ComboFix 09-08-04.01 - user 05/08/2009 14.01.47.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.511.130 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\m.exe
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Creato nuovo punto di ripristino
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Windows Live Messenger .lnk
c:\documents and settings\user\Preferiti\GravidanzaOnLine .. Forum di Discussione Rispondi.url
c:\windows\system32\_id.dat
c:\windows\system32\fggOqBeg.ini
c:\windows\system32\fggOqBeg.ini2
.
((((((((((((((((((((((((( Files Creati Da 2009-07-05 al 2009-08-05 )))))))))))))))))))))))))))))))))))
.
2009-08-04 19:41 . 2009-08-04 19:41 -------- d-s---w- C:\ComboFix
2009-07-25 11:47 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-25 11:47 . 2001-08-30 18:41 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-25 11:47 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-25 11:47 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-07-16 19:36 . 2009-07-16 19:36 -------- d-----w- c:\programmi\NOS
2009-07-16 19:36 . 2009-07-16 19:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 16:17 . 2004-09-16 13:31 662016 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:16 . 2004-09-16 13:31 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:53 . 2004-09-16 13:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2004-09-16 13:31 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:25 . 2004-09-16 13:31 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:41 . 2004-09-16 13:31 346112 ----a-w- c:\windows\system32\localspl.dll
2006-02-28 17:56 . 2006-02-28 17:40 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-02-28 17:56 . 2006-02-28 17:52 56 --sh--r- c:\windows\system32\E81D985C13.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Creative Detector"="c:\programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2005-07-28 102400]
"ASUS Live Update"="c:\programmi\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\programmi\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 86016]
"NB Probe"="c:\programmi\ASUS\NB Probe\NBProbe.exe" [2005-07-27 765952]
"Wireless Console"="c:\programmi\ASUS\Wireless Console\wcourier.exe" [2005-07-22 57344]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 401408]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-02 385024]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 356352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-02-17 98304]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2006-06-13 921600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-06 14850560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\user\Menu Avvio\Programmi\Esecuzione automatica\
Webshots.lnk - c:\programmi\Webshots\WebshotsTray.exe [2006-3-14 196608]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ASUS ChkMail.lnk - c:\programmi\ASUS\Asus ChkMail\ChkMail.exe [2005-12-20 32768]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2006-2-17 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-05-31 20:46 110592 ----a-w- c:\programmi\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\MSMSGS.EXE"=
"c:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R0 R592;R592;c:\windows\system32\drivers\R592.sys [15/10/2004 19.26.00 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risdpntk.sys [15/10/2004 19.26.00 27264]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [27/01/2006 16.32.08 5824]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [20/12/2005 2.41.34 720438]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [20/12/2005 2.41.34 8246]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{40BFD81A-C514-4218-A560-FA485A6AA9AE} - c:\windows\system32\geBqOggf.dll
HKLM-Run-Zshutdown - c:\sysprep\patch\sysprep.cmd
HKLM-Run-DSLSTATEXE - c:\program files\Hamlet\Adsl\dslstat.exe
HKLM-Run-DSLAGENTEXE - c:\program files\Hamlet\Adsl\dslagent.exe
Notify-WgaLogon - (no file)
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} -
hxxp://mondoconvenienza3dvp.2020.net/Co ... _Win32.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-05 14:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
c:\programmi\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(696)
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\10\1040\OWCI10.DLL
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\11\1040\OWCI11.DLL
c:\windows\system32\shdoclc.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\programmi\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\programmi\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\ATKKBSERVICE.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\programmi\ESET\NOD32KRN.EXE
c:\programmi\INTEL\WIRELESS\BIN\OPROTSVC.EXE
c:\programmi\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\programmi\ASUS\NB PROBE\SPM\SPMGR.EXE
c:\programmi\INTEL\WIRELESS\BIN\1XCONFIG.EXE
c:\programmi\NOKIA\NOKIA PC SUITE 6\LAUNCH~1.EXE
c:\programmi\FILE COMUNI\PCSUITE\SERVICES\SERVICELAYER.EXE
c:\programmi\FILE COMUNI\NOKIA\MPAPI\MPAPI3S.EXE
c:\windows\ATK0100\ATKOSD.EXE
.
**************************************************************************
.
Ora fine scansione: 2009-08-05 14.12.27 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-05 12:12
Pre-Run: 30.227.726.336 byte disponibili
Post-Run: 31.208.865.792 byte disponibili
170 --- E O F --- 2009-07-29 12:41