ComboFix 08-12-01.03 - utente 2008-12-04 13.48.13.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.598 [GMT 1:00]
Eseguito da: c:\documents and settings\utente\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\utente\Desktop\CFScript.txt
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!FILE ::
c:\windows\system32\AS-Exp2.ocx
c:\windows\system32\Flash.ocx
c:\windows\system32\MSADODC.ocx
c:\windows\system32\ProgressBar4.ocx
c:\windows\system32\stu2.exe
c:\windows\system32\systray.ocx
c:\windows\system32\threadapi.tlb
c:\windows\system32\VB6STKIT.DLL
c:\windows\system32\XceedBkp.dll
c:\windows\system32\XceedCry.dll
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AS-Exp2.ocx
c:\windows\system32\Flash.ocx
c:\windows\system32\MSADODC.ocx
c:\windows\system32\ProgressBar4.ocx
c:\windows\system32\stu2.exe
c:\windows\system32\systray.ocx
c:\windows\system32\threadapi.tlb
c:\windows\system32\VB6STKIT.DLL
c:\windows\system32\XceedBkp.dll
c:\windows\system32\XceedCry.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-11-04 al 2008-12-04 )))))))))))))))))))))))))))))))))))
.
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2008-12-01 13:29 . 2007-03-15 19:32 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-12-01 13:29 . 2008-12-04 13:50 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2008-12-01 13:29 . 2007-03-15 19:50 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-12-01 13:29 . 2008-12-01 13:30 <DIR> d-------- c:\documents and settings\Administrator
2008-11-18 13:44 . 2008-11-18 13:45 <DIR> d-------- c:\temp\google
2008-11-18 13:44 . 2008-11-18 13:44 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 18:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-11-30 14:05 --------- d-----w c:\programmi\SUPERAntiSpyware
2008-11-30 14:05 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-30 14:03 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-30 14:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-30 13:54 --------- d-----w c:\programmi\eMule
2008-11-23 09:03 8,704 ----a-w c:\windows\system32\userinit.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:44 --------- d-----w c:\programmi\File comuni\Adobe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-03_23.45.29.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
- 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\macromed\flash\FlashUtil9f.exe" [2008-03-25 218496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-10-09 185632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\utente\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Registrazione elettronica Corel© - Corel© Custom Photo.lnk - c:\programmi\Corel\Custom Photo\Register\Remind32.exe [2007-06-10 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\utente\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\tvants\\Tvants.exe"=
"c:\\Documents and Settings\\utente\\Desktop\\Stooge.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\utente\\Documenti\\emoticon msn\\animoticon\\mcoinstall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
S1 SASDIFSV;SASDIFSV;\??\c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL;\??\c:\programmi\SUPERAntiSpyware\SASKUTIL.sys []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-05 20560]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;c:\windows\system32\drivers\CoachCap.sys [2002-03-03 93068]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 Vcs;Vcs support;\??\c:\windows\system32\Drivers\Vcs.sys [2007-05-25 6852]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 SASENUM;SASENUM;\??\c:\programmi\SUPERAntiSpyware\SASENUM.SYS []
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-24 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []
2008-12-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-04 13:51:18
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2008-12-04 13.53.31
ComboFix-quarantined-files.txt 2008-12-04 12:52:26
ComboFix2.txt 2008-12-03 22:47:14
Pre-Run: 14.656.483.328 byte disponibili
Post-Run: 14,653,497,344 byte disponibili
181 --- E O F --- 2008-11-12 18:51:14