ComboFix 08-12-14.01 - user 2008-12-14 20:53:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1014.512 [GMT 1:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\user\IMPOST~1\Temp\svchost.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.
2008-12-14 20:33 . 2008-12-14 20:35 <DIR> d-------- c:\programmi\eToro
2008-12-14 18:46 . <DIR> c:\windows\LastGood.Tmp
2008-12-14 15:51 . 2008-12-14 16:06 <DIR> d-------- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2008-12-14 15:51 . 2008-12-14 16:06 <DIR> d-------- c:\programmi\SDHelper (Spybot - Search & Destroy)
2008-12-14 15:51 . 2008-12-14 15:51 <DIR> d-------- c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2008-12-14 15:51 . 2008-12-14 15:51 <DIR> d-------- c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2008-12-12 18:28 . 2008-12-12 18:28 <DIR> d-------- c:\programmi\Eraser
2008-12-12 18:28 . 2008-12-12 18:28 <DIR> d--h----- c:\documents and settings\All Users\Dati applicazioni\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-07 12:55 . 2008-12-14 14:54 <DIR> d-------- c:\programmi\Kyodai Mahjongg 2006
2008-12-06 15:49 . 2008-12-10 00:37 <DIR> d-------- c:\programmi\Zylom Games
2008-12-06 15:49 . 2008-12-06 15:49 <DIR> d-------- c:\documents and settings\user\Dati applicazioni\Zylom
2008-12-04 15:59 . 2008-12-04 15:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WinZip
2008-12-02 16:32 . 2008-12-02 16:32 <DIR> d-------- c:\programmi\DVD Decrypter
2008-12-02 15:42 . 2008-12-02 15:42 <DIR> d-------- c:\programmi\Alcohol Soft
2008-12-02 15:38 . 2008-12-02 15:38 639,224 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-02 15:00 . 2004-08-30 21:00 365,568 --a------ c:\windows\system32\doskeys.exe
2008-12-02 15:00 . 2008-12-02 15:00 51,712 --a------ c:\windows\system32\dllhosts.exe
2008-12-02 15:00 . 2008-12-14 20:59 97 --a------ c:\windows\system32\Monitored2.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 19:58 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-14 19:37 --------- d-----w c:\programmi\AdunanzA
2008-12-14 17:44 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-13 20:20 --------- d-----w c:\programmi\ESET
2008-12-02 10:56 --------- d-----w c:\documents and settings\user\Dati applicazioni\dvdcss
2008-11-17 20:57 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2008-11-14 12:21 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-14 12:20 24,192 ----a-w c:\documents and settings\user\usbsermptxp.sys
2008-11-14 12:20 22,768 ----a-w c:\windows\system32\drivers\usbsermpt.sys
2008-11-14 12:20 22,768 ----a-w c:\documents and settings\user\usbsermpt.sys
2008-11-14 12:19 --------- d-----w c:\programmi\mobile PhoneTools
2008-10-22 14:25 --------- d-----w c:\documents and settings\user\Dati applicazioni\Ace
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 16:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-04-06 16:31 774,144 ----a-w c:\programmi\RngInterstitial.dll
2008-01-03 18:01 56 -csh--r c:\windows\system32\16B1707854.sys
2008-01-03 18:01 1,890 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]
"Eraser"="c:\programmi\Eraser\eraser.exe" [2007-12-23 916240]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Norton Ghost 9.0"="c:\programmi\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"IEAdviser"="c:\windows\IEAdviser\Updater.exe" [2008-03-21 28672]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-08-11 949376]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2008-12-02 c:\windows\system32\dllhosts.exe]
c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Kyodai Mahjongg 2006\\kmj.exe"=
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-08-11 15424]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-07-29 46779]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe -service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5c85912-8253-11dd-bb4f-001e4c00d355}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORFÃOS REMOVIDOS - - - -
HKLM-Run-BroadcomWireless - c:\programmi\Broadcom\Wireless\Utility\WlanUtil.exe
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemDefault_Search_URL =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext =
hxxp://www.speedbit.com/FinishInstall.a ... allSO=2001uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchAssistant =
hxxp://www.google.com/ieIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-14 20:58:32
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(1272)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Broadcom\ASFIPMon\AsfIpMon.exe
c:\windows\system32\gearsec.exe
c:\programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\docume~1\user\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
c:\windows\IEAdviser\IEAdviser.exe
.
**************************************************************************
.
Ora fine scansione: 2008-12-14 21:00:55 - macchina è stato riavviato [user]
ComboFix-quarantined-files.txt 2008-12-14 20:00:50
Pre-Run: 4,019,499,008 byte disponibili
Post-Run: 5,975,691,264 byte disponibili
159
[log]