ComboFix 09-10-27.08 - SYSTEM 08/11/2009 14.35.55.1.1 - NTFSx86
Eseguito da: e:\megalabtool\pippofix.exe
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500\desktop.ini
c:\$recycle.bin\S-1-5-21-4105166915-2146838397-3762033360-500
c:\$recycle.bin\S-1-5-21-4105166915-2146838397-3762033360-500\desktop.ini
c:\$recycle.bin\S-1-5-21-682752827-1976615663-3100863267-500
c:\$recycle.bin\S-1-5-21-682752827-1976615663-3100863267-500\desktop.ini
c:\program files\internetgamebox
c:\windows\system32\nvs2.inf
.
((((((((((((((((((((((((( Files Creati Da 2009-10-08 al 2009-11-08 )))))))))))))))))))))))))))))))))))
.
2009-11-08 13:38 . 2009-11-08 13:38 -------- d-----w- c:\users\TEMP(19)\AppData\Local\temp
2009-11-08 13:38 . 2009-11-08 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-08 13:38 . 2009-11-08 13:38 -------- d-----w- c:\users\camilla\AppData\Local\temp
2009-11-08 13:35 . 2009-11-08 13:36 -------- d-----w- C:\32788R22FWJFW
2009-11-08 13:32 . 2009-11-08 13:32 -------- d-----w- C:\pippofix32142p
2009-11-08 13:31 . 2009-11-08 13:31 -------- d-----w- C:\pippofix25649p
2009-11-08 13:30 . 2009-11-08 13:30 -------- d-----w- C:\pippofix
2009-11-07 19:08 . 2009-11-07 19:08 -------- d-----w- c:\programdata\is-I69Q4
2009-11-07 19:07 . 2009-11-08 13:39 590176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-07 19:07 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\92406914.sys
2009-11-06 10:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-06 10:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-06 10:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-06 10:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-06 10:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-06 10:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-06 10:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-06 10:22 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-06 10:22 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-04 19:52 . 2009-11-04 19:52 -------- d-----w- c:\windows\Sun
2009-11-03 21:27 . 2008-02-28 11:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2009-11-03 09:55 . 2009-10-20 17:08 3510552 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 09:55 . 2009-10-20 17:08 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
2009-10-31 08:11 . 2009-10-31 08:11 -------- d-----w- c:\windows\CheckSur
2009-10-29 17:43 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-29 17:42 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-29 17:41 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-29 17:41 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-23 18:39 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-23 18:39 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-10-23 18:39 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-23 18:39 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-23 18:39 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-23 18:39 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-23 18:38 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-23 18:38 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-23 18:31 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-23 18:31 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-23 18:31 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-23 18:31 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-23 18:30 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-23 18:30 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2009-10-23 16:39 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-23 16:39 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-10-23 16:39 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-23 16:39 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-23 16:18 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-23 16:17 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-10-23 16:17 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-10-23 16:17 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-10-23 16:17 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-10-23 16:17 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-10-21 23:34 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 20:27 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 19:08 . 2009-11-07 19:07 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-04 13:24 . 2009-08-03 19:38 -------- d-----w- c:\programdata\avg8
2009-11-03 21:55 . 2006-12-21 12:32 -------- d-----w- c:\program files\InterVideo
2009-11-03 21:55 . 2006-12-21 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 21:30 . 2008-04-18 19:12 -------- d-----w- c:\program files\Common Files\Nero
2009-11-03 21:30 . 2008-04-18 19:12 -------- d-----w- c:\programdata\Nero
2009-11-03 09:59 . 2006-11-06 01:45 682422 ----a-w- c:\windows\system32\perfh010.dat
2009-11-03 09:59 . 2006-11-06 01:45 114828 ----a-w- c:\windows\system32\perfc010.dat
2009-10-29 18:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-27 14:02 . 2009-10-23 18:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-10-23 18:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-23 18:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-23 18:33 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-23 18:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-23 18:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-14 17:16 . 2009-10-23 18:43 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-10-23 18:43 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-10-23 18:43 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-10-23 18:43 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-10-23 18:43 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-10-23 18:43 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-10-23 18:43 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-10-23 18:43 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-10-23 18:43 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-10-23 18:43 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:25 . 2009-10-23 18:43 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:24 . 2009-10-23 18:43 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-10-23 18:43 22016 ----a-w- c:\windows\system32\netiougc.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-06-19 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-21 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-21 155648]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-01 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]
"PD0630 STISvc"="P0630Pin.dll" - c:\windows\System32\P0630Pin.dll [2005-06-05 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2005-06-06 91841]
S1 is-I69Q4drv;is-I69Q4drv;c:\windows\system32\DRIVERS\92406914.sys [2008-07-08 148496]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - IS-I69Q4DRV
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-08 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
.
------- Scansione supplementare -------
.
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} -
http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?IT.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-08 14:41
Windows 6.0.6000 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2009-11-08 14.45.31
ComboFix-quarantined-files.txt 2009-11-08 13:45
Pre-Run: 31.081.910.272 byte disponibili
Post-Run: 32.125.652.992 byte disponibili
- - End Of File - - 124BEF0D135EBC69BD5437D28C6258AF