ComboFix 09-03-02.01 - Barzin 2009-03-02 19.04.00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1040.18.2046.1282 [GMT 1:00]
Eseguito da: c:\users\Barzin\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Barzin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
FILE ::
c:\autorun.inf
c:\UFO.exe
c:\users\Barzin\AppData\Local\Temp
E:\22wcb21o.exe
e:\autorun.inf
E:\CSRSS.exe
e:\UFO.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-02-02 al 2009-03-02 )))))))))))))))))))))))))))))))))))
.
2009-02-28 10:31 . 2009-02-28 10:31 118 --a------ c:\windows\System32\MRT.INI
2009-02-28 10:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 10:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 10:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 10:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 10:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 10:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 10:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 10:05 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 10:05 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 10:05 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 10:05 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-28 10:05 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 10:03 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-28 10:03 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-28 10:03 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-27 21:26 . 2009-02-27 21:26 <DIR> d-------- c:\users\All Users\Adobe
2009-02-27 21:26 . 2009-02-27 21:28 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-16 00:34 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 00:34 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 00:34 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 00:34 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 00:34 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-04 11:19 . 2009-02-04 11:19 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 17:59 --------- d-----w c:\users\Barzin\AppData\Roaming\OpenOffice.org2
2009-03-02 09:43 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-02 09:40 --------- d-----w c:\program files\CCleaner
2009-02-27 15:23 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail
2009-02-04 10:21 --------- d-----w c:\programdata\avg8
2009-02-04 10:19 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-04 10:19 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-23 17:45 --------- d-----w c:\program files\Poladroid
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-03 01:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-16 11:50 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-05-22 09:34 174 --sha-w c:\program files\desktop.ini
2006-03-20 13:37 5,689,344 ----a-w c:\program files\mplayerc.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-02_17.33.02.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-02 16:26:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-02 16:38:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-02 16:26:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-02 16:38:14 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-02 16:29:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 16:39:50 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-02 16:29:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:06:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 18:06:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-02 16:21:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-02 18:03:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-02-28 10:08:00 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-02 17:58:45 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-28 10:08:00 120,326 ----a-w c:\windows\System32\perfc010.dat
+ 2009-03-02 17:58:45 120,326 ----a-w c:\windows\System32\perfc010.dat
- 2009-02-28 10:08:00 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-02 17:58:45 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-28 10:08:00 662,846 ----a-w c:\windows\System32\perfh010.dat
+ 2009-03-02 17:58:45 662,846 ----a-w c:\windows\System32\perfh010.dat
- 2009-03-02 16:28:55 8,542 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042695977-3343395866-3773383324-1000_UserData.bin
+ 2009-03-02 16:40:17 8,574 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2042695977-3343395866-3773383324-1000_UserData.bin
- 2009-03-02 16:28:55 61,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-02 16:40:16 61,228 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-02 15:28:00 42,812 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-02 16:40:12 43,002 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-29 458752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-11 21244872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]
c:\users\Barzin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-05-22 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B8EA2B6F-8E20-4912-B07D-1DA7394890B2}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{305BD197-32FA-4591-8EE6-6DA2537FF886}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8D040B2A-45CE-490C-8186-1A864BF190CE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{81FCC265-72D6-4866-BE0B-81CB936BD576}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F98B5EE-4680-4C19-885B-A5A1F2331FD2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7913C346-2A1D-4048-BF6F-B50D6A213B77}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{95C70E01-91E2-4EB9-9429-CBBDF71CB55D}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{A1FD34E1-76E9-43A9-B76C-2E01A5E91A8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{89B18DF4-77F4-450E-9D66-63C17EA1ECC6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{4CD970BB-CC37-497D-94F2-44D2D737E4CD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AF98C15C-BB47-4911-9613-94B4EBA090DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F11AA58-B197-4A93-87C5-6497B18E0D81}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B259105E-ECBD-4386-8203-451F1292B0E9}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{91B4AA61-389D-474E-8739-9879D1216036}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A85C07C-8CCE-47ED-9C9D-200486DD32DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-22 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-04 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-05-22 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 298264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-22 809296]
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [2008-05-22 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-03-02 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\users\Barzin\AppData\Roaming\Mozilla\Firefox\Profiles\
020io55v.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-02 19:06:22
Windows 6.0.6001 Service Pack 1 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'Explorer.exe'(5772)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Ora fine scansione: 2009-03-02 19.09.36
ComboFix-quarantined-files.txt 2009-03-02 18:09:33
ComboFix2.txt 2009-03-02 16:35:49
Pre-Run: 31.949.533.184 byte disponibili
Post-Run: 31,706,513,408 byte disponibili
205 --- E O F --- 2009-02-28 09:49:37