ComboFix 09-04-19.05 - Claudio 19/04/2009 17.42.37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1620 [GMT 2:00]
Eseguito da: c:\documents and settings\Claudio\Desktop\czxczx.exe
AV: avast! antivirus 4.8.1335 [VPS 090418-0] *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\ej10fkdo.bat
.
((((((((((((((((((((((((( Files Creati Da 2009-03-19 al 2009-04-19 )))))))))))))))))))))))))))))))))))
.
2009-04-19 15:38 . 2009-04-19 15:38 268 ---ha-w C:\sqmdata05.sqm
2009-04-19 15:38 . 2009-04-19 15:38 244 ---ha-w C:\sqmnoopt05.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 15:43 . 2009-04-19 13:09 1585184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-19 15:41 . 2009-04-19 15:41 268 ---ha-w C:\sqmdata06.sqm
2009-04-19 15:41 . 2009-04-19 15:41 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-19 15:39 . 2009-04-19 13:09 15896 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-19 13:44 . 2009-04-19 13:44 268 ---ha-w C:\sqmdata04.sqm
2009-04-19 13:44 . 2009-04-19 13:44 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-19 13:04 . 2009-04-19 13:04 12328 ----a-w c:\documents and settings\Claudio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-19 13:03 . 2009-04-19 13:03 -------- d-----w c:\documents and settings\Claudio\Dati applicazioni\ATI
2009-04-19 13:03 . 2009-04-19 13:03 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ATI
2009-04-19 13:03 . 2009-04-19 13:03 268 ---ha-w C:\sqmdata03.sqm
2009-04-19 13:03 . 2009-04-19 13:03 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-19 13:01 . 2009-04-19 13:01 268 ---ha-w C:\sqmdata02.sqm
2009-04-19 13:01 . 2009-04-19 13:01 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-19 13:00 . 2001-08-31 12:00 79688 ----a-w c:\windows\system32\perfc010.dat
2009-04-19 13:00 . 2001-08-31 12:00 479368 ----a-w c:\windows\system32\perfh010.dat
2009-04-19 13:00 . 2009-04-19 13:00 65800 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-19 13:00 . 2009-04-19 13:00 -------- d-----w c:\programmi\MSBuild
2009-04-19 13:00 . 2009-04-19 13:00 -------- d-----w c:\programmi\Reference Assemblies
2009-04-19 12:52 . 2009-04-19 12:51 -------- d-----w c:\programmi\ATI Technologies
2009-04-19 12:52 . 2009-04-19 12:16 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-19 12:47 . 2009-04-19 12:47 268 ---ha-w C:\sqmdata01.sqm
2009-04-19 12:47 . 2009-04-19 12:47 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-19 12:47 . 2009-04-19 12:47 -------- d-----w c:\programmi\Alwil Software
2009-04-19 12:31 . 2009-04-19 12:28 -------- d-----w c:\programmi\ASUS
2009-04-19 12:21 . 2009-04-19 12:21 268 ---ha-w C:\sqmdata00.sqm
2009-04-19 12:21 . 2009-04-19 12:21 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-19 12:18 . 2009-04-19 12:18 -------- d-----w c:\programmi\Analog Devices
2009-04-19 12:18 . 2009-04-19 12:18 1024 ----a-w C:\.rnd
2009-04-19 12:17 . 2009-04-19 12:17 -------- d-----w c:\programmi\NVIDIA Corporation
2009-04-19 12:17 . 2009-04-19 12:16 -------- d-----w c:\programmi\File comuni\InstallShield
2009-04-19 12:16 . 2009-04-19 12:16 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-19 12:16 . 2009-04-19 12:16 -------- d-----w c:\programmi\ASUS WiFi-AP Solo
2009-04-19 12:15 . 2009-04-19 12:15 -------- d-----w c:\programmi\DIFX
2009-04-19 12:00 . 2009-04-19 12:00 -------- d-----w c:\programmi\microsoft frontpage
2009-04-19 11:59 . 2009-04-19 11:59 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 11:59 . 2009-04-19 11:59 -------- d-----w c:\programmi\Servizi in linea
2009-04-19 11:57 . 2009-04-19 11:57 21840 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-19 11:57 . 2009-04-19 11:56 -------- d-----w c:\programmi\Windows Live
2009-04-19 11:56 . 2009-04-19 11:56 -------- d-----w c:\programmi\Windows Media Connect 2
2009-02-25 22:58 . 2009-02-25 22:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-04-19 12:52 593920 ------w c:\windows\system32\ati2sgag.exe
2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat
.
------- Sigcheck -------
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\2f751deff4c9646c9a2883fbe2a60450\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\2f751deff4c9646c9a2883fbe2a60450\sp3qfe\tcpip.sys
[-] 2008-05-08 16:28 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\system32\drivers\tcpip.sys
[-] 2008-05-08 16:30 1571840 4ED067D8270174E777286A26FECDB3E8 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-08 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Ai Gear Help"="c:\program files\ASUS\Ai Gear\GearHelp.exe" [2006-07-27 415744]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2006-11-30 1419776]
"Launch Ai Booster"="c:\programmi\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-08 5724184]
c:\documents and settings\Claudio\Menu Avvio\Programmi\Esecuzione automatica\
is-FTLRV.lnk - c:\documents and settings\Claudio\Desktop\Virus Removal Tool\is-FTLRV\startup.exe [2009-4-19 65536]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ASUS WiFi-AP Solo.lnk - c:\programmi\ASUS WiFi-AP Solo\RtWLan.exe [2009-4-19 995328]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
S1 aswSP;avast! Self Protection; [x]
S1 is-FTLRVdrv;is-FTLRVdrv;c:\windows\system32\DRIVERS\19944211.sys [2008-07-08 148496]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]
S3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [2006-06-23 13532]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - SJYPKT
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-19 17:43
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\nvappfilter.dll
.
Ora fine scansione: 2009-04-19 17.44.18
ComboFix-quarantined-files.txt 2009-04-19 15:44
Pre-Run: 244.367.511.552 byte disponibili
Post-Run: 244.419.878.912 byte disponibili
158 --- E O F --- 2009-04-19 13:10