ComboFix 08-10-15.08 - Administrator 2008-10-16 17:46:38.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1613 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\roba virus\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-09-16 al 2008-10-16 )))))))))))))))))))))))))))))))))))
.
2008-10-15 15:29 . 2008-10-15 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\GameHouse
2008-10-15 15:24 . 2008-10-15 15:24 <DIR> d-------- C:\WINDOWS\Delicious Emilys Tea Garden
2008-10-15 15:24 . 2008-10-15 19:05 <DIR> d-------- C:\Programmi\Delicious Emilys Tea Garden
2008-10-15 09:35 . 2008-10-15 09:35 185,360 --a------ C:\WINDOWS\5BF323DE133BEC2BFACD1CAFF5E0ABAF.exe
2008-10-13 14:34 . 2008-10-13 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Gogii
2008-10-13 14:33 . 2008-10-13 14:33 <DIR> d-------- C:\WINDOWS\The Hidden Object Show Season 2
2008-10-13 14:33 . 2008-10-15 01:06 <DIR> d-------- C:\Programmi\The Hidden Object Show Season 2
2008-10-12 15:50 . 2008-10-12 15:50 <DIR> d-------- C:\WINDOWS\Cake Shop
2008-10-12 15:50 . 2008-10-13 14:30 <DIR> d-------- C:\Programmi\Cake Shop
2008-10-12 15:50 . 2008-10-12 15:50 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\EleFun Games
2008-10-09 17:38 . 2008-10-09 17:38 <DIR> d-------- C:\Programmi\PlayFirst
2008-09-24 01:24 . 2008-09-24 01:24 244 --ah----- C:\sqmnoopt05.sqm
2008-09-24 01:24 . 2008-09-24 01:24 244 --ah----- C:\sqmnoopt04.sqm
2008-09-24 01:24 . 2008-09-24 01:24 232 --ah----- C:\sqmdata05.sqm
2008-09-24 01:24 . 2008-09-24 01:24 232 --ah----- C:\sqmdata04.sqm
2008-09-23 22:11 . 2008-09-23 22:11 244 --ah----- C:\sqmnoopt03.sqm
2008-09-23 22:11 . 2008-09-23 22:11 232 --ah----- C:\sqmdata03.sqm
2008-09-23 22:08 . 2008-09-23 22:08 244 --ah----- C:\sqmnoopt02.sqm
2008-09-23 22:08 . 2008-09-23 22:08 232 --ah----- C:\sqmdata02.sqm
2008-09-23 21:14 . 2008-09-23 21:14 244 --ah----- C:\sqmnoopt01.sqm
2008-09-23 21:14 . 2008-09-23 21:14 232 --ah----- C:\sqmdata01.sqm
2008-09-23 21:13 . 2008-09-23 21:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-23 21:13 . 2008-09-23 21:13 232 --ah----- C:\sqmdata00.sqm
2008-09-17 13:54 . 2008-09-17 13:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 15:27 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-10-14 23:27 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-14 11:33 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\HPAppData
2008-10-13 12:30 --------- d-----w C:\Programmi\Farm Frenzy 2
2008-10-13 10:41 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-09 15:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-10-09 15:39 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\PlayFirst
2008-09-24 08:01 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-09-12 23:46 --------- d-----w C:\Programmi\Gravity
2008-09-09 16:37 --------- d-----w C:\Programmi\Eset
2008-09-04 16:27 7,168 ----a-w C:\WINDOWS\CED6976738D05B35835A7C9F194262D.exe
2008-09-04 10:42 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Jasc
2008-09-02 14:00 512,096 ----a-w C:\WINDOWS\system32\drivers\_mon.s00
2008-09-02 14:00 15,424 ----a-w C:\WINDOWS\system32\drivers\_od32drv.s00
2008-09-02 13:53 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-09-02 13:53 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-09-02 13:53 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-09-02 13:05 --------- d-----w C:\Programmi\EsetOnlineScanner
2008-08-30 16:22 7,168 ----a-w C:\WINDOWS\F59135DD2C94155341E109C7631A66C.exe
2008-08-29 19:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-29 19:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-29 19:14 --------- d-----w C:\Programmi\File comuni\xing shared
2008-08-29 19:14 --------- d-----w C:\Programmi\File comuni\Real
2008-08-29 11:01 --------- d-----w C:\Programmi\Photo Story 3 for Windows
2008-08-28 12:41 --------- d-----w C:\Programmi\Pinnacle
2008-08-27 10:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle VideoSpin
2008-08-27 09:05 --------- d-----w C:\Programmi\Google
2008-08-27 09:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VideoSpin
2008-08-27 09:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-08-27 08:51 --------- d-----w C:\Programmi\File comuni\Ulead Systems
2008-08-27 08:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Ulead Systems
2008-08-27 08:41 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Ulead Systems
2008-08-27 07:31 --------- d-----w C:\Programmi\Jasc Software Inc
2008-08-27 07:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-08-27 07:29 --------- d-----w C:\Programmi\File comuni\Jasc Software Inc
2008-08-27 07:29 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-08-27 07:28 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Jasc Software Inc
2008-08-25 20:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FarmFrenzy2
2008-08-25 17:31 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Gamelab
2008-08-25 17:00 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Go-Go Gourmet Chef of the Year
2008-08-12 18:54 7,168 ----a-w C:\WINDOWS\DB4794FCE884E976BDE9CF9CC860A8B5.exe
2008-07-31 09:20 7,168 ----a-w C:\WINDOWS\D4ABDBBDCC9F791A8F643AAD36CDF7C.exe
2008-07-26 09:15 7,168 ----a-w C:\WINDOWS\41D2529AB87C20573C474348B7F7C29.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2007-04-04 165784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 8466432]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 413696]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-08-29 185896]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-09-02 949376]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fdbbcbeeefebc]
2004-06-07 12:15 313871 C:\WINDOWS\system32\fdbbcbeeefebc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:14 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 15:55 1057328 C:\Programmi\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Ahead\lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 18:43 8466432 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 18:43 81920 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 15:55 1628208 C:\Programmi\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 04:14 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-swg - C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM-Run-Microsoft Windows Sound - svshost.exe
HKLM-RunServices-Microsoft Windows Sound - svshost.exe
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/R0 -: HKCU-Main,SearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
R0 -: HKCU-Main,Default_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
R0 -: HKLM-Main,Search Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
R0 -: HKLM-Main,SearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
R1 -: HKCU-Internet Connection Wizard,ShellNext =
hxxp://seriali.nod32.it/R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
R1 -: HKLM-Internet Explorer,SearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-16 17:49:35
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d1ae6bf2a2fdd47d259b1c5be3f614d7]
"ImagePath"="system32\d1ae6bf2a2fdd47d259b1c5be3f614d7.sys"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fdbbcbeeefebc.dll
-> C:\Programmi\Eset\pr_imon.dll
PROCESSO: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-10-16 17:54:34
ComboFix-quarantined-files.txt 2008-10-16 15:53:47
Pre-Run: 71,383,183,360 byte disponibili
Post-Run: 71,417,782,272 byte disponibili
206 --- E O F --- 2008-07-07 23:58:30