ComboFix 08-11-09.01 - Luca 2008-11-09 23.20.40.1 - NTFSx86
Eseguito da: c:\documents and settings\Luca\Desktop\ComboFix.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo.exe
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo_nav.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\iuuwawo_navps.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce_nav.dat
c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\oswcqce_navps.dat
c:\programmi\Ahead\Nero BackItUp\NBJ.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\config\49938630.Evt
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_VFILT
-------\Service_asc3550p
((((((((((((((((((((((((( Files Creati Da 2008-10-09 al 2008-11-09 )))))))))))))))))))))))))))))))))))
.
2008-11-09 22:08 . 2008-11-09 23:12 <DIR> d-------- c:\programmi\FindyKill
2008-11-09 20:57 . 2008-11-09 20:57 <DIR> d-------- C:\fsaua.data
2008-11-09 20:16 . 2008-11-09 20:16 <DIR> d-------- c:\programmi\AVG
2008-11-09 20:07 . 2008-11-09 20:07 68,296 --a------ c:\windows\system32\drivers\GRD.sys
2008-11-09 19:55 . 2008-11-09 19:55 50,888 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-11-09 19:55 . 2008-11-09 19:55 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2008-11-09 19:53 . 2008-11-09 20:15 <DIR> d-------- c:\programmi\G DATA
2008-11-09 19:10 . 2008-11-09 19:10 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\AVGTOOLBAR
2008-11-09 18:58 . 2008-11-09 18:58 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-09 18:58 . 2008-11-09 18:58 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-09 18:41 . 2008-11-09 18:41 86,016 --a------ c:\windows\system32\fhhfgnjh.dll
2008-11-01 19:39 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\programmi\TVUPlayer
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\Luca\LocalLow
2008-11-01 15:20 . 2008-11-01 15:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-10-30 11:51 . 2008-10-30 11:50 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-27 17:16 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-27 17:16 . 2008-08-14 10:48 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2008-10-27 17:11 . 2008-05-01 15:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-27 17:05 . 2008-08-28 11:04 333,056 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-27 17:04 . 2008-09-15 16:38 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-27 17:02 . 2008-08-14 14:42 2,184,064 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,139,648 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,061,440 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-27 17:02 . 2008-08-14 14:42 2,019,328 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-27 16:55 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-27 15:14 . 2008-10-28 01:56 81,920 --a------ c:\windows\clipsrv.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\system32\drivers\logman.exe
2008-10-26 13:12 . 2008-10-28 01:56 81,920 --a------ c:\windows\cmstp.exe
2008-10-26 01:15 . 2008-10-26 01:15 83,952 --ah----- c:\windows\system32\mlfcache.dat
2008-10-26 01:12 . 2008-10-26 01:12 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-23 09:43 . 2008-10-23 09:43 <DIR> d-------- c:\documents and settings\Luca\DoctorWeb
2008-10-23 01:33 . 2008-10-23 01:33 <DIR> d-------- c:\documents and settings\Luca\Dati applicazioni\Malwarebytes
2008-10-23 01:32 . 2008-10-23 01:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-19 14:57 . 2008-10-19 14:57 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\wmp
2008-10-15 19:43 . 2008-10-15 19:43 <DIR> d-------- c:\programmi\Thoosje
2008-10-14 23:21 . 2008-10-03 17:58 6,066,176 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2008-10-14 23:21 . 2007-04-17 10:32 2,455,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-10-14 23:21 . 2007-03-08 06:11 1,032,192 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-14 23:21 . 2008-08-26 08:57 459,264 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2008-10-14 23:21 . 2008-08-26 08:57 383,488 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-10-14 23:21 . 2008-08-26 08:57 267,776 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2008-10-14 23:21 . 2008-08-26 08:57 63,488 --a--c--- c:\windows\system32\dllcache\icardie.dll
2008-10-14 23:21 . 2008-08-26 08:57 52,224 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-14 23:21 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-10-14 17:58 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java
2008-10-12 21:34 . 2008-10-12 21:34 <DIR> d--hs---- c:\documents and settings\Luca\PrivacIE
2008-10-12 20:22 . 2008-10-14 17:58 <DIR> d-------- c:\programmi\File comuni\Java(2)
2008-10-11 18:30 . 2008-10-14 18:00 <DIR> d-------- c:\programmi\PokerStars.IT
2008-10-09 23:37 . 2008-10-09 23:37 <DIR> d-------- c:\programmi\M8k Produzione
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 22:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-11-09 21:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg7
2008-11-09 19:37 --------- d-----w c:\programmi\eMule
2008-11-09 18:38 --------- d-----w c:\programmi\VS Revo Group
2008-11-09 17:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-11-02 00:06 --------- d-----w c:\programmi\Norton Save and Restore
2008-11-01 18:03 --------- d-----w c:\programmi\Opera
2008-10-30 10:50 --------- d-----w c:\programmi\Java
2008-10-28 09:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-10-26 09:16 --------- d-----w c:\programmi\ESET
2008-10-26 08:59 --------- d-----w c:\programmi\Kaspersky Lab
2008-10-26 00:13 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Apple Computer
2008-10-26 00:12 --------- d-----w c:\programmi\Apple Software Update
2008-10-24 21:52 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-10-24 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-10-23 00:30 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-10-23 00:13 --------- d-----w c:\programmi\Lavasoft
2008-10-22 07:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-10-14 22:09 --------- d-----w c:\programmi\RadarSync
2008-10-14 22:09 --------- d-----w c:\programmi\Conduit
2008-10-14 16:58 --------- d-----w c:\programmi\Google
2008-10-04 23:01 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2008-10-04 22:43 --------- d-----w c:\programmi\Trend Micro
2008-10-04 14:07 --------- d-----w c:\programmi\THQ
2008-10-04 14:07 --------- d-----w c:\programmi\Panda Security
2008-10-04 14:06 --------- d-----w c:\programmi\QuickTime
2008-10-04 14:06 --------- d-----w c:\programmi\PrevxCSI
2008-10-04 14:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-04 14:04 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Photozig Albums
2008-10-04 14:03 --------- d-----w c:\programmi\Yahoo!
