ComboFix 08-11-12.01 - Savio 2008-11-13 21.23.48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1300 [GMT 1:00]
Eseguito da: c:\documents and settings\Savio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Savio\Impostazioni locali\Dati applicazioni\meeccrk.dat
c:\documents and settings\Savio\Impostazioni locali\Dati applicazioni\meeccrk_nav.dat
c:\documents and settings\Savio\Impostazioni locali\Dati applicazioni\meeccrk_navps.dat
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-10-13 al 2008-11-13 )))))))))))))))))))))))))))))))))))
.
2008-11-13 14:24 . 2008-11-13 14:23 512,096 --a------ c:\windows\system32\drivers\amon.sys
2008-11-13 14:24 . 2008-11-13 14:23 298,104 --a------ c:\windows\system32\imon.dll
2008-11-13 14:24 . 2008-11-13 14:23 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2008-11-12 11:36 . 2008-11-12 11:37 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 11:27 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 11:23 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 13:52 . 2008-11-10 13:53 <DIR> d-------- c:\programmi\FreePOPs
2008-11-08 23:55 . 2008-11-08 23:55 <DIR> d-------- C:\Downloads
2008-11-08 23:53 . 2008-11-09 00:00 <DIR> d-------- c:\documents and settings\Savio\Dati applicazioni\Free Download Manager
2008-11-07 16:47 . 2008-11-07 16:55 <DIR> d-------- c:\documents and settings\Savio\Dati applicazioni\InstallPad
2008-11-07 11:19 . 2008-11-07 11:40 <DIR> d-------- c:\programmi\CamStudio
2008-11-02 10:16 . 2008-11-02 10:44 143,096 --a------ c:\windows\system32\guard32.dll
2008-11-02 10:16 . 2008-11-02 10:44 99,856 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-11-02 10:16 . 2008-11-02 10:44 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-11-01 15:28 . 2008-11-01 15:28 5,120 --a------ c:\windows\system32\lwel-manifest.dll
2008-10-28 21:15 . 2008-10-28 21:14 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-28 10:48 . 2008-10-28 10:49 <DIR> d-------- c:\programmi\PDFCreator
2008-10-28 10:48 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-10-28 10:48 . 1998-08-05 08:45 150,528 --a------ c:\windows\system32\MSCMCIT.DLL
2008-10-28 10:48 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-10-28 10:48 . 1998-08-05 08:45 122,128 --a------ c:\windows\system32\VB6IT.DLL
2008-10-28 10:48 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-10-28 10:48 . 1998-08-05 08:45 63,488 --a------ c:\windows\system32\MSCC2IT.DLL
2008-10-28 10:48 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-10-27 14:02 . 2008-10-27 14:37 <DIR> d-------- c:\documents and settings\Savio\Dati applicazioni\EPSON
2008-10-24 19:46 . 2008-10-24 19:46 <DIR> d-------- c:\programmi\Microsoft Reader
2008-10-24 19:46 . 2003-06-05 16:15 57,436 --a------ c:\windows\DASShp.dll
2008-10-24 09:00 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 18:36 . 2008-10-19 18:36 <DIR> d-------- c:\programmi\SIW
2008-10-18 15:28 . 2008-11-13 13:28 <DIR> d-------- c:\programmi\Java
2008-10-15 17:46 . 2008-08-14 14:22 2,192,896 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 17:46 . 2008-08-14 14:22 2,148,864 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:46 . 2008-08-14 14:22 2,069,760 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:46 . 2008-08-14 14:22 2,027,520 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 17:46 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 17:45 . 2008-09-15 16:24 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-13 19:11 . 2008-11-12 14:04 <DIR> d-------- c:\programmi\WinClamAVShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 20:23 --------- d-----w c:\programmi\Eset
2008-11-12 23:59 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\LimeWire
2008-11-12 20:00 --------- d-----w c:\programmi\Spyware Terminator
2008-11-12 20:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2008-11-12 19:30 --------- d-----w c:\programmi\eMule
2008-11-12 19:26 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\Spyware Terminator
2008-11-12 13:37 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\Skype
2008-11-12 13:08 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\skypePM
2008-11-12 10:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-11-02 09:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\comodo
2008-11-02 09:16 --------- d-----w c:\programmi\COMODO
2008-11-02 09:16 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\Comodo
