ComboFix 10-11-28.04 - user 29/11/2010 9.38.49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1699 [GMT 1:00]
Eseguito da: c:\documents and settings\user\desktop\combofix.exe
Opzioni usate :: /killall
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Dati applicazioni\Ocuw
c:\documents and settings\user\Dati applicazioni\Ocuw\zype.hoh
c:\documents and settings\user\Dati applicazioni\Ocuw\zype.tmp
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2010-10-28 al 2010-11-29 )))))))))))))))))))))))))))))))))))
.
2010-11-24 08:12 . 2010-11-24 08:13 -------- d-----w- C:\test
2010-11-23 15:41 . 2002-06-24 11:31 45568 ----a-r- c:\windows\system32\drivers\DLKRTS.SYS
2010-11-19 15:53 . 2010-11-19 15:53 -------- d-----w- c:\windows\Sun
2010-11-19 15:47 . 2010-07-16 12:05 1287680 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-11-19 15:46 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-19 15:46 . 2010-11-19 15:46 -------- d-----w- c:\documents and settings\All Users\Modelli
2010-11-19 10:10 . 2010-11-19 10:10 -------- d-----w- c:\windows\system32\wbem\mof\good
2010-11-19 10:10 . 2010-11-19 10:10 -------- d-----w- c:\windows\system32\wbem\mof\bad
2010-11-19 08:44 . 2010-11-19 08:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\GlarySoft
2010-11-18 17:10 . 2010-11-18 17:10 -------- d-----w- c:\programmi\CCleaner
2010-11-18 16:07 . 2010-11-18 16:07 -------- d-----w- c:\documents and settings\Administrator
2010-11-15 18:32 . 2010-11-02 18:36 359016 ----a-w- c:\windows\vncutil.exe
2010-11-15 18:32 . 2010-11-02 18:36 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-11-15 18:32 . 2010-11-02 18:36 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-11-15 18:32 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-11-15 18:32 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-11-15 18:32 . 2010-11-15 18:32 319488 ----a-w- c:\windows\HideWin.exe
2010-11-15 18:27 . 2007-12-19 10:11 188416 ----a-w- c:\windows\system32\igfxres.dll
2010-11-15 18:23 . 2007-12-19 10:40 147456 ----a-w- c:\windows\system32\igfxCoIn_v4906.dll
2010-11-15 18:23 . 2007-12-19 10:11 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-11-15 18:23 . 2007-12-19 10:11 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-11-15 18:20 . 2010-11-15 18:20 -------- d-----w- C:\Intel
2010-11-15 17:53 . 2010-11-15 17:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-15 16:12 . 2004-08-11 14:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-11-15 16:12 . 2010-11-15 17:47 -------- d-----w- c:\programmi\Driver Magician
2010-11-08 14:13 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-08 14:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-08 14:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 18:36 . 2007-05-02 09:32 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-02 18:36 . 2007-05-02 09:32 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-02 18:36 . 2007-05-02 09:32 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-02 18:36 . 2007-05-02 09:32 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-02 18:36 . 2007-05-02 09:32 6188648 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-11-02 18:36 . 2007-05-02 09:32 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-02 18:36 . 2007-05-02 09:32 19580520 ----a-w- c:\windows\RTHDCPL.EXE
2010-11-02 18:35 . 2007-05-02 09:32 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-02 18:35 . 2007-05-02 09:32 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-02 18:35 . 2007-05-02 09:32 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-02 18:35 . 2007-05-02 09:32 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-10-28 09:46 . 2007-05-02 09:31 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 11:23 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 01:29 . 2007-05-16 07:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:49 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 07:15 . 2010-09-09 07:15 9380 ----a-w- C:\MatrixInstBugs_634196205380000000.zip
2010-09-08 17:30 . 2010-09-08 17:30 288598 ----a-w- C:\MatrixInstBugs_634195710066875000.zip
2010-09-01 11:51 . 2006-03-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-03-02 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRubAnniversari"="c:\documents and settings\user\Documenti\SeatCDItalia\127_0_0_1\chkrub_cdi.exe" [2008-02-25 630272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\APC PowerChute Personal Edition\Display.exe [2008-3-12 221247]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exflashservice]
2006-05-02 09:26 408064 ----a-r- c:\programmi\EPOX\EFS\EZ_FLASH_SERVICE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-11-02 18:36 19580520 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4126:TCP"= 4126:TCP:Services
"2813:TCP"= 2813:TCP:Services
"3801:TCP"= 3801:TCP:Services
"6102:TCP"= 6102:TCP:Services
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/11/2010 19.32.29 1691480]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [23/11/2010 16.41.58 45568]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.tecnocasa.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {85102889-35B8-4782-AC8C-95185B562AE8} = 80.93.143.42,80.93.143.44
TCP: {C5E90B82-D16D-439B-853D-899F7FA41220} = 213.140.2.49,213.140.2.43
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-11-29 09:44
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\APC\APC PowerChute Personal Edition\mainserv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-11-29 09:47:14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-11-29 08:47
Pre-Run: 150.126.837.760 byte disponibili
Post-Run: 150.142.599.168 byte disponibili
- - End Of File - - A165D37F5A4BF773FFEBCA3BEA80FD35