:08 . 2012-07-04 15:56 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 13:41 . 2010-06-28 17:39 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-29 08:26 . 2012-12-19 19:07 262112 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" [2002-04-10 74240]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Wondershare Helper Compact.exe"="c:\programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
"SDTray"="c:\programmi\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eNMTray.exe"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" -autorun
"Google Update"="c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"="c:\documents and settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" /background
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\eRAgent.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"c:\\Documents and Settings\\Alessandro\\Desktop\\giochi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programmi\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23130:TCP"= 23130:TCP:CollaborationIME ShellCommon
"19126:TCP"= 19126:TCP:CollaborationIME schemasPages
"61906:UDP"= 61906:UDP:CollaborationIME MediaDownloaded
"36772:UDP"= 36772:UDP:CollaborationIME CollaborationSystem
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2009 18.14.09 721904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [18/11/2014 6.44.43 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [18/11/2014 6.44.54 2088408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 14.28.52 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 6.24.44 10064]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe --> c:\windows\system32\SupportAppXL\onda_mon.exe [?]
S2 rcores;rcores;c:\windows\rcore.exe --> c:\windows\rcore.exe [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [18/11/2014 6.44.56 171928]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 7.15.08 172192]
S2 xyvozikpz;Component Backup;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 19.00.00 14336]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [24/08/2010 17.28.44 105088]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [24/08/2010 17.28.44 110592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
xyvozikpz
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 07:08]
.
2014-11-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDUpdate.exe [2014-11-18 10:52]
.
2014-11-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDImmunize.exe [2014-11-18 09:41]
.
2014-11-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programmi\Spybot - Search & Destroy 2\SDScan.exe [2014-11-18 09:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\ejk1othp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2014-11-13 19:26; {397c9522-cee1-476f-8dba-8a4b16ef63c3}; c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\ejk1othp.default\extensions\{397c9522-cee1-476f-8dba-8a4b16ef63c3}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Avast Free Antivirus 10.0.2206 Packages - c:\documents and settings\Alessandro\Dati applicazioni\0V1L2Z2Z1T1I1L1T\Avast Free Antivirus 10.0.2206 Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-19 06:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xyvozikpz]
"ServiceDll"="c:\windows\system32\vmohjdnv.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1384)
c:\windows\system32\igfxdev.dll
.
Ora fine scansione: 2014-11-19 06:44:04
ComboFix-quarantined-files.txt 2014-11-19 05:44
ComboFix2.txt 2014-11-18 21:23
ComboFix3.txt 2012-01-12 06:51
.
Pre-Run: 1.304.764.416 byte disponibili
Post-Run: 1.342.513.152 byte disponibili
.
- - End Of File - - 95E92ABC8096529D300ECFF790F89436
6FC6F9186C07BCA94E140F63BFE6E9B4