ComboFix 08-11-07.01 - pc0 2008-11-09 19.00.08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.595 [GMT 1:00]
Eseguito da: e:\documents and settings\pc0\Desktop\pincopallin4o.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\programmi\Windows Live\Messenger\MsnMsgr.exe
e:\windows\system32\drivers\downld
e:\windows\system32\mdm.exe
e:\windows\system32\x64
.
((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.
2008-11-09 18:50 . 2008-11-09 18:51 <DIR> d-------- E:\pincopallino
2008-11-09 15:16 . 2008-11-09 15:23 <DIR> d-------- e:\programmi\FindyKill
2008-11-09 12:28 . 2008-11-09 12:28 <DIR> d-------- E:\!KillBox
2008-11-09 05:23 . 2008-11-09 05:23 <DIR> d-------- e:\programmi\FDRLab
2008-11-09 04:55 . 2008-11-09 04:55 <DIR> d-------- E:\Intel
2008-11-09 03:18 . 2008-11-09 03:18 <DIR> d-------- e:\programmi\Yahoo!
2008-11-09 03:18 . 2008-11-09 03:18 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-11-09 02:42 . 2008-11-09 02:42 <DIR> d-------- e:\programmi\Malwarebytes' Anti-Malware
2008-11-09 02:42 . 2008-11-09 02:42 <DIR> d-------- e:\documents and settings\pc0\Dati applicazioni\Malwarebytes
2008-11-09 02:42 . 2008-11-09 02:42 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-09 02:42 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 02:42 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2008-11-09 01:34 . 2008-11-09 01:34 <DIR> d-------- e:\programmi\Trend Micro
2008-11-09 00:55 . 2008-11-09 00:57 <DIR> d-------- e:\programmi\Windows Live Safety Center
2008-11-08 20:34 . 2008-11-09 01:27 <DIR> d-------- e:\programmi\Fighters
2008-11-08 20:34 . 2008-11-08 20:34 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\Fighters
2008-11-08 20:19 . 2008-11-08 20:19 <DIR> d-------- e:\windows\Sun
2008-11-08 20:19 . 2008-11-08 20:18 410,976 --a------ e:\windows\system32\deploytk.dll
2008-11-08 20:19 . 2008-11-08 20:18 73,728 --a------ e:\windows\system32\javacpl.cpl
2008-11-08 20:18 . 2008-11-08 20:18 <DIR> d-------- e:\programmi\Java
2008-11-08 19:20 . 2008-11-08 19:30 <DIR> d-a------ e:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-08 19:19 . 2008-11-08 19:19 <DIR> d-------- e:\programmi\Google
2008-11-08 18:36 . 2008-11-08 18:36 <DIR> d-------- e:\programmi\Data Doctor Recovery Memory Card (Demo)
2008-11-08 17:36 . 1998-06-18 00:00 89,360 --a------ e:\windows\system32\VB5DB.DLL
2008-11-08 12:04 . 2007-07-30 19:19 271,224 --a------ e:\windows\system32\mucltui.dll
2008-11-08 12:04 . 2007-07-30 19:19 207,736 --a------ e:\windows\system32\muweb.dll
2008-11-08 12:04 . 2007-07-30 19:18 30,072 --a------ e:\windows\system32\mucltui.dll.mui
2008-10-29 17:24 . 2008-10-29 17:24 268 --ah----- E:\sqmdata19.sqm
2008-10-29 17:24 . 2008-10-29 17:24 244 --ah----- E:\sqmnoopt19.sqm
2008-10-28 20:21 . 2008-10-28 20:21 268 --ah----- E:\sqmdata18.sqm
2008-10-28 20:21 . 2008-10-28 20:21 244 --ah----- E:\sqmnoopt18.sqm
2008-10-28 15:21 . 2008-10-28 15:21 268 --ah----- E:\sqmdata17.sqm
2008-10-28 15:21 . 2008-10-28 15:21 244 --ah----- E:\sqmnoopt17.sqm
2008-10-27 23:03 . 2008-10-27 23:03 268 --ah----- E:\sqmdata16.sqm
2008-10-27 23:03 . 2008-10-27 23:03 244 --ah----- E:\sqmnoopt16.sqm
2008-10-26 16:22 . 2008-10-26 16:22 268 --ah----- E:\sqmdata15.sqm
2008-10-26 16:22 . 2008-10-26 16:22 244 --ah----- E:\sqmnoopt15.sqm
2008-10-25 15:14 . 2008-10-25 15:14 268 --ah----- E:\sqmdata14.sqm
2008-10-25 15:14 . 2008-10-25 15:14 244 --ah----- E:\sqmnoopt14.sqm
2008-10-24 21:19 . 2008-10-24 21:19 268 --ah----- E:\sqmdata13.sqm
2008-10-24 21:19 . 2008-10-24 21:19 244 --ah----- E:\sqmnoopt13.sqm
2008-10-24 17:57 . 2008-10-24 17:57 268 --ah----- E:\sqmdata12.sqm
2008-10-24 17:57 . 2008-10-24 17:57 244 --ah----- E:\sqmnoopt12.sqm
2008-10-22 13:26 . 2008-10-22 13:26 268 --ah----- E:\sqmdata11.sqm
2008-10-22 13:26 . 2008-10-22 13:26 244 --ah----- E:\sqmnoopt11.sqm
