ComboFix 09-01-08.05 - Zagaria 2009-01-12 15.16.29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.2047.1617 [GMT 1:00]
Eseguito da: c:\documents and settings\Zagaria\Desktop\combofix.exe.exe
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ajkieg.dll
c:\windows\system32\cjuopj.dll
c:\windows\system32\gvifudec.dll
c:\windows\system32\hhpygmuf.dll
c:\windows\system32\iahqfz.dll
c:\windows\system32\mmxokdcn.dll
c:\windows\system32\ofvpcx.dll
c:\windows\system32\otciyoyg.dll
c:\windows\system32\sAIOnUvw.ini
c:\windows\system32\sAIOnUvw.ini2
c:\windows\system32\scioia.dll
c:\windows\system32\virus.dll
c:\windows\system32\wavhekgy.dll
c:\windows\system32\wvUnOIAs.dll
c:\windows\system32\yiccdurh.ini
c:\windows\Tasks\yosxfyww.job
.
((((((((((((((((((((((((( Files Creati Da 2008-12-12 al 2009-01-12 )))))))))))))))))))))))))))))))))))
.
2009-01-10 20:40 . 2009-01-10 20:40 <DIR> d-------- c:\programmi\Sega
2009-01-09 19:09 . 2009-01-09 19:22 <DIR> d-------- C:\zenvrenghe
2009-01-04 20:12 . 2009-01-04 20:12 268 --ah----- C:\sqmdata04.sqm
2009-01-04 20:12 . 2009-01-04 20:12 172 --ah----- C:\sqmnoopt04.sqm
2009-01-04 19:02 . 2009-01-04 19:02 268 --ah----- C:\sqmdata03.sqm
2009-01-04 19:02 . 2009-01-04 19:02 244 --ah----- C:\sqmnoopt03.sqm
2008-12-28 16:22 . 2008-04-13 11:46 37,888 --a------ c:\windows\system32\drivers\bthmodem.sys
2008-12-28 16:22 . 2008-04-13 11:46 37,888 --a--c--- c:\windows\system32\dllcache\bthmodem.sys
2008-12-21 11:38 . 2008-12-21 11:38 <DIR> d-------- c:\programmi\uTorrent
2008-12-21 11:38 . 2008-12-22 09:53 <DIR> d-------- c:\documents and settings\Zagaria\Dati applicazioni\uTorrent
2008-12-19 20:10 . 2008-12-19 20:10 268 --ah----- C:\sqmdata02.sqm
2008-12-19 20:10 . 2008-12-19 20:10 244 --ah----- C:\sqmnoopt02.sqm
2008-12-19 15:16 . 2008-12-19 15:16 268 --ah----- C:\sqmdata01.sqm
2008-12-19 15:16 . 2008-12-19 15:16 244 --ah----- C:\sqmnoopt01.sqm
2008-12-19 15:12 . 2008-12-19 15:12 268 --ah----- C:\sqmdata00.sqm
2008-12-19 15:12 . 2008-12-19 15:12 244 --ah----- C:\sqmnoopt00.sqm
2008-12-15 18:12 . 2008-12-15 18:12 45,008 --a------ C:\waxx.exe
2008-12-15 17:17 . 2008-12-15 18:08 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-15 17:17 . 2008-12-15 18:08 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-15 17:15 . 2008-12-15 17:15 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-12-15 17:15 . 2009-01-12 15:27 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-12-15 17:15 . 2009-01-12 15:25 1,770,528 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-15 17:15 . 2009-01-12 15:25 237,600 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-15 17:15 . 2009-01-12 15:25 15,960 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-15 17:15 . 2009-01-12 15:25 1,892 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-14 20:44 . 2008-12-14 20:44 95 --a------ c:\windows\wininit.ini
2008-12-14 16:25 . 2008-12-17 20:30 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-14 16:14 . 2008-12-14 16:14 <DIR> d-------- C:\fsaua.data
2008-12-14 11:48 . 2008-12-14 11:48 <DIR> d-------- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 19:41 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 09:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-12-10 13:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-12-10 09:17 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-07 10:53 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 10:52 --------- d-----w c:\programmi\Java
2008-12-04 19:16 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\Winamp
2008-12-04 19:13 --------- d-----w c:\programmi\Winamp
2008-12-04 18:33 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-03 19:21 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-12-03 19:21 --------- d-----w c:\programmi\Windows Live
2008-12-03 19:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-03 14:55 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\DivX
2008-11-28 18:16 --------- d-----w c:\programmi\Microsoft Works
2008-11-28 17:50 --------- d-----w c:\programmi\File comuni\Ahead
2008-11-28 17:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-11-28 17:34 --------- d-----w c:\programmi\CCleaner
2008-11-28 17:32 --------- d-----w c:\programmi\Hercules
