Alkadia
2008-06-07, 00:38
Hi,
some day ago, using "process explorer" from microsoft, I look a process that appear and disappear in a fast way : Indt2.sys . After a search on internet I learn that process was a threat connect to other 4 process : afinding.exe, routing.exe, wserving.exe, prefs.exe. I used ComboFix from www.bleepingcomputer.com (http://www.bleepingcomputer.com) to remove, below its report (Conbofix.txt). Can you help me ?
Thanks in advance.
Alkadia
---------------------- ComboFix.txt -----------------------------
ComboFix 08-06-06.4 - Administrator 2008-06-06 23.43.40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.714 [GMT 2:00]
Eseguito da: C:\tmp\ComboFix.exe
Command switches used :: C:\tmp\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Dati applicazioni\inst.exe
C:\Documents and Settings\Kirk\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\Indt2.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
((((((((((((((((((((((((( Files Creati Da 2008-05-06 al 2008-06-06 )))))))))))))))))))))))))))))))))))
.
2008-06-06 14:47 . 2008-06-06 14:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-06 14:43 . 2008-06-06 15:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-06-06 12:29 . 2008-06-06 12:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-06 00:06 . 2008-06-06 00:06 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Talkback
2008-06-05 18:09 . 2008-06-05 18:09 <DIR> d-------- C:\media
2008-06-05 14:33 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-06-05 14:31 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-06-05 14:16 . 2007-12-18 19:06 91,008 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys
2008-06-05 14:15 . 2008-06-05 14:15 136,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-05 14:15 . 2008-06-05 14:15 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-05 14:15 . 2008-06-05 14:15 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-05 14:15 . 2008-06-05 14:15 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-05 14:14 . 2008-06-05 14:14 <DIR> d-------- C:\Symantec
2008-06-04 20:16 . 2008-06-04 20:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-04 20:15 . 2008-06-04 20:15 <DIR> d-------- C:\Programmi\File comuni\Deterministic Networks
2008-06-04 20:15 . 2008-06-04 20:15 <DIR> d-------- C:\Programmi\Cisco Systems
2008-06-04 20:15 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-06-04 20:15 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-06-04 20:15 . 2008-06-04 20:16 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-06-04 20:13 . 2008-06-04 20:13 <DIR> d-------- C:\SunIT
2008-06-04 11:51 . 2008-06-04 11:51 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Thunderbird
2008-06-02 18:03 . 2008-06-02 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Nokia Multimedia Player
2008-06-02 17:32 . 2008-06-02 17:32 <DIR> d-------- C:\Programmi\PSP Video Converter
2008-06-02 16:06 . 2008-06-04 12:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:56 . 2008-06-06 14:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:56 . 2008-06-04 11:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AVGTOOLBAR
2008-06-02 15:56 . 2008-06-02 15:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:56 . 2008-06-02 15:56 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-02 15:56 . 2008-06-02 15:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:55 . 2008-06-02 15:55 <DIR> d-------- C:\Programmi\AVG
2008-06-02 15:55 . 2008-06-02 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-31 13:50 . 2008-05-31 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Azureus.bkp
2008-05-31 13:46 . 2008-05-31 13:46 <DIR> d-------- C:\Programmi\Azureus
2008-05-31 13:46 . 2008-05-31 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-05-31 13:46 . 2008-06-06 23:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Azureus
2008-05-29 17:02 . 2008-05-15 02:33 18,399,371 --a------ C:\Documents and Settings\All Users\P._Nero_B.ROM_8.3.2.1.exe
2008-05-29 17:01 . 2008-05-29 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Thinstall
2008-05-29 12:43 . 2008-06-06 16:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\dvdcss
2008-05-26 19:34 . 2008-05-26 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2008-05-26 19:34 . 2008-05-26 19:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\FrostWire
2008-05-26 19:33 . 2008-05-26 19:34 <DIR> d-------- C:\Programmi\FrostWire
2008-05-26 08:48 . 2008-05-26 08:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-25 15:50 . 2008-05-25 15:50 <DIR> d-------- C:\Programmi\McDonaldsDragons
2008-05-25 15:49 . 2008-05-25 15:49 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-24 08:20 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-05-24 08:20 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-05-18 11:08 . 2008-06-06 20:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 11:08 . 2008-05-18 11:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 12:34 . 2008-04-13 21:20 361,344 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-05-12 10:37 . 2008-05-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-05-10 14:47 . 2008-05-10 14:47 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\system32\it
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-10 09:41 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-10 09:25 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-05-10 09:25 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-10 09:25 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-05-10 09:25 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-05-10 09:25 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-05-10 09:25 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-05-10 09:25 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-10 09:25 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-05-10 09:25 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-10 09:25 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-05-10 09:05 . 2008-06-02 16:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\BitTyrant
2008-05-10 09:03 . 2008-05-10 09:05 <DIR> d-------- C:\Programmi\BitTyrant
2008-05-10 08:10 . 2008-05-10 08:10 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-05-10 08:10 . 2008-05-10 08:10 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-05-10 08:08 . 2008-05-10 08:08 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-05-10 08:08 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-09 23:13 . 2008-05-09 23:16 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\ID3-TagIT 3
2008-05-09 23:09 . 2008-05-09 23:09 <DIR> d-------- C:\Programmi\ID3-TagIT 3
2008-05-09 23:09 . 2008-05-09 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ID3-TagIT 3
