Questo è il report di combo
grazie
ComboFix 08-06-10.5 - Rosalia 2008-06-12 17.13.30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.158 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rosalia\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\xacmoyaf.dat
C:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\xacmoyaf.exe
c:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\xacmoyaf_nav.dat
c:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\xacmoyaf_navfx.dat
c:\Documents and Settings\Rosalia\Impostazioni locali\Dati applicazioni\xacmoyaf_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-05-12 al 2008-06-12 )))))))))))))))))))))))))))))))))))
.
2008-06-12 08:45 . 2008-04-17 21:13 811,008 --a------ C:\gmer.exe
2008-06-12 08:44 . 2008-06-12 08:46 250 --a------ C:\WINDOWS\gmer.ini
2008-06-12 04:46 . 2008-06-12 06:55 <DIR> d-------- C:\Programmi\Panda Security
2008-06-11 19:05 . 2008-04-14 17:51 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:05 . 2008-04-14 17:51 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:13 . 2004-08-31 14:10 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-10 19:13 . 2004-08-31 10:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-10 19:13 . 2007-02-24 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-10 19:13 . 2004-08-31 08:58 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-06-10 19:13 . 2004-08-31 08:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-10 19:13 . 2004-08-31 10:23 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-10 19:13 . 2008-06-12 17:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-10 19:13 . 2004-08-31 08:58 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-06-10 19:13 . 2004-08-31 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\toshiba
2008-06-10 19:13 . 2004-09-01 06:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-06-10 19:13 . 2004-09-01 07:51 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AdobeUM
2008-06-10 19:13 . 2004-09-01 07:51 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-10 19:13 . 2008-06-10 19:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-10 06:35 . 2008-06-12 04:54 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-10 06:00 . 2008-06-10 06:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-10 06:00 . 2008-06-10 06:00 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-10 06:00 . 2008-06-10 06:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-10 05:59 . 2008-06-12 06:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-10 05:59 . 2008-06-10 05:59 <DIR> d-------- C:\Programmi\AVG
2008-06-10 05:59 . 2008-06-11 00:25 <DIR> d-------- C:\Documents and Settings\Rosalia\Dati applicazioni\AVGTOOLBAR
2008-06-10 05:59 . 2008-06-10 05:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-06-10 05:34 . 2008-06-10 05:34 27 --a------ C:\WINDOWS\Pcan.ini
2008-06-07 22:02 . 2008-06-07 22:02 <DIR> d-------- C:\Documents and Settings\Rosalia\Dati applicazioni\TVU Networks
2008-06-07 22:02 . 2008-06-07 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TVU Networks
2008-06-07 22:01 . 2008-06-10 06:28 <DIR> d-------- C:\Documents and Settings\Rosalia\LocalLow
2008-06-06 02:31 . 2008-06-06 02:31 <DIR> d-------- C:\Documents and Settings\Rosalia\Dati applicazioni\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 06:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-10 04:35 --------- d-----w C:\Programmi\Toshiba Connect
2008-06-10 03:49 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\Prism
2008-06-08 18:04 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\Skype
2008-06-08 17:58 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\skypePM
2008-06-08 01:26 --------- d-----w C:\Programmi\eMule
2008-05-27 18:14 --------- d-----w C:\Programmi\PCAN
2008-05-27 18:13 --------- d-----w C:\Programmi\Eppendorf
2008-05-25 07:24 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\U3
2008-05-20 00:30 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 16:13 --------- d-----w C:\Programmi\Google
2008-04-28 00:55 --------- d-----w C:\Programmi\Free Offers from Freeze.com
2008-04-28 00:00 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\Samsung
2008-04-27 23:39 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-12 15:52 --------- d-----w C:\Documents and Settings\Rosalia\Dati applicazioni\toshiba
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 22:54 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-19 20:29 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-22 09:27 92,064 ----a-w C:\Documents and Settings\Rosalia\mqdmmdm.sys
2007-09-22 09:27 9,232 ----a-w C:\Documents and Settings\Rosalia\mqdmmdfl.sys
2007-09-22 09:27 79,328 ----a-w C:\Documents and Settings\Rosalia\mqdmserd.sys
2007-09-22 09:27 66,656 ----a-w C:\Documents and Settings\Rosalia\mqdmbus.sys
2007-09-22 09:27 6,208 ----a-w C:\Documents and Settings\Rosalia\mqdmcmnt.sys
2007-09-22 09:27 5,936 ----a-w C:\Documents and Settings\Rosalia\mqdmwhnt.sys
2007-09-22 09:27 4,048 ----a-w C:\Documents and Settings\Rosalia\mqdmcr.sys
2007-09-22 09:27 25,600 ----a-w C:\Documents and Settings\Rosalia\usbsermptxp.sys
2007-09-22 09:27 22,768 ----a-w C:\Documents and Settings\Rosalia\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 12:00 15360]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:23 65536]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 21:10 335872]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-04-23 01:23 98304]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-04-23 01:23 507904]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 00:00 88363 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 16:08 430080]
"TPSMain"="TPSMain.exe" [2004-08-12 13:44 266240 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-30 12:01 118784]
"PadTouch"="C:\Programmi\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 11:45 1019904]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-03-02 16:24 257088]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 17:14 344064]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-02-19 04:12 185896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-10 05:59 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 12:00 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-02-24 20:24:39 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-04-14 23:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-10 06:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-10 05:59]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-10 05:59]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-10 06:00]
R2 Peakcan;Peakcan;C:\WINDOWS\system32\drivers\Peakcan.sys [2004-01-21 02:41]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 19:29]
*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2007-11-16 13:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-12 17:17:46
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\InterBaseServer]
"ImagePath"="C:\Programmi\Firebird\bin\ibserver -s"
.
Ora fine scansione: 2008-06-12 17.20.41
ComboFix-quarantined-files.txt 2008-06-12 15:20:31
10 Directory 7,328,555,008 byte disponibili
15 Directory 7,316,783,104 byte disponibili
160 --- E O F --- 2008-06-11 19:43:29