ComboFix 08-11-24.03 - Fabry 2008-11-25 14.01.27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.625 [GMT 1:00]
Eseguito da: c:\documents and settings\Fabry\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\a.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-10-25 al 2008-11-25 )))))))))))))))))))))))))))))))))))
.
2008-11-25 13:45 . 2008-11-25 13:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-11-23 14:58 . 2008-11-23 14:58 <DIR> d-------- c:\programmi\Symantec
2008-11-23 14:58 . 2008-11-23 14:59 <DIR> d-------- c:\programmi\File comuni\Symantec Shared
2008-11-23 14:58 . 2008-11-23 14:58 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-23 14:58 . 2008-11-23 14:58 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-23 14:58 . 2008-11-23 14:57 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-11-23 14:58 . 2008-11-23 14:58 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-23 14:58 . 2008-11-23 14:58 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-23 14:57 . 2008-11-25 13:33 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-11-23 14:57 . 2008-11-23 14:57 <DIR> d-------- c:\programmi\Windows Sidebar
2008-11-23 14:57 . 2008-11-23 14:57 <DIR> d-------- c:\programmi\Norton AntiVirus
2008-11-23 14:57 . 2008-11-23 14:58 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Norton
2008-11-23 14:56 . 2008-11-23 14:56 <DIR> d-------- c:\programmi\NortonInstaller
2008-11-23 14:56 . 2008-11-23 14:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2008-11-23 12:55 . 2008-11-23 12:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-22 15:04 . 2008-11-22 15:04 29 --a------ c:\windows\Battle.ini
2008-11-17 20:26 . 2008-11-17 20:26 <DIR> d-------- C:\Fabri
2008-11-16 23:04 . 2008-11-16 23:04 <DIR> d-------- c:\documents and settings\Dany\Dati applicazioni\NI.GSCNS
2008-11-16 11:38 . 2008-11-16 11:38 <DIR> d-------- c:\programmi\SolSuite
2008-11-16 11:38 . 2008-11-19 18:09 <DIR> d-------- c:\documents and settings\Dany\Dati applicazioni\SolSuite
2008-11-16 11:38 . 2008-11-16 11:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TreeCardGames
2008-11-13 14:24 . 2008-11-13 14:24 <DIR> d-------- c:\programmi\File comuni\Moonlight
2008-11-12 18:07 . 2008-11-12 18:07 <DIR> d-------- c:\programmi\TeamViewer3
2008-11-12 18:06 . 2008-11-12 18:06 <DIR> d-------- c:\documents and settings\Fabry\temp
2008-11-12 17:43 . 2008-11-12 17:43 <DIR> d-------- c:\documents and settings\Fabry\Dati applicazioni\TeamViewer
2008-11-12 17:02 . 2008-11-12 17:06 <DIR> d-------- c:\documents and settings\Fabry\Dati applicazioni\vlc
2008-11-12 16:28 . 2008-11-12 16:28 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-11-11 17:25 . 2008-11-11 17:25 <DIR> d-------- C:\ClonkPlanet
2008-11-11 17:25 . 2004-03-14 21:39 73,728 --a------ c:\windows\system32\GkSui18.EXE
2008-11-11 17:17 . 2008-11-11 19:20 <DIR> d-------- c:\programmi\FreeSolitaire
2008-11-11 17:17 . 2008-11-18 17:58 3,477 --a------ c:\windows\Solitaire.ini
2008-11-11 16:39 . 2008-11-11 16:39 <DIR> d-------- C:\Governor of Poker
2008-11-11 16:20 . 2008-11-11 16:20 <DIR> d-------- c:\programmi\iPod
2008-11-11 16:19 . 2008-11-11 16:20 <DIR> d-------- c:\programmi\iTunes
2008-11-11 16:19 . 2008-11-11 16:20 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-09 22:55 . 2008-11-09 22:55 50,282 --a------ C:\
001.gif
2008-11-09 14:12 . 2008-11-09 14:32 35,113,704 --a------ C:\directx_9c_redist.exe
2008-11-07 15:23 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-07 15:23 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-07 15:22 . 2008-11-07 15:22 <DIR> d-------- C:\NVIDIA
2008-11-07 14:41 . 2008-11-07 14:41 <DIR> d-------- c:\documents and settings\Dany\SystemRequirementsLab
2008-11-05 20:34 . 2008-11-05 20:34 <DIR> d-------- C:\Disney
2008-11-01 12:20 . 2008-11-01 12:20 <DIR> d-------- c:\programmi\Office-Web
2008-11-01 12:20 . 2007-09-27 17:19 1,191,520 --a------ c:\windows\system32\XWheel.dll
2008-11-01 12:20 . 2007-09-27 17:11 561,152 --a------ c:\windows\system32\MousePage.dll
2008-11-01 12:20 . 2008-11-23 14:35 147,040 --a------ c:\windows\system32\Hook.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-26 12:47 . 2008-10-26 12:47 <DIR> d-------- c:\programmi\Netlog Photo Tool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:19 --------- d-----w c:\documents and settings\Fabry\Dati applicazioni\Skype
