ComboFix 08-11-19.08 - Paolo 2008-11-20 14.37.27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.178 [GMT 1:00]
Eseguito da: g:\documents and settings\Paolo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
g:\windows\system\msvbvm60.dll
g:\windows\system32\drivers\downld
g:\windows\system32\drivers\downld\11490000.exe
g:\windows\system32\drivers\downld\11491453.exe
g:\windows\system32\drivers\downld\11517843.exe
g:\windows\system32\drivers\downld\11525484.exe
g:\windows\system32\drivers\downld\11528218.exe
g:\windows\system32\drivers\downld\11533296.exe
g:\windows\system32\drivers\downld\11574343.exe
g:\windows\system32\drivers\downld\11581140.exe
g:\windows\system32\drivers\downld\11604515.exe
g:\windows\system32\drivers\downld\11615171.exe
g:\windows\system32\drivers\downld\11622296.exe
g:\windows\system32\drivers\downld\249234.exe
g:\windows\system32\drivers\downld\250687.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-10-20 al 2008-11-20 )))))))))))))))))))))))))))))))))))
.
2008-11-20 13:04 . 2008-11-20 13:04 135,168 --a------ G:\zip.exe
2008-11-20 13:04 . 2008-11-20 13:04 19,286 --a------ G:\cleanup.exe
2008-11-20 13:04 . 2008-11-20 13:04 574 --a------ G:\cleanup.bat
2008-11-19 18:51 . 2008-11-19 20:52 <DIR> d-------- g:\programmi\XLGuarder
2008-11-18 21:20 . 2008-11-19 21:46 <DIR> d-------- g:\programmi\uTorrent
2008-11-18 21:20 . 2008-11-19 02:23 <DIR> d-------- g:\documents and settings\Paolo\Dati applicazioni\uTorrent
2008-11-18 21:12 . 2008-11-18 21:12 <DIR> d-------- g:\programmi\DNA
2008-11-18 21:12 . 2008-11-18 21:12 <DIR> d-------- g:\programmi\AskBarDis
2008-11-18 21:12 . 2008-11-18 23:10 <DIR> d-------- g:\documents and settings\Paolo\Dati applicazioni\DNA
2008-11-16 15:34 . 2001-08-30 23:07 8,704 --a------ g:\windows\system32\kbdjpn.dll
2008-11-16 15:34 . 2001-08-30 23:07 8,704 --a--c--- g:\windows\system32\dllcache\kbdjpn.dll
2008-11-16 15:34 . 2001-08-30 23:07 8,192 --a------ g:\windows\system32\kbdkor.dll
2008-11-16 15:34 . 2001-08-30 23:07 8,192 --a--c--- g:\windows\system32\dllcache\kbdkor.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a------ g:\windows\system32\kbd106.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a------ g:\windows\system32\kbd101c.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a------ g:\windows\system32\kbd101b.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a--c--- g:\windows\system32\dllcache\kbd106.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a--c--- g:\windows\system32\dllcache\kbd101c.dll
2008-11-16 15:34 . 2001-08-17 22:55 6,144 --a--c--- g:\windows\system32\dllcache\kbd101b.dll
2008-11-16 15:34 . 2001-08-17 22:55 5,632 --a------ g:\windows\system32\kbd103.dll
2008-11-16 15:34 . 2001-08-17 22:55 5,632 --a--c--- g:\windows\system32\dllcache\kbd103.dll
2008-11-11 20:01 . 2008-11-11 20:01 <DIR> d-------- g:\programmi\Ontrack
2008-10-22 22:15 . 2004-08-03 22:00 149,376 --a------ g:\windows\system32\drivers\tffsport.sys
2008-10-22 22:15 . 2004-08-03 22:00 149,376 --a--c--- g:\windows\system32\dllcache\tffsport.sys
2008-10-21 01:24 . 2008-10-21 01:24 <DIR> d--h----- g:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 00:51 --------- d-----w g:\programmi\eMule
2008-11-11 19:25 --------- d--h--w g:\programmi\InstallShield Installation Information
2008-10-21 19:37 --------- d-----w g:\programmi\SopCast
2008-10-15 14:26 --------- d-----w g:\programmi\Alcohol Soft
2008-10-15 14:22 716,272 ----a-w g:\windows\system32\drivers\sptd.sys
2008-10-14 15:26 --------- d-----w g:\documents and settings\Paolo\Dati applicazioni\dvdcss
