ComboFix 09-10-30.01 - Randall_Flag 02/11/2009 22.09.49.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1695 [GMT 1:00]
Eseguito da: c:\documents and settings\Randall_Flag\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-10-02 al 2009-11-02 )))))))))))))))))))))))))))))))))))
.
2019-08-12 09:29 . 2019-08-12 09:28 298104 ----a-w- c:\windows\system32\imon.dll
2019-08-12 09:29 . 2019-08-12 09:28 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2019-08-12 09:29 . 2019-08-12 09:28 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-10-26 22:55 . 2009-10-26 22:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 17:13 . 2009-10-23 11:04 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-10-22 17:13 . 2009-10-22 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-10-22 17:13 . 2009-10-22 17:13 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-10-09 11:45 . 2009-11-02 15:36 -------- d-----w- c:\documents and settings\Randall_Flag\Dati applicazioni\vlc
2009-10-05 10:32 . 2009-10-05 18:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-08-12 08:55 . 2008-07-30 22:31 -------- d-----w- c:\programmi\Kaspersky Anti-Virus 2009
2009-10-27 11:51 . 2001-08-31 10:00 75610 ----a-w- c:\windows\system32\perfc010.dat
2009-10-27 11:51 . 2001-08-31 10:00 450240 ----a-w- c:\windows\system32\perfh010.dat
2009-10-27 11:48 . 2008-09-04 10:59 -------- d-----w- c:\documents and settings\Randall_Flag\Dati applicazioni\Skype
2009-10-21 23:06 . 2008-03-22 13:28 -------- d-----w- c:\programmi\APC PowerChute Personal Edition
2009-10-20 17:28 . 2008-03-10 17:35 -------- d-----w- c:\programmi\eMule
2009-10-07 19:52 . 2008-09-04 11:01 -------- d-----w- c:\documents and settings\Randall_Flag\Dati applicazioni\skypePM
.
------- Sigcheck -------
[-] 2008-04-13 . 1E97FA2B7F2FB1E9DECA897A8B8AFAFE . 101376 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-13 . 1E97FA2B7F2FB1E9DECA897A8B8AFAFE . 101376 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
[7] 2004-08-19 . 197FB5735293C1DE647B02BBD8121A9F . 111616 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2008-04-13 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-13 . 3D46C53CA961C49272037F98807537BD . 978432 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_18.17.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 11:04 . 2009-09-02 21:47 235034 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1040.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"NVIDIA nTune"="c:\programmi\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Google Update"="c:\documents and settings\Randall_Flag\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\System32\JMRaidSetup.exe" [2006-10-30 1953792]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2019-08-12 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Randall_Flag\Menu Avvio\Programmi\Esecuzione automatica\
RocketDock.lnk - c:\programmi\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\programmi\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\programmi\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\programmi\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-19 113664]
APC UPS Status.lnk - c:\programmi\APC PowerChute Personal Edition\Display.exe [2008-3-22 221247]
Collegamento a RealTemp.exe.lnk - c:\documents and settings\Randall_Flag\Desktop\OverClock Tools\RealTemp_2.70\RealTemp.exe [2008-10-12 110592]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\Quake Wars\\etqw.exe"=
"c:\\Games\\Quake Wars\\etqwded.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/07/2008 0.06.33 28544]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [12/08/2019 10.29.47 15424]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/09/2009 22.06.17 54752]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [27/01/2009 20.22.42 178913]
S3 WinRing0_1_1_1;WinRing0_1_1_1;c:\documents and settings\Randall_Flag\Desktop\OverClock Tools\RealTemp_2.70\WinRing0.sys [12/10/2008 11.58.12 13904]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - CLASSPNP_2
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-725345543-839522115-1003Core.job
- c:\documents and settings\Randall_Flag\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 07:17]
2009-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-725345543-839522115-1003UA.job
- c:\documents and settings\Randall_Flag\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 07:17]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/LSP: c:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Randall_Flag\Dati applicazioni\Mozilla\Firefox\Profiles\m71n9hrx.default\
FF - prefs.js: browser.startup.homepage - google.it
FF - plugin: c:\documents and settings\Randall_Flag\Dati applicazioni\Mozilla\Firefox\Profiles\m71n9hrx.default\extensions\StreamingPlugin@conviva.com\platform\WINNT_x86-msvc\plugins\npconviva.4.dll
FF - plugin: c:\documents and settings\Randall_Flag\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-02 22:13
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(348)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Ora fine scansione: 2009-11-02 22.15.22
ComboFix-quarantined-files.txt 2009-11-02 21:15
ComboFix2.txt 2009-10-31 18:18
ComboFix3.txt 2008-12-31 00:36
Pre-Run: 28.239.855.616 byte disponibili
Post-Run: 28.209.225.728 byte disponibili
- - End Of File - - 2F27C1A6ADFF49EB5F976F993CDBDE6E