ComboFix 08-12-16.03 - Carlo Trimarchi 2008-12-17 18.22.44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1023.426 [GMT 1:00]
Eseguito da: e:\documents and settings\Carlo Trimarchi\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Carlo Trimarchi\Dati applicazioni\gadcom
e:\documents and settings\Carlo Trimarchi\Impostazioni locali\Temporary Internet Files\fbk.sts
.
((((((((((((((((((((((((( Files Creati Da 2008-11-17 al 2008-12-17 )))))))))))))))))))))))))))))))))))
.
2008-12-17 17:09 . 2008-12-17 17:09 97,928 --a------ e:\windows\system32\drivers\avgldx86.sys
2008-12-17 17:09 . 2008-12-17 17:09 10,520 --a------ e:\windows\system32\avgrsstx.dll
2008-12-17 17:08 . 2008-12-17 17:10 <DIR> d-------- e:\windows\system32\drivers\Avg
2008-12-17 17:08 . 2008-12-17 17:08 <DIR> d-------- e:\programmi\AVG
2008-12-17 17:08 . 2008-12-17 17:08 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\avg8
2008-12-17 16:36 . 2008-12-17 16:36 <DIR> d-------- e:\programmi\Trend Micro
2008-12-17 16:30 . 2008-12-17 16:30 44 --a------ e:\windows\system32\Partizan.RRI
2008-12-17 16:26 . 2008-12-17 16:26 126,976 --a------ E:\zip.exe
2008-12-17 16:26 . 2008-12-17 16:26 60,416 --a------ e:\windows\system32\drivers\fhrnawam.sys
2008-12-17 16:26 . 2008-12-17 16:26 1,080 --a------ E:\uyjqxncw.bat
2008-12-17 15:47 . 2008-12-17 16:28 25,773 --a------ e:\windows\system32\drivers\regguard.sys
2008-12-17 15:47 . 2008-12-17 15:47 (2) -rahs-ot- e:\windows\winstart.bat
2008-12-17 15:44 . 2008-12-17 15:44 <DIR> d-------- e:\programmi\Greatis
2008-12-17 14:09 . 2008-12-17 14:10 <DIR> d-------- e:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-17 13:43 . 2008-12-17 13:43 <DIR> d-------- e:\documents and settings\Carlo Trimarchi\Dati applicazioni\Uniblue
2008-12-14 20:32 . 2008-07-26 23:56 210,432 --a------ e:\windows\system32\ifsdrives.dll
2008-12-14 20:32 . 2008-09-25 17:35 181,120 --a------ e:\windows\system32\drivers\ext2fs.sys
2008-12-14 20:32 . 2007-12-16 18:27 74,752 --a------ e:\windows\system32\ifsdrives.cpl
2008-12-14 20:32 . 2008-08-28 22:45 51,072 --a------ e:\windows\system32\drivers\ifsmount.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 17:00 --------- d-----w e:\documents and settings\Carlo Trimarchi\Dati applicazioni\OpenOffice.org2
2008-12-17 16:21 --------- d-----w e:\documents and settings\Carlo Trimarchi\Dati applicazioni\.purple
2008-12-17 13:09 --------- d-----w e:\programmi\Lavasoft
2008-12-17 13:08 --------- d-----w e:\programmi\File comuni\Wise Installation Wizard
2008-12-17 13:08 --------- d-----w e:\documents and settings\Carlo Trimarchi\Dati applicazioni\Lavasoft
2008-12-17 12:27 --------- d-----w e:\programmi\PSPad editor
2008-12-17 12:26 --------- d-----w e:\programmi\Mozilla Thunderbird
2008-12-17 12:24 --------- d-----w e:\programmi\Juice
2008-12-17 12:21 --------- d-----w e:\programmi\Java
2008-12-17 12:15 --------- d-----w e:\programmi\ICQLite
2008-12-17 12:14 --------- d-----w e:\programmi\FeedReader30
2008-12-17 12:11 --------- d-----w e:\programmi\Band in a Box
2008-12-17 12:09 --------- d-----w e:\programmi\amsn
2008-12-16 21:47 --------- d-----w e:\documents and settings\Carlo Trimarchi\Dati applicazioni\gtk-2.0
2008-12-16 18:37 --------- d-----w e:\programmi\eMule
2008-12-16 10:26 --------- d-----w e:\documents and settings\Carlo Trimarchi\Dati applicazioni\uTorrent
