ComboFix 08-06-03.1 - Salvatore 2008-06-04 14.29.38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.528 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Salvatore\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Salvatore\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\
003022_.tmp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jkkHXqnO.dll
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\
003022_.tmp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\6141\28008.dll
C:\WINDOWS\system32\attfd42.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\win32t4.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((( Files Creati Da 2008-05-04 al 2008-06-04 )))))))))))))))))))))))))))))))))))
.
2008-06-04 10:37 . 2008-06-04 14:31 <DIR> d-------- C:\WINDOWS\system32\6141
2008-06-04 10:05 . 2008-06-04 10:05 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-06-04 07:19 . 2008-06-04 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-06-04 06:52 . 2008-06-04 08:13 <DIR> d-------- C:\WINDOWS\system32\2830
2008-06-02 22:44 . 2008-06-02 22:48 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\uTorrent
2008-06-02 22:43 . 2008-06-02 22:44 <DIR> d-------- C:\Programmi\uTorrent
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2008-06-02 22:43 . 2008-06-02 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion
2008-06-02 22:23 . 2008-06-02 22:23 <DIR> d-------- C:\Programmi\Yahoo!
2008-06-01 07:52 . 2008-06-01 07:52 <DIR> d-------- C:\Programmi\Fox
2008-05-23 16:30 . 2007-09-17 13:08 22,486 -rahs---- C:\WINDOWS\unins000.ico
2008-05-18 08:59 . 2008-05-23 15:43 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-05-16 10:01 . 2008-05-16 10:01 <DIR> d-------- C:\Documents and Settings\Salvatore\Dati applicazioni\Sierra Entertainment
2008-05-15 22:45 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-15 22:45 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-15 22:45 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-15 22:45 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-15 14:40 . 2008-05-16 06:06 <DIR> d-------- C:\Programmi\Google
2008-05-11 12:53 . 2008-05-23 15:51 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-05-09 22:58 . 2008-05-09 22:58 <DIR> d-------- C:\Programmi\CCleaner
2008-05-07 21:30 . 2008-05-07 21:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 19:09 . 2008-05-07 21:22 <DIR> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 12:33 --------- d-----w C:\Documents and Settings\LocalService\Dati applicazioni\VMware
2008-06-04 12:33 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VMware
2008-06-04 08:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-06-04 08:01 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-06-03 16:55 --------- d-----w C:\Programmi\eMule
2008-06-02 20:46 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Azureus
2008-06-02 15:36 --------- d-----w C:\Programmi\PopCap Games
2008-06-02 05:15 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-31 05:25 --------- d-----w C:\Programmi\DivX
2008-05-25 21:10 --------- d-----w C:\Programmi\TuneUp Utilities 2008
2008-05-15 01:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-13 12:22 --------- d-----w C:\Programmi\Alawar
2008-05-12 14:11 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-11 05:47 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Winamp
2008-05-02 05:41 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\dvdcss
2008-05-01 09:52 --------- d-----w C:\Programmi\Microsoft Games
2008-04-29 19:10 --------- d-----w C:\Programmi\Azureus
2008-04-25 14:29 --------- d-----w C:\Programmi\Sierra On-Line
2008-04-19 06:24 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-04-18 11:58 --------- d-----w C:\Programmi\Winamp
2008-04-17 05:51 --------- d-----w C:\Programmi\BoontyGames
2008-04-17 05:49 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-04-17 05:49 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-04-17 05:49 --------- d-----w C:\Programmi\File comuni\Macrovision Shared
2008-04-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Macrovision
2008-04-16 10:02 --------- d-----w C:\Programmi\Opera
2008-04-15 06:57 --------- d-----w C:\Programmi\Bud Redhead
2008-04-14 21:24 --------- d-----w C:\Programmi\Auslogics
2008-04-14 21:24 --------- d-----w C:\Documents and Settings\Salvatore\Dati applicazioni\Auslogics
2008-04-13 17:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-13 16:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 16:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 16:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 16:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 16:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 16:54 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:53 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-13 16:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 16:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 16:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 16:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:51 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:50 25,728 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 16:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 16:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:49 273,664 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 16:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 16:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 16:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 16:48 327,168 ----a-w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 16:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 09:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 09:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 09:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 09:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 09:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 09:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-04_ 9.16.10.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 07:08:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 12:33:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-04 06:15:44 62,222 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-04 07:13:28 62,222 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-04 06:15:44 83,156 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-06-04 07:13:28 83,156 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-06-04 06:15:44 403,728 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-04 07:13:28 403,728 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-04 06:15:44 473,440 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-04 07:13:29 473,440 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-06-04 12:33:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:14 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 07:59 878080]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-03-19 20:16 949376]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-12 23:48 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:14]
R3 Ltn_stk7070P;PCTV based TV tuner device;C:\WINDOWS\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
R3 Ltn_stkrc;PCTV Infrared Receiver;C:\WINDOWS\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]
S2 netpker;netpker;C:\WINDOWS\svchost.exe []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-01 23:55]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1039b716-e04d-11dc-9bad-0090d0d21e99}]
\Shell\AutoRun\command - K:\mystv.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c68b7c2-feee-11dc-ae23-0090d0d21e99}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-04 12:16:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-04 14:33:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\ESET\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\File comuni\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmi\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-04 14:41:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 12:41:16
ComboFix2.txt 2008-06-04 07:16:24
12 Directory 220,606,033,920 byte disponibili
17 Directory 220,603,310,080 byte disponibili
264 --- E O F --- 2008-05-23 13:52:00