eccolo
ComboFix 08-12-09.03 - user 2008-12-12 10.17.55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.123 [GMT 1:00]
Eseguito da: i:\documents and settings\user\Desktop\Nuova cartella\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
i:\windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-11-12 al 2008-12-12 )))))))))))))))))))))))))))))))))))
.
2008-12-12 09:37 . 2008-12-12 09:37 <DIR> d-------- i:\programmi\CCleaner
2008-12-11 16:10 . 2008-12-11 16:10 410,984 --a------ i:\windows\system32\deploytk.dll
2008-12-02 18:47 . 2008-12-02 18:47 <DIR> d-------- i:\programmi\Rocket Division Software
2008-12-02 18:47 . 2008-12-02 18:47 717,296 --a------ i:\windows\system32\drivers\sptd.sys
2008-12-01 17:52 . 2008-12-01 17:52 103,360 --a------ i:\windows\system32\drivers\AnyDVD.sys
2008-11-30 21:57 . 2008-11-30 21:57 <DIR> d-------- i:\documents and settings\user\Dati applicazioni\vlc
2008-11-26 17:03 . 2008-11-26 17:03 <DIR> d-------- i:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2008-11-25 22:01 . 2008-11-25 22:01 22,368 --a------ i:\documents and settings\user\tcnaxsti.exe
2008-11-25 20:45 . 2008-11-25 20:45 22,368 --a------ i:\documents and settings\user\langwyhu.exe
2008-11-25 15:49 . 2008-11-25 15:49 <DIR> d-------- i:\programmi\MSECache
2008-11-20 15:39 . 2008-04-14 04:13 21,504 --a------ i:\windows\system32\hidserv.dll
2008-11-20 15:39 . 2008-04-14 04:13 21,504 --a--c--- i:\windows\system32\dllcache\hidserv.dll
2008-11-20 15:39 . 2008-04-14 03:53 14,720 --a------ i:\windows\system32\drivers\kbdhid.sys
2008-11-20 15:39 . 2008-04-14 03:53 14,720 --a--c--- i:\windows\system32\dllcache\kbdhid.sys
2008-11-19 18:21 . 2008-11-19 18:21 93,128 --a------ i:\windows\system32\ElbyCDIO.dll
2008-11-15 20:11 . 2006-05-25 14:52 162,304 --a------ i:\windows\system32\ztvunrar36.dll
2008-11-15 20:11 . 2003-02-02 19:06 153,088 --a------ i:\windows\system32\unrar3.dll
2008-11-15 20:11 . 2005-08-26 00:50 77,312 --a------ i:\windows\system32\ztvunace26.dll
2008-11-15 20:11 . 2002-03-06 00:00 75,264 --a------ i:\windows\system32\unacev2.dll
2008-11-15 20:11 . 2006-06-19 12:01 69,632 --a------ i:\windows\system32\ztvcabinet.dll
2008-11-15 20:10 . 2008-11-26 17:03 <DIR> d-------- i:\documents and settings\user\Dati applicazioni\Simply Super Software
2008-11-14 18:01 . 2008-11-14 18:01 <DIR> d-------- i:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2008-11-13 08:36 . 2008-09-04 18:15 1,106,944 -----c--- i:\windows\system32\dllcache\msxml3.dll
2008-11-13 08:36 . 2008-10-24 12:21 455,296 -----c--- i:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 08:45 --------- d-----w i:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-12 08:22 --------- d-----w i:\programmi\eMule
2008-12-11 15:10 --------- d-----w i:\programmi\Java
2008-12-11 14:06 --------- d-----w i:\documents and settings\user\Dati applicazioni\dvdcss
2008-12-11 12:33 --------- d---a-w i:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-11 12:32 --------- d-----w i:\programmi\Trojan Remover
2008-12-09 08:36 --------- d-----w i:\programmi\TuneUp Utilities 2008
2008-12-04 19:26 --------- d-----w i:\programmi\File comuni\Adobe
2008-12-04 17:41 --------- d-----w i:\documents and settings\All Users\Dati applicazioni\SlySoft
2008-12-01 18:23 --------- d-----w i:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-12-01 17:03 --------- d-----w i:\documents and settings\user\Dati applicazioni\Babylon
2008-12-01 16:14 --------- d-----w i:\documents and settings\All Users\Dati applicazioni\Babylon
2008-11-12 12:53 --------- d-----w i:\programmi\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ----a-w i:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w i:\windows\system32\gdi32.dll
2008-10-22 06:48 --------- d-----w i:\programmi\Microsoft Silverlight
2008-10-16 20:04 826,368 ----a-w i:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w i:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w i:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w i:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w i:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w i:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w i:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w i:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w i:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w i:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w i:\windows\system32\muweb.dll
2008-10-12 16:44 --------- d-----w i:\programmi\Microsoft Games
2008-10-03 10:02 247,326 ----a-w i:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w i:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w i:\windows\system32\win32k.sys
2008-07-23 10:34 24,400 ----a-w i:\documents and settings\user\stqgxoux.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="i:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"CTFMON.EXE"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="i:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Creative Detector"="i:\programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]
"SkinClock"="i:\programmi\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-11 1739264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="i:\programmi\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"SMSTray"="i:\programmi\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"nod32kui"="i:\programmi\Eset\nod32kui.exe" [2008-03-14 949376]
"NBKeyScan"="i:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"NeroFilterCheck"="i:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Babylon Client"="i:\programmi\Babylon\Babylon-Pro\Babylon.exe" [2008-08-10 3563232]
"HP Software Update"="i:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TrojanScanner"="i:\programmi\Trojan Remover\Trjscan.exe" [2008-11-08 1233800]
"Adobe Reader Speed Launcher"="i:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 i:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-07-28 i:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 i:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
i:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - i:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
Avvio rapido HP Photosmart Premier.lnk - i:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
EPSON Status Monitor 3 Environment Check.lnk - i:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2007-07-19 131584]
HP Digital Imaging Monitor.lnk - i:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "i:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"= "i:\\Programmi\\PPStream\\PPStream.exe" "i:\\Programmi\\PPStream\\PPStream.exe
"i:\\Programmi\\eMule\\emule.exe"=
"i:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\WINDOWS\\system32\\muzapp.exe"=
"i:\\Programmi\\DNA\\btdna.exe"=
"i:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"i:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"i:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"i:\\Programmi\\Microsoft Games\\Age of Empires II\\crack AOE 2.exe"=
R0 viasraid;viasraid;i:\windows\system32\DRIVERS\viasraid.sys [2002-01-01 75904]
R1 nod32drv;nod32drv;i:\windows\system32\drivers\nod32drv.sys [2008-03-14 15424]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;i:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;i:\programmi\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ffcdefc-69d6-11dd-8254-000ea619b12a}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-12 i:\windows\Tasks\Verifica e correzione automatica.job
- i:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
.
------- Associazioni di file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-12 10:19:03
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(792)
i:\windows\system32\imon.dll
i:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-12-12 10.20.23
ComboFix-quarantined-files.txt 2008-12-12 09:20:13
Pre-Run: 46.472.523.776 byte disponibili
Post-Run: 46,464,454,656 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
169 --- E O F --- 2008-12-11 09:07:47