ComboFix 08-12-12.03 - Marcolino 2008-12-13 12.47.02.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.128 [GMT 1:00]
Eseguito da: c:\documents and settings\Marcolino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ntnet.drv
c:\windows\system32\sysaudio.sys
.
((((((((((((((((((((((((( Files Creati Da 2008-11-13 al 2008-12-13 )))))))))))))))))))))))))))))))))))
.
2008-12-13 12:27 . 2008-12-13 12:27 250 --a------ c:\windows\gmer.ini
2008-12-13 00:26 . 2008-12-13 00:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-12 15:23 . 2008-12-12 15:23 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-12-12 15:20 . 2008-12-12 15:20 <DIR> d-------- c:\programmi\MSXML 4.0
2008-12-12 14:28 . 2008-12-13 12:04 3,042 --a------ c:\windows\system32\PerfStringBackup.TMP
2008-12-12 14:23 . 2008-12-12 14:23 <DIR> d--hs---- C:\FOUND.000
2008-12-12 12:31 . 2008-12-12 12:31 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\AdobeUM
2008-12-12 12:28 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-12-12 12:28 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\dllcache\bthport.sys
2008-12-12 12:27 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-12-12 12:26 . 2007-04-02 06:58 546,304 --------- c:\windows\system32\dllcache\hhctrl.ocx
2008-12-12 12:24 . 2008-08-28 11:04 333,056 --------- c:\windows\system32\dllcache\srv.sys
2008-12-12 12:17 . 2008-09-15 16:38 1,846,016 --------- c:\windows\system32\dllcache\win32k.sys
2008-12-12 12:16 . 2008-08-14 14:37 2,189,696 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-12 12:16 . 2008-08-14 14:37 2,146,304 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-12 12:16 . 2008-08-14 14:37 2,066,688 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-12 12:16 . 2008-08-14 14:37 2,024,448 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-12 12:10 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2008-12-12 12:09 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-12 12:08 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-12 12:08 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-12-12 11:47 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-12 11:47 . 2008-10-03 11:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2008-12-12 11:46 . 2008-09-04 17:44 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-12-11 15:42 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-11 15:42 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-10 19:57 . 2008-12-10 19:57 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\dvdcss
2008-12-10 18:58 . 2008-12-10 18:58 <DIR> d-------- c:\documents and settings\Marcolino\Contacts
2008-12-10 18:49 . 2008-12-10 18:49 <DIR> d-------- c:\programmi\Windows Live
2008-12-10 18:49 . 2008-12-10 18:49 <DIR> d--hs---- c:\programmi\File comuni\WindowsLiveInstaller
2008-12-10 18:49 . 2008-12-10 18:49 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-10 14:16 . 2008-12-10 14:16 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\vlc
2008-12-10 12:28 . 2008-12-10 12:28 <DIR> d-------- c:\programmi\VideoLAN
2008-12-10 12:12 . 2008-12-10 12:12 <DIR> d-------- c:\windows\system32\it-it
2008-12-10 12:12 . 2008-12-10 12:12 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-10 12:12 . 2008-12-10 12:12 <DIR> d-------- c:\programmi\Google
2008-12-09 23:08 . 2008-12-09 23:08 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-09 23:04 . 2008-10-16 21:04 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-12-09 23:04 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-09 23:04 . 2007-03-08 06:11 1,032,192 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-09 23:04 . 2008-10-16 21:04 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-12-09 23:04 . 2008-10-16 21:04 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-09 23:04 . 2008-10-16 21:04 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-12-09 23:04 . 2008-10-16 21:04 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-12-09 23:04 . 2008-10-16 21:04 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-09 23:04 . 2008-10-16 14:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-09 23:00 . 2006-11-07 21:03 33,792 --a------ c:\windows\system32\dllcache\custsat.dll
2008-12-09 20:43 . 2008-12-11 17:19 69 --a------ c:\windows\NeroDigital.ini
2008-12-05 10:55 . 2008-12-12 23:45 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-12-05 09:37 . 2008-12-13 12:00 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-12-05 09:33 . 2008-12-05 09:33 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Backup
2008-12-05 09:33 . 2008-12-13 12:00 223,460 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-05 09:33 . 2008-12-13 12:00 223,460 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-12-05 09:33 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-12-05 09:33 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-12-05 09:33 . 2008-04-28 16:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-12-05 09:33 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-12-05 09:33 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-12-05 09:33 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-12-05 09:33 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-12-05 09:33 . 2008-12-13 12:00 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-05 09:33 . 2008-12-13 12:00 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-12-05 09:33 . 2008-12-05 09:33 253 --a------ c:\windows\system32\PavCPL.dat
2008-12-05 09:32 . 2008-12-05 09:32 <DIR> d-------- c:\windows\system32\PAV
2008-12-05 09:32 . 2008-12-05 09:32 <DIR> d-------- c:\programmi\Panda Security
2008-12-05 09:32 . 2008-12-05 09:32 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\Panda Security
2008-12-05 09:32 . 2008-12-05 09:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Panda Security
2008-12-05 09:32 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-12-05 09:32 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-05 09:32 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-05 09:32 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-12-05 09:32 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-12-05 09:32 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-12-05 09:32 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-12-05 09:32 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-12-05 09:32 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-12-05 09:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-05 09:29 . 2008-12-05 09:29 <DIR> d-------- c:\programmi\File comuni\Panda Security
