ComboFix 09-02-02.01 - Pedrinazzi 2009-02-02 20.03.57.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.279 [GMT 1:00]
Eseguito da: c:\documents and settings\Pedrinazzi\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pedrinazzi\Preferiti\Videos.url
c:\windows\hosts
c:\windows\IE4 Error Log.txt
c:\windows\secure32.html
c:\windows\system32\mdm.exe
c:\windows\system32\paytime.exe
c:\windows\system32\timedefw32ex.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-01-02 al 2009-02-02 )))))))))))))))))))))))))))))))))))
.
2009-02-02 19:36 . 2009-02-02 19:36 <DIR> d-------- C:\VundoFix Backups
2009-02-02 00:10 . 2009-02-02 00:10 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-02-01 18:11 . 2009-02-01 18:11 <DIR> d-------- c:\programmi\Ashampoo
2009-02-01 18:06 . 2009-02-01 18:06 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-01-24 22:57 . 2009-01-24 22:57 <DIR> d--hs---- C:\FOUND.003
2009-01-21 19:15 . 2009-01-21 19:15 <DIR> d--hs---- C:\FOUND.002
2009-01-16 19:52 . 2009-01-16 19:52 <DIR> d--hs---- C:\FOUND.001
2009-01-08 19:43 . 2009-01-08 19:43 <DIR> d--hs---- C:\FOUND.000
2009-01-05 11:08 . 2009-01-05 11:08 <DIR> d-------- c:\documents and settings\Pedrinazzi\Dati applicazioni\StartPrintGadget
2009-01-05 11:05 . 2009-01-05 11:05 <DIR> d-------- c:\programmi\StartPrint
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 17:55 --------- d-----w c:\programmi\iTunes
2008-12-06 17:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-06 17:52 --------- d-----w c:\programmi\Bonjour
2008-12-06 17:03 --------- d-----w c:\programmi\Apple Software Update
2008-12-06 17:02 --------- d-----w c:\programmi\File comuni\Apple
2008-12-06 17:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-11-29 13:03 921,632 ----a-w C:\PA7302.DAT
2007-04-16 16:54 166,693 --sh--r c:\windows\system32\uljbnzmn.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-15 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"PmProxy"="c:\programmi\Analog Devices\SoundMAX\PmProxy.exe" [2002-11-14 40960]
"00THotkey"="c:\windows\System32\
00THotkey.exe" [2003-01-15 09:49 249856]
"TMESBS.EXE"="c:\programmi\TOSHIBA\TME3\TMESBS32.EXE" [2003-01-08 57344]
"TFncKy"="c:\programmi\Toshiba\TOSHIBA Controls\TFncKy.exe" [2003-01-09 151552]
"TosHKCW.exe"="c:\programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-12-04 126976]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2002-12-04 569344]
"TouchED"="c:\programmi\TOSHIBA\TouchED\TouchED.Exe" [2002-08-09 122880]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2002-12-12 c:\windows\system32\nwiz.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2003-01-17 c:\windows\system32\TPWRTRAY.EXE]
"TFNF5"="TFNF5.exe" [2001-09-04 c:\windows\system32\TFNF5.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 c:\windows\system32\
000StTHK.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2003-05-03 106560]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\messenger\\msmsgs.exe"=
"c:\\Programmi\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4254:TCP"= 4254:TCP:knvrlxlp
R2 Tmesbs;Tmesbs32;c:\programmi\Toshiba\TME3\tmesbs32.exe [2003-01-22 57344]
S2 jeaftdpfy;Microsoft Monitor;c:\windows\system32\svchost.exe -k netsvcs [1980-01-01 14336]
S3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [2008-06-06 94848]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2004-02-24 171264]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [2008-06-30 457856]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jeaftdpfy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NOD32RUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e0c8740-3220-11dc-818f-00080d1c2933}]
\Shell\AutoRun\command - E:\Launch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662124f1-33f5-11dd-8340-00080d1c2933}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6aa3981-79cd-11d7-b98b-806d6172696f}]
\Shell\AutoRun\command - D:\NOD32RUN.EXE
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-02 c:\windows\Tasks\A207B3EF9188317B.job
- c:\docume~1\pedrin~1\datiap~1\doesho~1\Peakliteface.exe []
2008-06-11 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2009-01-27 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{1BCDEDA8-0D55-7257-5CDD-759E7B972CE7} - c:\docume~1\PEDRIN~1\DATIAP~1\FRAGCU~1\SoftwareCool.exe
HKCU-Run-LOADSETUP - c:\docume~1\PEDRIN~1\DATIAP~1\DOESHO~1\dartbagsflap.exe
HKLM-Run-Microsoft Works Update Detection - c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe
Notify-WgaLogon - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.gmail.com/uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {6535CEE3-C94D-4E80-B25D-D38F8A3C9ACB} = 85.37.17.4 85.38.28.70
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} -
hxxp://www.new2.foto.com/ImageUploader5.cabFF - ProfilePath - c:\documents and settings\Pedrinazzi\Dati applicazioni\Mozilla\Firefox\Profiles\67wtujqr.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://italian.icrfast.com/index.php?rvs=hompagFF - prefs.js: network.proxy.type - 4
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-02 20:05:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jeaftdpfy]
"ServiceDll"="c:\windows\system32\uljbnzmn.dll"
.
Ora fine scansione: 2009-02-02 20.07.15
ComboFix-quarantined-files.txt 2009-02-02 19:07:14
Pre-Run: 2.062.827.520 byte disponibili
Post-Run: 2,690,269,184 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
167 --- E O F --- 2008-09-30 01:03:05