ComboFix 08-10-17.01 - ceres2001 2008-10-24 22.20.58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.121 [GMT 2:00]
Eseguito da: D:\pincopallino.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\utmynja2.sys
----- BITS: Sites possivelmente infetados -----
hxxp://su.threatfire.comhxxp://www.pctools.com.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
-------\Service_utmynja2
((((((((((((((((((((((((( Files Creati Da 2008-09-24 al 2008-10-24 )))))))))))))))))))))))))))))))))))
.
2008-10-24 20:44 . 2008-10-24 20:44 <DIR> d-------- C:\Documents and Settings\ceres2001\Dati applicazioni\Malwarebytes
2008-10-24 20:43 . 2008-10-24 21:44 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-10-24 20:43 . 2008-10-24 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-10-24 20:43 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 20:43 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 08:47 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-24 08:47 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-24 08:47 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-24 08:47 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-24 08:46 . 2008-10-24 08:47 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-10-24 08:46 . 2008-10-24 08:46 <DIR> d-------- C:\Documents and Settings\ceres2001\Dati applicazioni\PC Tools
2008-10-23 23:39 . 2008-10-23 23:39 <DIR> d-------- C:\WINDOWS\Sun
2008-10-23 23:35 . 2008-10-23 23:25 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-23 23:35 . 2008-10-23 23:25 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-23 23:23 . 2008-10-23 23:23 <DIR> d-------- C:\Programmi\Java
2008-10-23 18:22 . 2008-10-23 18:22 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-10-22 10:46 . 2008-10-23 23:01 <DIR> d-------- C:\Programmi\ThreatFire
2008-10-22 09:57 . 2008-10-24 08:56 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-10-21 22:22 . 2008-10-24 23:00 12,253,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-21 22:22 . 2008-10-24 22:53 142,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-21 22:20 . 2008-07-08 14:54 148,496 --a------ C:\WINDOWS\system32\drivers\77886017.sys
2008-10-21 21:39 . 2008-10-21 21:39 <DIR> d-------- C:\Programmi\Sophos
2008-10-21 11:19 . 2004-05-06 07:10 794,632 --------- C:\WINDOWS\system32\drivers\winfilse.exe
2008-10-20 09:42 . 2008-10-20 09:42 244 --ah----- C:\sqmnoopt01.sqm
2008-10-20 09:42 . 2008-10-20 09:42 232 --ah----- C:\sqmdata01.sqm
2008-10-15 10:11 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 10:10 . 2008-09-15 17:24 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 10:09 . 2008-08-14 15:22 2,192,896 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 10:09 . 2008-08-14 15:22 2,148,864 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 10:09 . 2008-08-14 15:22 2,069,760 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 10:09 . 2008-08-14 15:22 2,027,520 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 09:53 . 2008-10-15 09:53 <DIR> d-------- C:\Documents and Settings\ceres2001\Dati applicazioni\eMule
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 12:51 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-10-15 07:12 --------- d-----w C:\Programmi\eMule
2008-09-15 15:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 19:39 --------- d-----w C:\Programmi\IdiomaX
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-05-26 01:08 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008052620080527\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2008-05-23 5724184]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 1923352]
"Uniblue SpyEraser"="C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechGalleryRepair"="C:\Programmi\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="C:\Programmi\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"IdiomaX Office"="C:\Programmi\IdiomaX\Translation Suite 5.0\IdxOffice.exe" [2007-07-15 422448]
"IdiomaX Product Update"="C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe" [2007-07-15 533040]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-10-24 78008]
"SunJavaUpdateSched"="C:\Programmi\Java\jre6\bin\jusched.exe" [2008-10-23 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Assistente di Traduzione IdiomaX.lnk - C:\Programmi\IdiomaX\Translation Suite 5.0\TrasWord.exe [2007-07-15 418352]
BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe [2008-04-23 49152]
BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2008-04-23 278528]
Traduttore di E-Mail IdiomaX.lnk - C:\Programmi\IdiomaX\Translation Suite 5.0\TrdLaunch.exe [2007-07-15 291376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Mediacenter 1.0 Coolstreaming\\Mediacenter.exe"=
R1 is-5ATMQdrv;is-5ATMQdrv;C:\WINDOWS\system32\DRIVERS\77886017.sys [2008-07-08 148496]
R2 JavaQuickStarterService;Java Quick Starter;C:\Programmi\Java\jre6\bin\jqs.exe [2008-10-23 152984]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-19 327168]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15b3aa0-10a6-11dd-9a80-00134631e701}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - nideiect.com
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-03 C:\WINDOWS\Tasks\Aggiornamento dei Prodotti di IdiomaX.job
- C:\Programmi\File comuni\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe [2007-07-15 23:40]
2008-10-22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-07-08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-PCSuiteTrayApplication - C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.libero.it/O17 -: HKLM\CCS\Interface\{A20DDAEA-A14A-4E6F-9F63-1477CF88DB28}: NameServer = 85.37.17.49,85.38.28.91
O16 -: DirectAnimation Java Classes -
file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java -
file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- Associazioni di file -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-24 22:56:15
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\WINDOWS\system32\LVComS.exe
C:\Programmi\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-24 23:17:06 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-24 21:16:49
Pre-Run: 11.136.835.584 byte disponibili
Post-Run: 11,041,992,704 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
167 --- E O F --- 2008-10-15 08:36:25