2008-11-28 17:31 --------- d-----w c:\programmi\File comuni\ArcSoft
2008-11-28 17:30 --------- d-----w c:\programmi\File comuni\InstallShield
2008-11-28 17:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\HP
2008-11-28 17:21 --------- d-----w c:\programmi\HP
2008-11-28 17:20 --------- d-----w c:\programmi\Hewlett-Packard
2008-11-28 17:08 --------- d-----w c:\programmi\DivX
2008-11-28 17:08 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\ArcSoft
2008-11-28 16:30 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\Ahead
2008-11-28 16:26 --------- d-----w c:\programmi\Nero
2008-11-28 15:07 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\HP
2008-11-27 20:13 --------- d-----w c:\programmi\REALTEK USB Wireless LAN Driver and Utility
2008-11-27 20:12 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-27 20:12 --------- d-----w c:\documents and settings\Zagaria\Dati applicazioni\InstallShield
2008-11-27 18:57 90,112 ----a-w c:\windows\DUMP4b32.tmp
2008-11-25 22:30 --------- d-----w c:\programmi\D-Link
2008-11-25 22:23 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-11-25 21:46 --------- d-----w c:\programmi\microsoft frontpage
2008-11-25 21:45 --------- d-----w c:\programmi\Servizi in linea
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 668,672 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2008-08-04 36352]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
REALTEK USB Wireless LAN Utility.lnk - c:\programmi\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2008-11-27 790528]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\wvUnOIAs
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 ovt530;Hercules Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [2008-11-28 161792]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-11-27 207616]
R4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-27 38144]
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{048D34BE-4DF6-44C5-A1AE-69802E286E4B} - (no file)
BHO-{0BC9B203-8529-4FDF-9CD9-3F44EEFD60A3} - (no file)
BHO-{4AF7A442-3B04-4787-9829-D9CC12DF1728} - (no file)
BHO-{4D67F03A-0D94-477F-88D1-F5AB50FEF678} - (no file)
BHO-{578A9BED-7E6D-4CD3-8BCE-CAC7DB2D1F70} - (no file)
BHO-{58E82FC4-4F75-4858-82FC-DD92C85EFA41} - (no file)
BHO-{7D505D45-AED6-48AF-A9E6-2BA4AF950ED1} - (no file)
BHO-{8BF35D72-2BC1-40E0-9255-7343CA128817} - c:\windows\system32\wvUnOIAs.dll
BHO-{8CFCF5B9-8668-47E1-92AE-5E2F4A5D6F08} - (no file)
BHO-{916f0c57-e552-48a1-bd30-140012725d80} - c:\windows\system32\ajkieg.dll
BHO-{BEE3D8BA-175B-4D16-BE71-BFEB0DD0517F} - (no file)
BHO-{C128CC43-A505-4EBD-93D5-41BF6305F219} - (no file)
BHO-{C6EF1A9C-452F-4646-BEDD-86B2C4ED105B} - (no file)
BHO-{DD6E5672-13FB-449D-A32A-EF91EEEEAE81} - (no file)
BHO-{E7676034-3CF9-4677-B7DF-EFAC4B813EE3} - (no file)
BHO-{F21190C2-D428-4AFF-AA5B-07DF210ABB71} - (no file)
Notify-awtrOhEx - (no file)
.
------- Supplementare di scansione -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A617DCC1-28B1-447D-A78E-E3BE7E21057B} = 193.12.150.2
FF - ProfilePath - c:\documents and settings\Zagaria\Dati applicazioni\Mozilla\Firefox\Profiles\svq1f9om.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-12 15:27:07
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\klogon.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-12 15:31:15 - macchina è stato riavviato [Zagaria]
ComboFix-quarantined-files.txt 2009-01-12 14:31:02
Pre-Run: 46.778.232.832 byte disponibili
Post-Run: 46,992,347,136 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
208 --- E O F --- 2008-12-11 20:41:28
Esegui 
![[XX(]](http://www.megalab.it/forum/images/smilies/frusty.gif "Testate al muro")
![[;)]](http://www.megalab.it/forum/images/smilies/wink.gif "Occhiolino")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")
![[sh]](http://www.megalab.it/forum/images/smilies/shifty.gif "Shifty")
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[rotolo]](http://www.megalab.it/forum/images/smilies/rotolbriggin.gif "Rotolo dal ridere")
![[uhm]](http://www.megalab.it/forum/images/smilies/Dubbio.gif "Uhm...")
...![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
![[cry+]](http://www.megalab.it/forum/images/smilies/cry.gif "Piangere a dirotto")
![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