2008-10-27 19:17 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2008-10-24 18:46 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 10:57 --------- d-----w c:\programmi\Microsoft Silverlight
2008-10-20 20:05 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\HP
2008-10-15 11:37 306 ----a-w C:\Afd.reg
2008-10-15 11:37 236 ----a-w C:\Ndis.reg
2008-10-15 11:37 20,774 ----a-w C:\Tcpip.reg
2008-10-15 11:37 12,646,240 ----a-w C:\CurrentVersion.reg
2008-10-12 20:11 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2008-10-11 15:45 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\vlc
2008-10-11 13:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-10-11 13:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-10-10 16:54 --------- d-----w c:\programmi\Motorola Phone Tools
2008-10-10 12:49 --------- d-----w c:\programmi\Avanquest update
2008-10-10 08:15 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\WinPatrol
2008-10-06 14:47 --------- d-----w c:\programmi\File comuni\xing shared
2008-10-06 14:47 --------- d-----w c:\programmi\File comuni\Real
2008-10-04 12:59 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\LG Electronics
2008-10-04 12:54 --------- d-----w c:\programmi\LG PC Suite
2008-10-04 12:52 --------- d-----w c:\programmi\LG Electronics
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 14:53 --------- d-----w c:\programmi\File comuni\Java
2008-09-22 20:06 --------- d-----w c:\programmi\LimeWire
2008-09-20 22:57 --------- d-----w c:\documents and settings\Savio\Dati applicazioni\FrostWire
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-06 21:07 92,064 ----a-w c:\documents and settings\Savio\mqdmmdm.sys
2008-09-06 21:07 9,232 ----a-w c:\documents and settings\Savio\mqdmmdfl.sys
2008-09-06 21:07 79,328 ----a-w c:\documents and settings\Savio\mqdmserd.sys
2008-09-06 21:07 66,656 ----a-w c:\documents and settings\Savio\mqdmbus.sys
2008-09-06 21:07 6,208 ----a-w c:\documents and settings\Savio\mqdmcmnt.sys
2008-09-06 21:07 5,936 ----a-w c:\documents and settings\Savio\mqdmwhnt.sys
2008-09-06 21:07 4,048 ----a-w c:\documents and settings\Savio\mqdmcr.sys
2008-09-06 21:07 25,600 ----a-w c:\documents and settings\Savio\usbsermptxp.sys
2008-09-06 21:07 22,768 ----a-w c:\documents and settings\Savio\usbsermpt.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-18 19:29 155,995 ----a-w c:\windows\java\Packages\39RVVJ97.ZIP
2008-08-18 18:29 315,392 ----a-w c:\windows\HideWin.exe
2008-08-14 13:22 2,148,864 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:22 2,027,520 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"EPSON Stylus DX7400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 182272]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2008-11-06 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse "="c:\programmi\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\programmi\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 233472]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-10-28 136600]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-10-06 185896]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-12 1783808]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-02 1797880]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2008-11-02 1797880]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-11-13 949376]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-02 99856]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-02 31504]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-10-12 141312]
R2 MSCamSvc;MSCamSvc;c:\programmi\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8395636-7b24-11dd-80b9-001bfc8b69f5}]
\Shell\AutoRun\command - wdsync.exe
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Savio\Dati applicazioni\Mozilla\Firefox\Profiles\udnsdk0f.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.msn.it.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-13 21:26:13
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
PROCESSO: c:\windows\system32\winlogon.exe
-> c:\windows\system32\guard32.dll
PROCESSO: c:\windows\system32\lsass.exe
-> c:\windows\system32\guard32.dll
-> c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-11-13 21.27.04
ComboFix-quarantined-files.txt 2008-11-13 20:26:58
Pre-Run: 76.808.278.016 byte disponibili
Post-Run: 90,096,128,000 byte disponibili
221 --- E O F --- 2008-11-12 12:33