ComboFix 08-12-01.01 - User 2008-12-02 13.48.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.9 [GMT 1:00]
Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\recover.reg
c:\windows\system32\rs32net.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_restore
((((((((((((((((((((((((( Files Creati Da 2008-11-02 al 2008-12-02 )))))))))))))))))))))))))))))))))))
.
2008-12-01 20:08 . 2008-12-01 20:16 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-01 12:30 . 2008-12-01 21:49 32,768 --a------ c:\windows\system32\drivers\ati8pvxx.sys
2008-11-29 17:11 . 2008-11-29 17:11 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TomTom
2008-11-29 16:53 . 2008-11-29 16:53 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\TomTom
2008-11-26 19:02 . 2008-11-26 19:19 <DIR> d-------- c:\windows\system32\Adobe
2008-11-22 13:56 . 1996-11-07 14:51 308,736 --a------ c:\windows\system32\Fpxlib.dll
2008-11-22 13:56 . 1996-11-07 14:51 91,136 --a------ c:\windows\system32\Jpeglib.dll
2008-11-22 13:56 . 1999-08-18 01:51 56,832 --a------ c:\windows\system32\VideoSin.ax
2008-11-17 19:18 . 2008-11-17 19:26 754 --a------ c:\windows\WORDPAD.INI
2008-11-16 20:09 . 2008-11-16 20:09 <DIR> d-------- c:\programmi\Sony Setup
2008-11-10 17:52 . 2008-11-10 17:52 <DIR> d-------- c:\programmi\ASIX Electronics Corporation
2008-11-10 17:52 . 2006-09-06 16:35 19,072 --a------ c:\windows\system32\drivers\ax88772.sys
2008-11-10 17:24 . 2008-04-14 03:13 579,584 --a------ c:\windows\system32\user32.dll
2008-11-06 11:40 . 2008-11-06 11:40 <DIR> d-------- c:\programmi\ZyXEL
2008-11-06 11:39 . 2008-11-06 11:39 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 22:24 --------- d-----w c:\programmi\eMule
2008-11-22 12:56 --------- d-----w c:\programmi\Philips Vesta Camera
2008-11-10 16:52 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-10 16:51 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-02 16:27 --------- d-----w c:\documents and settings\User\Dati applicazioni\gtk-2.0
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-02 17:53 --------- d-----w c:\documents and settings\User\Dati applicazioni\LimeWire
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-02-01 17:05 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.
------- Sigcheck -------
2005-03-02 19:20 578048 488019bfe2b0f9f8cd8394276d5b664a c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 16:48 579072 bab4f995e526484a235a276e269aaf7f c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-19 13:00 578048 08447bdfce5d1b1956f962602381f5c1 c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:10 578048 14b5d6b20467dba209853d65d1f6a124 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 03:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\user32.dll
2008-04-14 03:13 579584 fa94696c0727bd59e517c674cd6e7c72 c:\windows\system32\user32.dll
2008-04-14 03:14 510464 9259170d29b5a256735fcb8b80280857 c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\winlogon.exe
2000-01-01 17:31 504832 1dbd3966123ac2f6ade783f7f17f8c7f c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\programmi\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 13:54 1555480 --a------ c:\programmi\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\programmi\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\programmi\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-11-27 133104]
"TomTomHOME.exe"="d:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088]
"PE2CKFNT SE"="c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 25088]
"InstantAccess"="c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 37376]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
Utilit… adattatore wireless ZyXEL G-202.lnk - c:\programmi\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe [2008-11-06 10907648]
Watch.lnk - c:\windows\twain_32\CIS600X\WATCH.exe [2008-02-02 356352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4gjxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5qvxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7imxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8pvxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\programmi\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2004-06-29 17:42 569344 c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\ZyXEL\\ZyXEL G-202 Wireless Adapter Utility\\ZyXEL G-202.exe"=
R0 ati8pvxx;ati8pvxx;c:\windows\system32\Drivers\ati8pvxx.sys [2008-12-01 32768]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-23 97928]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-23 76040]
R2 SFC4;SFC4;c:\windows\system32\drivers\SFC4.sys [2008-02-02 41472]
R3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDCNDIS5.SYS [2008-10-28 19072]
S0 ati4gjxx;ati4gjxx;c:\windows\system32\Drivers\ati4gjxx.sys []
S0 ati5qvxx;ati5qvxx;c:\windows\system32\Drivers\ati5qvxx.sys []
S0 ati7imxx;ati7imxx;c:\windows\system32\Drivers\ati7imxx.sys []
S3 AX88178;Sitecom USB Gigabit LAN LN-028;c:\windows\system32\DRIVERS\ax88178.sys [2000-01-01 22144]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772.sys [2008-11-10 19072]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2008-10-28 20608]
S3 phil2vid;Fotocamera VGA USB Philip;c:\windows\system32\DRIVERS\philcam2.sys [2008-01-05 173696]
S3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-10-28 437760]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69184af5-c060-11d3-bacb-ca2a390875c2}]
\Shell\Auto\command - gsokjsuix.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gsokjsuix.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990be390-87f1-11dd-bc37-ae29209c9ae6}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1049a80-bbaf-11dc-bad1-d41fe9357ad6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e274a8b1-be2d-11dd-bca0-bc0882c7ebbd}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
*Newly Created Service* - ZDCNDIS5
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-02 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-11-27 13:29]
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
Notify-atyhibwx - atyhibwx.dll
MSConfigStartUp-Disk Knight - c:\windows\Knight.exe
.
------- Supplementare di scansione -------
.
uStart Page = about:blank
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
TCP: {AF78D79F-4AAF-4551-9C95-BDF9EAA4D278} = 213.156.54.80,213.156.54.81
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-02 14:01:58
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-02 14:12:02 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-12-02 13:11:36
Pre-Run: 8.147.091.456 byte disponibili
Post-Run: 8,518,811,648 byte disponibili
217 --- E O F --- 2008-11-14 15:57:26