ComboFix 09-03-25.02 - GIONNNY 2009-03-26 9:24:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1215.818 [GMT 1:00]
Eseguito da: c:\documents and settings\GIONNNY\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.
2009-03-26 09:09 . 2009-03-26 09:09 <DIR> d----c--- C:\VundoFix Backups
2009-03-26 09:07 . 2009-03-26 09:07 <DIR> d-------- c:\windows\LastGood
2009-03-26 08:38 . 2009-03-26 08:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-26 08:38 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-26 08:34 . 2009-03-26 08:47 <DIR> d-------- c:\programmi\Notebook Hardware Control
2009-03-26 08:03 . 2009-03-26 08:03 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 08:01 . 2009-03-26 08:08 <DIR> d-------- c:\programmi\HIJIACTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 07:36 --------- d-----w c:\programmi\NEXT 3D ARREDAMENTO D'INTERNI
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2009-02-08 15:52 --------- d-----w c:\programmi\Metin2_Italiano
2009-01-30 14:05 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-30 14:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-30 14:05 --------- d-----w c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-29 11:07 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\TuneUp Software
2009-01-29 11:06 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-29 11:06 --------- d-----w c:\programmi\TuneUp Utilities 2008
2009-01-29 11:02 --------- d-----w c:\programmi\VS Revo Group
2009-01-29 10:31 --------- d-----w c:\programmi\File comuni\Symantec SharedComboFix 09-03-25.02 - GIONNNY 2009-03-26 9:24:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1215.818 [GMT 1:00]
Eseguito da: c:\documents and settings\GIONNNY\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.
2009-03-26 09:09 . 2009-03-26 09:09 <DIR> d----c--- C:\VundoFix Backups
2009-03-26 09:07 . 2009-03-26 09:07 <DIR> d-------- c:\windows\LastGood
2009-03-26 08:38 . 2009-03-26 08:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-26 08:38 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-26 08:34 . 2009-03-26 08:47 <DIR> d-------- c:\programmi\Notebook Hardware Control
2009-03-26 08:03 . 2009-03-26 08:03 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 08:01 . 2009-03-26 08:08 <DIR> d-------- c:\programmi\HIJIACTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 07:36 --------- d-----w c:\programmi\NEXT 3D ARREDAMENTO D'INTERNI
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2009-02-08 15:52 --------- d-----w c:\programmi\Metin2_Italiano
2009-01-30 14:05 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-30 14:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-30 14:05 --------- d-----w c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-29 11:07 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\TuneUp Software
2009-01-29 11:06 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-29 11:06 --------- d-----w c:\programmi\TuneUp Utilities 2008
2009-01-29 11:02 --------- d-----w c:\programmi\VS Revo Group
2009-01-29 10:31 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-01-29 10:05 --------- d-----w c:\programmi\Alwil Software
2009-01-28 12:32 --------- d-----w c:\programmi\CCleaner
2009-01-28 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-01-28 12:06 --------- d-----w c:\programmi\IObit
2009-01-28 12:06 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\IObit
2009-01-28 11:53 --------- d-----w c:\programmi\MSXML 4.0
2009-01-28 11:46 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Malwarebytes
2009-01-28 11:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-28 11:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-28 11:38 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:31 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Ahead
2009-01-28 11:29 --------- d-----w c:\programmi\Nero
2009-01-28 11:29 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-15 01:17 636,264 ------w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 01:17 392,040 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 01:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 01:06 236,544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 01:06 105,984 ------w c:\windows\system32\dllcache\url.dll
2009-01-15 01:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 01:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 01:05 193,536 ------w c:\windows\system32\dllcache\msrating.dll
2009-01-15 01:05 109,056 ------w c:\windows\system32\dllcache\occache.dll
2009-01-15 01:04 755,200 ------w c:\windows\system32\dllcache\VGX.dll
2009-01-15 01:04 25,600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 01:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-01-15 01:02 611,840 ------w c:\windows\system32\dllcache\mstime.dll
2009-01-15 01:01 66,560 ------w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 01:01 46,592 ------w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 01:01 348,160 ------w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:01 34,304 ------w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 01:01 216,064 ------w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 01:01 183,808 ------w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 01:00 45,568 ------w c:\windows\system32\dllcache\mshta.exe
2009-01-15 00:53 68,608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 00:50 156,160 ------w c:\windows\system32\dllcache\msls31.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2003-09-09 70800]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-27 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:14 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560]
S3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [2005-08-31 14080]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.8.18.0;c:\windows\system32\drivers\BDA_Loader_220.sys [2005-08-31 19328]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827d7167-df98-11db-974b-0040d07f6bc2}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98ec440-ed2d-11dd-979b-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370994-edfc-11dd-97a8-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc5e6594-beed-11dd-9790-0040d07f6bc2}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
2005-11-19 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 10:14]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-26 09:26:30
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\GTGina.dll
.
Ora fine scansione: 2009-03-26 9:28:25
ComboFix-quarantined-files.txt 2009-03-26 08:28:16
Pre-Run: 34,050,842,624 byte disponibili
Post-Run: 34,069,798,912 byte disponibili
174 --- E O F --- 2009-03-26 07:59:52
2009-01-29 10:05 --------- d-----w c:\programmi\Alwil Software
2009-01-28 12:32 --------- d-----w c:\programmi\CCleaner
2009-01-28 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-01-28 12:06 --------- d-----w c:\programmi\IObit
2009-01-28 12:06 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\IObit
2009-01-28 11:53 --------- d-----w c:\programmi\MSXML 4.0
2009-01-28 11:46 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Malwarebytes
2009-01-28 11:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-28 11:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-28 11:38 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:31 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Ahead
2009-01-28 11:29 --------- d-----w c:\programmi\Nero
2009-01-28 11:29 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-15 01:17 636,264 ------w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 01:17 392,040 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 01:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 01:06 236,544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 01:06 105,984 ------w c:\windows\system32\dllcache\url.dll
2009-01-15 01:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 01:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 01:05 193,536 ------w c:\windows\system32\dllcache\msrating.dll
2009-01-15 01:05 109,056 ------w c:\windows\system32\dllcache\occache.dll
2009-01-15 01:04 755,200 ------w c:\windows\system32\dllcache\VGX.dll
2009-01-15 01:04 25,600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 01:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-01-15 01:02 611,840 ------w c:\windows\system32\dllcache\mstime.dll
2009-01-15 01:01 66,560 ------w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 01:01 46,592 ------w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 01:01 348,160 ------w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:01 34,304 ------w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 01:01 216,064 ------w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 01:01 183,808 ------w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 01:00 45,568 ------w c:\windows\system32\dllcache\mshta.exe
2009-01-15 00:53 68,608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 00:50 156,160 ------w c:\windows\system32\dllcache\msls31.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2003-09-09 70800]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-27 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:14 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560]
S3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [2005-08-31 14080]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.8.18.0;c:\windows\system32\drivers\BDA_Loader_220.sys [2005-08-31 19328]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827d7167-df98-11db-974b-0040d07f6bc2}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98ec440-ed2d-11dd-979b-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370994-edfc-11dd-97a8-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc5e6594-beed-11dd-9790-0040d07f6bc2}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
2005-11-19 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 10:14]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-26 09:26:30
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\GTGina.dll
.
Ora fine scansione: 2009-03-26 9:28:25
ComboFix-quarantined-files.txt 2009-03-26 08:28:16
Pre-Run: 34,050,842,624 byte disponibili
Post-Run: 34,069,798,912 byte disponibili
174 --- E O F --- 2009-