ComboFix 10-05-13.01 - Administrator 13/05/2010 19.56.35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1719 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\eMule\lang\ar_AE.dll
c:\programmi\eMule\lang\ba_BA.dll
c:\programmi\eMule\lang\bg_BG.dll
c:\programmi\eMule\lang\ca_ES.dll
c:\programmi\eMule\lang\cz_CZ.dll
c:\programmi\eMule\lang\da_DK.dll
c:\programmi\eMule\lang\de_DE.dll
c:\programmi\eMule\lang\el_GR.dll
c:\programmi\eMule\lang\es_AS.dll
c:\programmi\eMule\lang\es_ES_T.dll
c:\programmi\eMule\lang\et_EE.dll
c:\programmi\eMule\lang\fa_IR.dll
c:\programmi\eMule\lang\fi_FI.dll
c:\programmi\eMule\lang\fr_BR.dll
c:\programmi\eMule\lang\fr_FR.dll
c:\programmi\eMule\lang\gl_ES.dll
c:\programmi\eMule\lang\he_IL.dll
c:\programmi\eMule\lang\hu_HU.dll
c:\programmi\eMule\lang\it_IT.dll
c:\programmi\eMule\lang\jp_JP.dll
c:\programmi\eMule\lang\ko_KR.dll
c:\programmi\eMule\lang\lt_LT.dll
c:\programmi\eMule\lang\lv_LV.dll
c:\programmi\eMule\lang\mt_MT.dll
c:\programmi\eMule\lang\nb_NO.dll
c:\programmi\eMule\lang\nl_NL.dll
c:\programmi\eMule\lang\nn_NO.dll
c:\programmi\eMule\lang\pl_PL.dll
c:\programmi\eMule\lang\pt_BR.dll
c:\programmi\eMule\lang\pt_PT.dll
c:\programmi\eMule\lang\ro_RO.dll
c:\programmi\eMule\lang\ru_RU.dll
c:\programmi\eMule\lang\sl_SI.dll
c:\programmi\eMule\lang\sq_AL.dll
c:\programmi\eMule\lang\sv_SE.dll
c:\programmi\eMule\lang\tr_TR.dll
c:\programmi\eMule\lang\ua_UA.dll
c:\programmi\eMule\lang\ug_CN.dll
c:\programmi\eMule\lang\va_ES.dll
c:\programmi\eMule\lang\va_ES_RACV.dll
c:\programmi\eMule\lang\vi_VN.dll
c:\programmi\eMule\lang\zh_CN.dll
c:\programmi\eMule\lang\zh_TW.dll
c:\windows\system32\mswmpdat.tlb
.
((((((((((((((((((((((((( Files Creati Da 2010-04-13 al 2010-05-13 )))))))))))))))))))))))))))))))))))
.
2010-05-13 17:36 . 2010-05-13 17:36 1704 ----a-w- C:\FindyKill_Upload_Me_PC-X.zip
2010-05-13 17:26 . 2010-05-13 17:38 -------- d-----w- C:\FyK
2010-05-13 14:35 . 2010-05-13 14:35 -------- d-----w- c:\programmi\CCleaner
2010-05-11 20:17 . 2010-05-11 20:17 2157 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-05-11 20:16 . 2010-05-11 20:16 2095 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\.purple\certificates\x509\tls_peers\login.live.com
2010-05-06 18:58 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 21:12 . 2010-04-16 21:12 2145 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 17:42 . 2001-08-31 17:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2010-05-13 17:42 . 2001-08-31 17:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2010-05-13 17:32 . 2009-12-17 21:12 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-05-12 14:28 . 2009-04-27 11:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-11 21:46 . 2009-05-01 16:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\.purple
2010-05-11 16:30 . 2009-11-02 13:34 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-05-06 18:58 . 2009-05-13 17:09 -------- d-----w- c:\programmi\Java
2010-04-26 22:28 . 2009-05-01 10:01 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-04-26 22:27 . 2009-05-01 10:05 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-04-16 18:19 . 2009-09-04 15:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Hamachi
2010-04-07 22:15 . 2009-04-27 11:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-07 22:12 . 2010-01-04 22:46 -------- d-----w- c:\programmi\Crayon Physics Deluxe
2010-04-07 21:55 . 2009-06-09 20:16 -------- d-----w- c:\programmi\Steam
2010-04-07 21:55 . 2010-04-07 21:55 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Ubisoft
2010-04-05 10:03 . 2009-05-06 12:47 -------- d-----w- c:\programmi\eMule
2010-04-01 22:46 . 2010-04-01 22:46 2165 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2010-03-30 20:09 . 2010-03-30 20:09 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e1bbc79-n\msvcp71.dll
2010-03-30 20:09 . 2010-03-30 20:09 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e1bbc79-n\jmc.dll
2010-03-30 20:09 . 2010-03-30 20:09 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e1bbc79-n\msvcr71.dll
2010-03-30 20:09 . 2010-03-30 20:09 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ede646c-n\decora-sse.dll
2010-03-30 20:09 . 2010-03-30 20:09 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2ede646c-n\decora-d3d.dll
2010-03-30 20:09 . 2010-03-30 20:09 -------- d-----w- c:\programmi\File comuni\Java
2010-03-11 12:30 . 2008-03-01 12:58 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2008-05-08 00:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2008-05-08 00:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-13 17:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-13 10:17 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 18:07 . 2009-04-29 12:34 75408 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-17 12:05 . 2008-05-08 00:48 2193664 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2008-04-13 16:55 2070528 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
------- Sigcheck -------
[-] 2008-05-08 . 56F7866726C75C66167714D61CE84344 . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-05-08 . 94A1A243EF6861D230F31C86CDFDE756 . 486912 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-08 . 12F0333CC7253C3C8FB1DB2DA4E24C95 . 1504256 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-08 . CB4D4167C8F11342F5A1684BDD6B7B16 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-05-08 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\System32\wscntfy.exe ... è mancante !!
c:\windows\System32\regsvc.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2010-05-13 209153]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-08 40448]
"LClock"="c:\windows\Resources\VistaStyle\LClock\LClock.exe" [2008-05-08 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-03-11 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^TrayMin315.exe.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\TrayMin315.exe.lnk
backup=c:\windows\pss\TrayMin315.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2004-06-09 13:37 40960 ----a-w- c:\windows\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 09:01 57344 ----a-w- c:\programmi\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [09/12/2009 1.28.45 53088]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/07/2009 0.07.30 721904]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [27/04/2009 14.07.40 108289]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [07/09/2009 23.33.01 23512]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\EUJ2D.tmp
c:\docume~1\ADMINI~1\IMPOST~1\Temp\EUJ2D.tmp
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-20 21:18]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://google.mini20.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {33A6EB94-9A44-4A27-B619-11967E66EDB6} = 192.168.1.1
TCP: {62C8C5A7-4CAE-4ED8-B1CA-D6365BAEBDD9} = 85.37.17.16
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\vq0wcmfe.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
HKLM-Run-SmcService - c:\progra~1\Sygate\SPF\smc.exe
SSODL-UpdateCheck-{79C97C5E-2628-44BE-AF32-9BE3C006E865} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-13 19:59
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\EUJ2D.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\SETUPAPI.dll
.
Ora fine scansione: 2010-05-13 20:00:30
ComboFix-quarantined-files.txt 2010-05-13 18:00
Pre-Run: 25.338.417.152 byte disponibili
Post-Run: 25.334.550.528 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 79DAABF007E1793A23AA2D82A847D9D2