2008-12-05 09:29 . 2008-02-07 11:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-12-05 09:29 . 2008-03-04 14:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-12-05 09:16 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-05 09:15 . 2008-12-05 09:15 <DIR> d-------- c:\programmi\MSBuild
2008-12-05 09:15 . 2008-12-05 09:15 <DIR> d-------- c:\programmi\Microsoft Works
2008-12-05 09:14 . 2008-12-05 09:14 <DIR> d-------- c:\programmi\Microsoft.NET
2008-12-05 09:12 . 2008-12-05 09:12 <DIR> d-------- c:\programmi\Microsoft Visual Studio 8
2008-12-05 09:11 . 2008-12-05 09:11 <DIR> d-------- c:\windows\SHELLNEW
2008-12-05 08:55 . 2008-12-05 08:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2008-12-05 08:51 . 2008-12-05 08:51 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-05 08:50 . 2008-12-05 08:51 <DIR> dr-h----- C:\MSOCache
2008-12-05 08:44 . 2004-08-03 23:08 26,496 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-12-05 08:42 . 2008-12-05 08:42 <DIR> d-------- c:\programmi\File comuni\LightScribe
2008-12-05 08:42 . 2005-06-27 11:07 2,957,312 --------- c:\windows\UNNMP.exe
2008-12-05 08:42 . 2005-07-22 15:00 49,870 --------- c:\windows\UNNMP.cfg
2008-12-05 08:40 . 2008-12-05 08:40 <DIR> d-------- c:\programmi\File comuni\Nero
2008-12-05 08:39 . 2005-07-19 16:27 2,973,696 --------- c:\windows\UNNeroVision.exe
2008-12-05 08:39 . 2005-07-22 15:00 170,612 --------- c:\windows\UNNeroVision.cfg
2008-12-05 08:39 . 2001-03-08 19:30 24,064 --------- c:\windows\system32\msxml3a.dll
2008-12-05 08:38 . 2008-12-05 08:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-12-05 08:26 . 2008-12-05 08:26 546 --a------ c:\windows\system32\ABA6JC.DAT
2008-12-05 08:25 . 2006-06-20 13:46 <DIR> d-------- c:\documents and settings\Marcolino\WINDOWS
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> d--h----- c:\documents and settings\Marcolino\Risorse di stampa
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> d--h----- c:\documents and settings\Marcolino\Risorse di rete
2008-12-05 08:25 . 2008-12-05 08:26 <DIR> dr------- c:\documents and settings\Marcolino\Preferiti
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> d--h----- c:\documents and settings\Marcolino\Modelli
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> dr------- c:\documents and settings\Marcolino\Menu Avvio
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> d--h----- c:\documents and settings\Marcolino\Impostazioni locali
2008-12-05 08:25 . 2008-12-10 12:15 <DIR> dr------- c:\documents and settings\Marcolino\Documenti
2008-12-05 08:25 . 2006-06-20 13:56 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\Symantec
2008-12-05 08:25 . 2006-06-20 14:02 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\Intel
2008-12-05 08:25 . 2006-06-20 13:24 <DIR> dr-h----- c:\documents and settings\Marcolino\Dati applicazioni
2008-12-05 08:25 . 2008-12-05 08:25 <DIR> d-------- c:\documents and settings\Marcolino
2008-12-05 08:24 . 2006-06-20 13:46 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2008-12-05 08:24 . 2006-06-20 13:56 <DIR> d-------- c:\windows\system32\config\systemprofile\Dati applicazioni\Symantec
2008-12-05 08:24 . 2006-06-20 13:46 <DIR> d-------- c:\documents and settings\Default User\WINDOWS
2008-12-05 08:20 . 2008-12-05 08:20 8,192 --a------ c:\windows\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:32 2,109,440 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:59 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:34 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-11-10 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-21 7335936]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
"Wireless Console 2"="c:\programmi\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\programmi\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"APVXDWIN"="c:\programmi\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-10-22 869632]
"SCANINICIO"="c:\programmi\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"nwiz"="nwiz.exe" [2005-11-21 c:\windows\system32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 c:\windows\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - c:\programmi\Asus\Asus ChkMail\ChkMail.exe [2006-06-20 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= sysaudio.sys
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-12-05 28544]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\Drivers\APPFLT.SYS [2008-12-05 73728]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\Drivers\DSAFLT.SYS [2008-12-05 52992]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\Drivers\fnetmon.SYS [2008-12-05 22072]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\Drivers\IDSFLT.SYS [2008-12-05 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\Drivers\NETFLTDI.SYS [2008-12-05 09:33:13 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-12-05 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS [2008-12-05 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda []
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys [2008-12-05 179640]
R2 PskSvcRetail;Panda PSK service;"c:\programmi\Panda Security\Panda Internet Security 2009\PskSvc.exe" [2008-12-05 28928]
R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys [2008-12-05 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-12-05 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
S2 fkevzj;fkevzj;c:\windows\system32\svchost.exe -k netsvcs [2004-09-16 14336]
S2 hwhcv;hwhcv;c:\windows\system32\svchost.exe -k netsvcs [2004-09-16 14336]
S2 xeqhvvf;xeqhvvf;c:\windows\system32\svchost.exe -k netsvcs [2004-09-16 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xeqhvvf
hwhcv
fkevzj
*Newly Created Service* - GMER
*Newly Created Service* - PROCEXP90
*Newly Created Service* - PSEXESVC
.
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A04DE320-9BD5-46E4-9563-1EC9D5B873E5} = 85.37.17.46 85.38.28.84
.
.
------- Associazioni di file -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-13 12:49:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\avldr.dll
.
Ora fine scansione: 2008-12-13 12.51.01
ComboFix-quarantined-files.txt 2008-12-13 11:50:58
Pre-Run: 69.121.507.328 byte disponibili
Post-Run: 69,653,266,432 byte disponibili
268 --- E O F --- 2008-12-12 14:27:03