2008-10-21 13:19 . 2008-10-21 13:19 268 --ah----- E:\sqmdata10.sqm
2008-10-21 13:19 . 2008-10-21 13:19 244 --ah----- E:\sqmnoopt10.sqm
2008-10-12 21:24 . 2008-04-03 12:36 110,080 --a------ e:\windows\system32\drivers\ONDAusbnet.sys
2008-10-12 21:24 . 2008-04-03 12:36 104,960 --a------ e:\windows\system32\drivers\ONDAusbser6k.sys
2008-10-12 21:24 . 2008-04-03 12:36 104,960 --a------ e:\windows\system32\drivers\ONDAusbnmea.sys
2008-10-12 21:24 . 2008-04-03 12:36 104,960 --a------ e:\windows\system32\drivers\ONDAusbmdm6k.sys
2008-10-12 21:23 . 2008-10-12 21:24 <DIR> d-------- e:\windows\system32\SupportAppXL
2008-10-12 21:23 . 2008-11-08 16:05 <DIR> d-------- e:\programmi\Alice MOBILE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 14:49 --------- d-----w e:\programmi\eMule
2008-11-08 17:20 --------- d--h--w e:\programmi\InstallShield Installation Information
2008-10-02 16:02 --------- d-----w e:\programmi\Windows Live Toolbar
2008-10-02 16:02 --------- d-----w e:\programmi\Windows Live Favorites
2008-10-02 16:01 --------- d-----w e:\programmi\Windows Live
2008-10-02 15:42 --------- dcsh--w e:\programmi\File comuni\WindowsLiveInstaller
2008-10-02 15:29 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-01 10:21 --------- d-----w e:\programmi\AskTBar
2008-09-25 13:08 --------- d-----w e:\documents and settings\pc0\Dati applicazioni\vlc
2008-09-25 13:03 --------- d-----w e:\programmi\VideoLAN
2008-09-22 17:24 --------- d-----w e:\programmi\Driver Xp
2008-09-22 16:47 --------- d-----w e:\programmi\Intel
2008-09-22 16:39 --------- d-----w e:\programmi\Atheros
2008-09-19 07:11 920,088 ----a-w e:\windows\system32\igxpun.exe
2008-09-15 15:28 --------- d-----w e:\programmi\vanBasco's Karaoke Player
2008-09-15 13:37 --------- d-----w e:\programmi\XviD
2008-09-15 13:36 --------- d-----w e:\programmi\DivX
2008-09-13 22:06 --------- d-----w e:\programmi\Ahead
2008-09-13 22:06 --------- d-----w e:\documents and settings\pc0\Dati applicazioni\Ahead
2008-09-13 22:06 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Ahead
2008-09-13 22:04 --------- d-----w e:\programmi\File comuni\Ahead
2008-09-11 17:37 --------- d-----w e:\programmi\File comuni\Adobe
2008-09-11 09:00 147,456 ----a-w e:\windows\system32\igfxCoIn_v4990.dll
2008-09-11 08:53 3,401,216 ----a-w e:\windows\system32\igxpdx32.dll
2008-09-11 08:52 6,047,904 ----a-w e:\windows\system32\drivers\igxpmp32.sys
2008-09-11 08:52 2,352,128 ----a-w e:\windows\system32\igxpdv32.dll
2008-09-11 08:52 181,760 ----a-w e:\windows\system32\igxpgd32.dll
2008-09-11 08:52 1,481,884 ----a-w e:\windows\system32\igkrng400.bin
2008-09-11 08:51 57,344 ----a-w e:\windows\system32\igxprd32.dll
2008-09-11 08:34 2,277,376 ----a-w e:\windows\system32\ig4dev32.dll
2008-09-11 08:27 3,862,528 ----a-w e:\windows\system32\ig4icd32.dll
2008-09-11 08:18 651,264 ----a-w e:\windows\system32\igfxcfg.exe
2008-09-11 08:17 172,032 ----a-w e:\windows\system32\hkcmd.exe
2008-09-11 08:17 143,360 ----a-w e:\windows\system32\igfxtray.exe
2008-09-11 08:16 52,224 ----a-w e:\windows\system32\igfxsrvc.dll
2008-09-11 08:16 249,856 ----a-w e:\windows\system32\igfxsrvc.exe
2008-09-11 08:16 24,576 ----a-w e:\windows\system32\igfxexps.dll
2008-09-11 08:16 212,992 ----a-w e:\windows\system32\igfxpph.dll
2008-09-11 08:16 172,032 ----a-w e:\windows\system32\igfxext.exe
2008-09-11 08:16 143,360 ----a-w e:\windows\system32\igfxpers.exe
2008-09-11 08:16 135,168 ----a-w e:\windows\system32\igfxdo.dll
2008-09-11 08:16 106,496 ----a-w e:\windows\system32\hccutils.dll
2008-09-11 08:15 5,672,960 ----a-w e:\windows\system32\igfxress.dll
2008-09-11 08:15 217,088 ----a-w e:\windows\system32\igfxdev.dll
2008-09-10 10:30 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Atheros
2008-09-10 10:02 --------- d-----w e:\programmi\Broadcom
2008-09-10 10:01 --------- d-----w e:\documents and settings\All Users\Dati applicazioni\Broadcom