2008-12-14 19:01 --------- d-----w e:\programmi\CDisplay
2008-11-08 08:51 --------- d-----w e:\programmi\Notepad++
2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w e:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w e:\windows\system32\wups.dll
2006-05-06 16:42 7,260,160 ----a-w e:\programmi\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle"="e:\programmi\Customizer XP\RAM_2K.exe" [2002-09-05 95232]
"snpstd"="e:\windows\vsnpstd.exe" [2003-12-31 40960]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-17 1261336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\mIRC\\mirc.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"e:\\Programmi\\Soulseek\\slsk.exe"=
"e:\\giochi\\nestc042\\NESTCL95.EXE"=
"e:\\giochi\\DOSBox-0.63\\dosbox.exe"=
"e:\\Programmi\\Media Player Classic\\mplayerc.exe"=
"e:\\Programmi\\stickies\\stickies.exe"=
"e:\\Programmi\\iTunes\\iTunes.exe"=
"e:\\Documents and Settings\\Carlo Trimarchi\\Desktop\\utorrent.exe"=
"e:\\Programmi\\Messenger\\msmsgs.exe"=
"e:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"e:\\Programmi\\MSN Messenger\\livecall.exe"=
"e:\\Documents and Settings\\Carlo Trimarchi\\Desktop\\audicle-1.0.0.6\\audicle-1.0.0.6\\bin\\win32\\audicle.exe"=
"e:\\WINDOWS\\system32\\chuck.exe"=
"e:\\Programmi\\Skype\\Phone\\Skype.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\Drivers\avgldx86.sys [2008-12-17 97928]
R1 Ext2fs;Ext2fs;e:\windows\system32\DRIVERS\ext2fs.sys [2008-12-14 181120]
R1 IfsMount;IfsMount;e:\windows\system32\DRIVERS\ifsmount.sys [2008-12-14 51072]
R1 kbfilter;Keyboard Filter Driver;e:\windows\system32\drivers\kbfilter.sys [2005-10-06 11776]
R2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-17 231704]
S0 Partizan;Partizan;e:\windows\system32\drivers\Partizan.sys []
S3 Aehededevdei;Aehededevdei; []
S3 RegGuard;RegGuard;\??\e:\windows\system32\Drivers\regguard.sys [2008-12-17 25773]
S3 Rerialdsddms;Rerialdsddms;e:\windows\system32\drivers\ndistapi.sys [2004-08-19 9600]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4af57c0-e963-11d9-9402-00112f411aa2}]
\Shell\AutoRun\command - h:\autoplay\AutoRun.exe
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - e:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
.
------- Supplementare di scansione -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;local.,
O16 -: Microsoft XML Parser for Java -
file://e:\windows\Java\classes\xmldso.cab
e:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
e:\windows\Downloaded Program Files\wavetab.ocx - O16 -: {0EC4C9E3-EC6A-11CF-8E3B-444553540000}
file://g:\setup\RiffLick.cab
e:\windows\Downloaded Program Files\RiffLick.inf
FF - ProfilePath - e:\documents and settings\Carlo Trimarchi\Dati applicazioni\Mozilla\Firefox\Profiles\2grhaudt.default\
FF - prefs.js: browser.search.selectedEngine - De Mauro
FF - plugin: e:\programmi\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: e:\programmi\Mozilla Firefox\plugins\npvlc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-17 18:27:15
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-12-17 18.29.00
ComboFix-quarantined-files.txt 2008-12-17 17:28:32
Pre-Run: 31.745.675.264 byte disponibili
Post-Run: 33,228,914,688 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
152