ComboFix 08-11-02.05 - Gian 2008-11-03 17:39:41.3 -
FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.767 [GMT 1:00]
Eseguito da: c:\documents and settings\Gian\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((( Files Creati Da 2008-10-03 al 2008-11-03 )))))))))))))))))))))))))))))))))))
.
2008-11-03 16:26 . 2008-11-03 16:26 <DIR> d--hs---- C:\FOUND.016
2008-11-03 16:05 . 2008-11-03 16:05 230 --a------ c:\windows\system32\spupdsvc.inf
2008-11-03 15:38 . 2008-11-03 15:38 <DIR> d-------- c:\documents and settings\Administrator\segnalibro
2008-11-03 15:20 . 2008-11-03 15:20 <DIR> d-------- c:\documents and settings\Administrator\backup
2008-11-03 15:17 . 2008-11-03 15:17 185,856 --a------ c:\windows\system32\framedyn.dll
2008-11-03 15:17 . 2008-11-03 15:17 5,415 --a------ c:\windows\system32\Choice.com
2008-11-03 13:45 . 2008-11-03 13:45 <DIR> d-------- c:\programmi\Vodafone
2008-11-03 13:45 . 2008-11-03 13:45 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-10-27 21:41 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 17:44 . 2008-09-15 17:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 17:14 . 2008-09-08 12:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 17:12 . 2008-08-14 15:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 17:12 . 2008-08-14 15:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:12 . 2008-08-14 15:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:12 . 2008-08-14 15:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-07 13:33 . 2008-10-07 13:34 <DIR> d-------- c:\programmi\AoA Audio Extractor
2008-10-04 00:19 . 2004-08-19 05:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-04 00:15 . 2008-10-04 00:15 8,840 --a------ c:\windows\SEC112D.PNF
2008-10-04 00:12 . 2008-10-04 00:12 <DIR> d-------- c:\windows\system32\it
2008-10-04 00:12 . 2008-10-04 00:12 <DIR> d-------- c:\windows\system32\bits
2008-10-04 00:12 . 2008-10-04 00:12 <DIR> d-------- c:\windows\l2schemas
2008-10-04 00:04 . 2008-10-04 00:04 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-03 23:50 . 2008-10-03 23:50 2,948 --a------ c:\windows\SEC8.PNF
2008-10-03 23:40 . 2008-10-03 23:40 <DIR> d-------- c:\windows\EHome
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 12:46 99,727 ----a-w c:\windows\E220AutoRunLog.tmp
2008-10-03 17:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 16:24 1,846,400 ------w c:\windows\system32\win32k.sys
2008-09-09 01:16 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-09-08 11:41 333,824 ------w c:\windows\system32\drivers\srv.sys
2008-08-26 08:57 63,488 ------w c:\windows\system32\dllcache\icardie.dll
2008-08-26 08:57 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
2008-08-26 08:57 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
2008-08-26 08:57 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
2008-08-26 08:57 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
2008-08-25 09:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-14 14:22 2,192,896 ------w c:\windows\system32\ntoskrnl.exe
2008-08-14 14:22 2,069,760 ------w c:\windows\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2007-12-04 10:21 40,288 ----a-w c:\documents and settings\Gian\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2007-08-22 14:12 661504 c82a1185becd4b075e86e3c3b22e762c c:\windows\system32\wininet.dll
2007-08-22 14:12 661504 c82a1185becd4b075e86e3c3b22e762c c:\windows\system32\dllcache\wininet.dll
2007-08-20 10:57 824832 21aa12b75ce02358e0ad8c706680869f c:\windows\SoftwareDistribution\Download\5a25e64fb9a0303bcaec81545677a1fb\SP2GDR\wininet.dll
2007-08-20 10:48 825344 69d5497609b4fb0981f17074671e072b c:\windows\SoftwareDistribution\Download\5a25e64fb9a0303bcaec81545677a1fb\SP2QFE\wininet.dll
2007-08-22 13:56 668160 2385e8caf1ed885caf1f480e3ab0eb05 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-08-20 10:48 825344 69d5497609b4fb0981f17074671e072b c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 00:21 825344 714d8a2b05b2aaf0c6a39241a1ed914f c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:40 825344 39ccda0e9b778792b06c1b9d794a9776 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 93db90be4a10ec784ddc9c8601a28aa6 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-06-23 17:39 827904 bf9d17259082632f03f3ff5759c6ae32 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 11:08 827904 8e694ec9da095e518d9447b3293208ea c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-04-14 04:13 668672 663e74d98d2e67c1343d367388edd711 c:\windows\ServicePackFiles\i386\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-10-11 00:49 824832 419a6f3d56e469bcbe71128a78463da4 c:\windows\ie7updates\KB944533-IE7\wininet.dll
2008-03-01 14:58 826368 61d4f43d26ec9d21beb6f38f22b396ab c:\windows\ie7updates\KB953838-IE7\wininet.dll
2004-08-19 05:00 658944 27966534a0820cd3bd988bd1517c8ff2 c:\windows\$NtUninstallKB939653$\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AROReminder"="c:\programmi\Advanced Registry Optimizer\aro.exe" [2008-04-09 2084480]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"PCMService"="c:\programmi\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"LManager"="c:\programmi\Launch Manager\QtZgAcer.EXE" [2005-10-12 315392]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 c:\windows\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 c:\windows\system32\SiSPower.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-01-04 331776]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Italian\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61373:TCP"= 61373:TCP:emule
R3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 ujjnqjof;ujjnqjof;c:\windows\system32\drivers\diadhyuf.sys [ ]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;c:\windows\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5c06b4-f475-11dc-92c9-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5c06b5-f475-11dc-92c9-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a6e8fd6-c4fa-11dc-9248-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a6e8fd7-c4fa-11dc-9248-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bda045c-9c5b-11dc-91e5-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bda045d-9c5b-11dc-91e5-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0f7dfe-c999-11dc-9255-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e0f7dff-c999-11dc-9255-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e5e984-c41f-11dc-9236-00163620d648}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35fcac4e-9aa0-11dc-91c9-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35fcac4f-9aa0-11dc-91c9-00163620d648}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cde3774-a9a5-11dd-93b4-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cde3775-a9a5-11dd-93b4-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5348af6e-c4e9-11dc-9241-00163620d648}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66dedc-c4ec-11dc-9244-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b66dedd-c4ec-11dc-9244-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0400bae-9c44-11dc-91e2-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0400baf-9c44-11dc-91e2-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2bfd5fc-9aa6-11dc-91cb-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb96e908-c9aa-11dc-925c-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beffad6c-c411-11dc-9234-00163620d648}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c01198-c995-11dc-9252-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c01199-c995-11dc-9252-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea42132-c9ad-11dc-925e-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eea42133-c9ad-11dc-925e-00163620d648}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c653ee-d292-11dc-9282-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c653ef-d292-11dc-9282-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa92426e-a7d7-11dc-9202-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa92426f-a7d7-11dc-9202-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffbf0c12-c99d-11dc-9258-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffbf0c13-c99d-11dc-9258-00163620d648}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Gian\Dati applicazioni\Mozilla\Firefox\Profiles\xck053y1.default\
FF -: plugin - c:\programmi\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-03 17:40:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-11-03 17:41:22
ComboFix-quarantined-files.txt 2008-11-03 16:41:20
ComboFix3.txt 2008-11-03 15:53:12
ComboFix2.txt 2008-11-03 16:24:28
Pre-Run: 30,384,357,376 byte disponibili
Post-Run: 30,370,365,440 byte disponibili
203 --- E O F --- 2008-11-03 09:28:42