2008-09-10 09:58 --------- d-----w e:\programmi\Launch Manager
2008-09-10 09:24 315,392 ----a-w e:\windows\HideWin.exe
2008-09-10 09:24 --------- d-----w e:\programmi\Realtek
2008-09-10 09:24 --------- d-----w e:\programmi\File comuni\InstallShield
2008-09-10 09:22 --------- d-----w e:\documents and settings\pc0\Dati applicazioni\InstallShield
2008-09-10 07:53 --------- d-----w e:\programmi\Snapshot Viewer
2008-09-10 07:51 --------- d-----w e:\programmi\microsoft frontpage
2008-09-10 07:51 --------- d-----w e:\documents and settings\pc0\Dati applicazioni\Microsoft Web Folders
2008-09-09 21:49 --------- d-----w e:\programmi\Servizi in linea
1999-03-10 15:53 99,840 ----a-w e:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w e:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w e:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w e:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w e:\programmi\File comuni\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w e:\programmi\File comuni\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "e:\programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-09-13 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="e:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-08 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="e:\progra~1\LAUNCH~1\LManager.exe" [2008-06-25 768520]
"Adobe Reader Speed Launcher"="e:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="e:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="e:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="e:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"SunJavaUpdateSched"="e:\programmi\Java\jre6\bin\jusched.exe" [2008-11-08 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Porta Symantec Fax Starter Edition.lnk - e:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-03-10 45568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"e:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;e:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-01-14 81920]
R2 JavaQuickStarterService;Java Quick Starter;e:\programmi\Java\jre6\bin\jqs.exe [2008-11-08 152984]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;e:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-04-03 104960]
R3 ONDAusbnet;ONDA USB-NDIS miniport;e:\windows\system32\DRIVERS\ONDAusbnet.sys [2008-04-03 110080]
R3 ONDAusbnmea;ONDA NMEA Port;e:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-04-03 104960]
R3 ONDAusbser6k;ONDA Diagnostic Port;e:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-04-03 104960]
S1 sK9Ou0s;sK9Ou0s;e:\windows\system32\drivers\srosa2.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c27a874-7f02-11dd-9dd6-caf184a61ec4}]
\Shell\AutoRun\command - C:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0b0ff6-989b-11dd-9e44-001b38d3d5fd}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-11-09 e:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- e:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-MsnMsgr - e:\programmi\Windows Live\Messenger\MsnMsgr.Exe
Notify-acpiz - acpiz.dll
.
------- Supplementare di scansione -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.it/R0 -: HKCU-Main,Search Page =
hxxp://www.google.comR0 -: HKCU-Main,Search Bar =
hxxp://www.google.com/ieR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - e:\programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO17 -: HKLM\CCS\Interface\{FCFBFA4B-60A0-4932-837C-0204489121EA}: NameServer = 195.130.224.18,195.130.225.129
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-09 19:01:08
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-11-09 19.01.45
ComboFix-quarantined-files.txt 2008-11-09 18:01:41
Pre-Run: 12.434.448.384 byte disponibili
Post-Run: 12,502,683,648 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
222 --- E O F --- 2008-11-09 11:40:58