ComboFix 08-08-28.06 - federico 2008-08-29 12:15:11.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.197 [GMT 2:00]
Eseguito da: C:\Documents and Settings\federico\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dispatcher.exe
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\vsdatant.sys
C:\WINDOWS\winmsgr.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VSDATANT
-------\Service_vsdatant
((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-29 )))))))))))))))))))))))))))))))))))
.
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d--hs---- C:\FOUND.025
2008-08-27 19:05 . 2008-08-28 19:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-27 15:48 . 2008-08-27 15:48 <DIR> d--hs---- C:\FOUND.009
2008-08-27 11:23 . 2008-08-27 11:23 <DIR> d-------- C:\Documents and Settings\federico\DoctorWeb
2008-08-27 09:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-23 16:07 . 2008-08-23 16:07 <DIR> d-------- C:\Documents and Settings\federico\Dati applicazioni\pdf995
2008-08-23 12:07 . 2008-08-23 12:07 <DIR> d--hs---- C:\FOUND.008
2008-08-18 15:57 . 2003-01-02 02:33 <DIR> d-------- C:\Documents and Settings\federico\WINDOWS
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\federico\Risorse di stampa
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\federico\Risorse di rete
2008-08-18 15:57 . 2008-08-18 15:57 <DIR> dr------- C:\Documents and Settings\federico\Preferiti
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\federico\Modelli
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> dr------- C:\Documents and Settings\federico\Menu Avvio
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\federico\Impostazioni locali
2008-08-18 15:57 . 2008-08-18 15:57 <DIR> dr------- C:\Documents and Settings\federico\Documenti
2008-08-18 15:57 . 2007-03-14 14:07 <DIR> d-------- C:\Documents and Settings\federico\Dati applicazioni\SiteAdvisor
2008-08-18 15:57 . 2004-09-14 11:52 <DIR> dr-h----- C:\Documents and Settings\federico\Dati applicazioni
2008-08-18 15:57 . 2008-08-18 15:57 <DIR> d-------- C:\Documents and Settings\federico
2008-08-18 14:37 . 2008-08-18 14:37 <DIR> d--hs---- C:\FOUND.007
2008-08-18 14:27 . 2008-08-18 14:27 <DIR> d--hs---- C:\FOUND.006
2008-08-18 14:16 . 2008-08-18 14:16 <DIR> d-------- C:\bklorenzo
2008-08-18 14:07 . 2008-08-18 14:07 <DIR> d-------- C:\Documents and Settings\pippo\Dati applicazioni\.clamwin
2008-08-18 14:04 . 2003-01-02 02:33 <DIR> d-------- C:\Documents and Settings\pippo\WINDOWS
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\pippo\Risorse di stampa
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\pippo\Risorse di rete
2008-08-18 14:04 . 2008-08-18 14:05 <DIR> dr------- C:\Documents and Settings\pippo\Preferiti
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\pippo\Modelli
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> dr------- C:\Documents and Settings\pippo\Menu Avvio
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> d--h----- C:\Documents and Settings\pippo\Impostazioni locali
2008-08-18 14:04 . 2008-08-18 14:05 <DIR> dr------- C:\Documents and Settings\pippo\Documenti
2008-08-18 14:04 . 2004-09-14 11:52 <DIR> dr-h----- C:\Documents and Settings\pippo\Dati applicazioni
2008-08-18 14:04 . 2008-08-18 14:04 <DIR> d-------- C:\Documents and Settings\pippo
2008-08-18 08:52 . 2008-08-18 08:52 <DIR> d--hs---- C:\FOUND.005
2008-08-18 08:33 . 2008-08-18 08:33 <DIR> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 13:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 19:17 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Template
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:15 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:22 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:22 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 20:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 14:48 4141056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\3.tmp []
S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
.
Contenuto della cartella 'Scheduled Tasks'
2008-08-29 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\federico\Dati applicazioni\Mozilla\Firefox\Profiles\x50elokk.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-29 12:21:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\3.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAMMI\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAMMI\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-08-29 12:23:52 - machine was rebooted [federico]
ComboFix-quarantined-files.txt 2008-08-29 10:23:48
Pre-Run: 9,996,779,520 byte disponibili
Post-Run: 9,925,345,280 byte disponibili
136 --- E O F --- 2008-08-29 08:52:49