2008-10-04 14:03 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Netscape(2)
2008-10-04 14:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-10-04 14:01 --------- d-----w c:\programmi\Common Files
2008-10-04 14:01 --------- d-----w c:\programmi\BearShare Applications
2008-10-04 14:01 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\BearShare
2008-10-04 14:00 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-10-04 14:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-10-04 13:59 --------- d-----w c:\programmi\IObit
2008-10-04 13:59 --------- d-----w c:\programmi\Corel
2008-10-04 13:58 --------- d-----w c:\programmi\File comuni\Real
2008-10-04 13:58 --------- d-----w c:\documents and settings\Luca\Dati applicazioni\Corel
2008-10-04 13:56 --------- d-----w c:\programmi\Sun
2008-10-04 13:56 --------- d-----w c:\programmi\IncrediMail
2008-10-04 13:52 --------- d-----w c:\programmi\OfficePowerT
2008-10-04 13:52 --------- d-----w c:\programmi\Norton Security Scan
2008-10-04 13:39 --------- d-----w c:\programmi\Photodex Presenter(2)
2008-10-04 13:13 --------- d-----w c:\programmi\PokerStars.NET
2008-10-04 13:11 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-04 13:11 --------- d-----w c:\programmi\Microsoft IntelliPoint 5.2
2008-10-04 09:42 --------- d-----w c:\programmi\SpeedFan
2008-09-17 07:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-05-16 08:21 22,328 -c--a-w c:\documents and settings\Luca\Dati applicazioni\PnkBstrK.sys
2005-06-09 20:06 56 -csh--r c:\windows\system32\B0897FE85A.sys
2005-06-09 20:06 1,682 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2005-08-16 98304]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 45056]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2003-07-29 332288]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-30 136600]
"Motive SmartBridge"="c:\progra~1\Alice ti aiuta\SmartBridge\MotiveSB.exe" [2006-04-21 438359]
"basicsmssmenu"="c:\programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-01-08 217088]
Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-07-23 757760]
LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-03-25 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\.nvsvc
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\italian\\setup.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
R2 Basics Service;Basics Service;c:\programmi\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2003-04-18 8192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [ ]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-09 29208]
S3 cpuz;cpuz;c:\docume~1\Luca\IMPOST~1\Temp\cpuz.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-05-29 4736]
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-11-09 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-27 20:25]
2008-11-09 c:\windows\Tasks\Norton Security Scan.job
- c:\programmi\Norton Security Scan\Nss.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-NBJ - c:\programmi\Ahead\Nero BackItUp\NBJ.exe
HKCU-Run-iuuwawo - c:\documents and settings\luca\impostazioni locali\dati applicazioni\iuuwawo.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-NWEReboot - (no file)
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\lciraqw9.default\
FF -: plugin - c:\documents and settings\Luca\Impostazioni locali\Dati applicazioni\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npdeploytk.dll
.
.
------- Associazioni di file -------
.
chm.file="c:\programmi\lg pc suite\lg pc sync\hh.exe" %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-09 23:24:15
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\programmi\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\windows\system32\PnkBstrA.exe
c:\programmi\MemoRex\MemoRex.exe
c:\windows\system32\LVComS.exe
c:\windows\system32\rundll32.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-09 23:29:58 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-09 22:29:54
Pre-Run: 79.955.488.768 byte disponibili
Post-Run: 79,887,810,560 byte disponibili
258 --- E O F --- 2008-11-09 21:59:05