2008-11-23 13:53 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-23 11:39 --------- d-----w c:\programmi\SpywareBlaster
2008-11-23 11:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-11-18 13:37 --------- d-----w c:\programmi\eMule
2008-11-12 19:27 --------- d-----w c:\programmi\World of Warcraft
2008-11-12 16:01 --------- d-----w c:\programmi\DivX
2008-11-12 15:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\HDD Thermometer
2008-11-12 15:56 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-11-12 15:45 --------- d-----w c:\documents and settings\Fabry\Dati applicazioni\DivX
2008-11-01 11:20 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-28 13:04 --------- d-----w c:\documents and settings\Fabry\Dati applicazioni\Apple Computer
2008-10-24 15:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-24 10:19 --------- d-----w c:\programmi\Windows Media Connect 2
2008-10-23 13:00 --------- d-----w c:\documents and settings\Fabry\Dati applicazioni\Command & Conquer 3 Tiberium Wars
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-07 19:53 --------- d-----w c:\programmi\MobMapUpdater
2008-10-04 10:42 --------- d-----w c:\programmi\MSECache
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-07-26 15:35 8,092,160 ----a-w c:\programmi\WoW.exe
2008-07-26 15:32 90 ----a-w c:\programmi\realmlist.wtf
2008-07-26 15:16 1,284,008 ----a-w c:\programmi\WoW-2.3.0.7561-enGB-downloader.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"LASER Mouse"="c:\programmi\Office-Web\Office-Web Center\Panel.exe" [2007-09-27 667232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-30 185632]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 c:\windows\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-13 c:\windows\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Infogrames\\GP4.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Programmi\\Warcraft III\\Warcraft III.exe"=
"c:\\Programmi\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\WoW-2.3.0.7561-enGB-downloader.exe"=
"c:\\Programmi\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1001000.021\SYMEFA.SYS []
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1001000.021\BHDrvx86.sys [2008-11-24 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1001000.021\ccHPx86.sys [2008-11-24 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081120.006\IDSxpx86.sys [2008-11-23 274808]
R2 Norton AntiVirus;Norton AntiVirus;"c:\programmi\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\programmi\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
S2 ioloFileInfoList;iolo FileInfoList Service;c:\programmi\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\programmi\iolo\common\lib\ioloServiceManager.exe []
.
Contenuto della cartella 'Scheduled Tasks'
2008-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-24 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Fabry\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-08 09:40]
.
- - - - ORFÃOS REMOVIDOS - - - -
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-dimsntfy - (no file)
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Fabry\Dati applicazioni\Mozilla\Firefox\Profiles\pelznut7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.google.it/FF -: plugin - c:\documents and settings\Fabry\Impostazioni locali\Dati applicazioni\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\programmi\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\programmi\Opera\program\plugins\npdivx32.dll
.
.
------- Associazioni di file -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-25 14:07:54
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton AntiVirus]
"ImagePath"="\"c:\programmi\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programmi\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(3404)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\programmi\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-11-25 14:11:03 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-25 13:10:57
Pre-Run: 26.263.719.936 byte disponibili
Post-Run: 26,299,850,752 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
222 --- E O F --- 2008-10-12 10:11:27