2008-10-08 14:44 --------- d-----w g:\programmi\AoA Audio Extractor
2008-10-08 14:43 --------- d---a-w g:\documents and settings\All Users\Dati applicazioni\TEMP
2008-10-08 11:01 --------- d-----w g:\programmi\DsNET Corp
2008-10-08 10:30 --------- d-----w g:\programmi\Tunatic
2008-10-06 21:05 78,596 --sha-w g:\windows\system32\drivers\fidbox.idx
2008-10-06 21:05 6,436,896 --sha-w g:\windows\system32\drivers\fidbox.dat
2008-10-06 12:04 --------- d-----w g:\programmi\Stellar Phoenix Windows Data Recovery
2008-10-06 10:26 --------- d-----w g:\programmi\File comuni\Acronis
2008-10-05 17:40 --------- d-----w g:\programmi\ESET
2008-10-05 15:23 --------- d-----w g:\documents and settings\All Users\Dati applicazioni\Avira
2008-10-05 15:17 512,096 ----a-w g:\windows\system32\drivers\amon.sys
2008-10-05 15:17 298,104 ----a-w g:\windows\system32\imon.dll
2008-10-05 15:17 15,424 ----a-w g:\windows\system32\drivers\nod32drv.sys
2008-10-05 13:53 734 ----a-w g:\programmi\coppv.txt
2008-10-05 13:53 61,440 ----a-w g:\windows\system32\drivers\bnlyw.sys
2008-10-05 13:52 934 ----a-w g:\programmi\tfmmcuuq.txt
2008-10-05 13:52 61,440 ----a-w g:\windows\system32\drivers\updgha.sys
2008-10-05 13:52 61,440 ----a-w g:\windows\system32\drivers\rvvxk.sys
2008-10-05 13:51 61,440 ----a-w g:\windows\system32\drivers\iovrnlfz.sys
2008-09-19 08:54 17,144 ----a-w g:\documents and settings\Paolo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-09-18 13:26 116,176 ----a-w g:\windows\iun1405.exe
2008-09-12 09:13 155,995 ----a-w g:\windows\java\Packages\17R7LJPR.ZIP
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="g:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"EPSON Stylus DX4400 Series"="g:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="g:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="g:\programmi\Eset\nod32kui.exe" [2008-10-05 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
g:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - g:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-19 14:51 1667584 g:\programmi\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programmi\\Messenger\\msmsgs.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"g:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"g:\\Programmi\\eMule\\emule.exe"=
"g:\\Programmi\\Windows Media Player\\wmplayer.exe"=
R0 tffsport;M-Systems DiskOnChip 2000;g:\windows\system32\DRIVERS\tffsport.sys [2008-10-22 149376]
S3 getPlus(R) Helper;getPlus(R) Helper;g:\programmi\NOS\bin\getPlus_HelperSvc.exe [2008-09-12 33752]
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-avgnt - g:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-avgnt - g:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/LSP: g:\windows\system32\imon.dll
TCP: {04CA3BF6-B950-4053-B724-83D7DBF66271} = 85.37.17.49 85.38.28.91
O16 -: Microsoft XML Parser for Java -
file://g:\windows\Java\classes\xmldso.cab
g:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-20 14:40:57
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
g:\docume~1\Paolo\IMPOST~1\Temp\RGI21B.tmp
Scansione completata con successo
Files nascosti: 1
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: g:\windows\system32\lsass.exe
-> g:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-11-20 14.44.24
ComboFix-quarantined-files.txt 2008-11-20 13:43:52
Pre-Run: 6.335.995.904 byte disponibili
Post-Run: 6,402,838,528 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
g:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
154