2008-05-09 21:18 . 2008-05-18 11:58 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\iTunes
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\iPod
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\Bonjour
2008-05-09 21:16 . 2008-05-09 21:16 <DIR> d-------- C:\Programmi\QuickTime
2008-05-09 21:16 . 2008-05-09 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-05-09 21:15 . 2008-05-09 21:15 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-05-09 21:15 . 2008-05-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-05-09 21:15 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-08 20:07 . 2008-05-08 20:11 <DIR> d-------- C:\Lella MP3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 21:46 --------- d-----w C:\Programmi\PeerGuardian2
2008-06-06 18:49 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-06-06 18:46 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\StarOffice8
2008-06-06 18:44 --------- d-----w C:\Programmi\freecap
2008-06-06 15:41 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\FileZilla
2008-06-05 22:06 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-06-05 13:02 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-06-05 12:34 --------- d-----w C:\Programmi\Norton Ghost
2008-06-05 12:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-05 12:15 --------- d-----w C:\Programmi\Symantec
2008-06-05 12:06 --------- d-----w C:\Programmi\Symantec AntiVirus
2008-05-31 17:38 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Vso
2008-05-26 08:45 --------- d-----w C:\Programmi\VirtualDub-MPEG2
2008-05-23 12:44 --------- d-----w C:\Programmi\FileZilla FTP Client
2008-05-17 19:34 --------- d-----w C:\Programmi\Sun
2008-05-10 06:07 --------- d-----w C:\Programmi\Nokia
2008-05-10 05:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-30 20:12 55,424 ----a-w C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-04-30 20:12 42,048 ----a-w C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-04-18 07:14 --------- d-----w C:\Programmi\Ext2Fsd
2008-04-14 02:14 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:14 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 02:14 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:14 286,720 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:14 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 02:14 151,552 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:14 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 02:14 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 02:14 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 02:14 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 01:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 01:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 01:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 01:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 01:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 01:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 01:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 01:53 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 01:52 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 01:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 01:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 01:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 01:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 01:50 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
.
------- Sigcheck -------
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-19 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 22a389083780c053b52519af28201a96 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 15:56 2050816 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-06-02 15:56 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-06-02 15:56 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:23 65536]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"FreeSOCKS Cap"="C:\Programmi\freecap\freecap.exe" [2006-02-23 20:02 873984]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 11:40 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-10 19:12 5419008]
"nwiz"="nwiz.exe" [2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2004-12-10 19:12 49152]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"DpUtil"="C:\Programmi\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-22 15:46 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 15:37 88363 C:\WINDOWS\agrsmmsg.exe]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]
"TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 12:44 118784]
"TPSMain"="TPSMain.exe" [2004-12-29 14:19 266240 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-29 14:19 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TMESRV.EXE"="C:\Programmi\TOSHIBA\TME3\TMESRV31.exe" [2004-11-22 16:03 126976]
"TMERzCtl.EXE"="C:\Programmi\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-28 16:46 86016]
"TMESBS.EXE"="C:\Programmi\TOSHIBA\TME3\TMESBS32.exe" [2003-11-06 11:34 77824]
"TFncKy"="TFncKy.exe" []
"NDSTray.exe"="NDSTray.exe" []
"TAudEffect"="C:\Programmi\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 19:48 331840]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-30 02:05 127035]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VirtualCloneDrive"="C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"CFSServ.exe"="CFSServ.exe" []
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:55 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Process Explorer.lnk - C:\Programmi\ProcessExplorer\procexp.exe [2008-03-04 00:15:35 3654696]
StarOffice 8.lnk - C:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 17:55:10 122880]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-11-10 11:58:56 475136]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-06-04 20:16:22 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Norton Ghost 10.0"="C:\Programmi\Norton Ghost\Agent\GhostTray.exe"
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\Beyond Compare 2\\BC2.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\BitTyrant\\Azureus.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Symantec\\SEP11\\Smc.exe"=
"C:\\Symantec\\SEP11\\SNAC.EXE"=
"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:56]
R1 Ext2Fsd;Linux ext2 file system driver;C:\WINDOWS\system32\drivers\Ext2Fsd.sys [2008-02-17 13:27]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 22:12]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 22:12]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 15:55]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:55]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 15:56]
R2 Ext2Mgr;Ext2 Volume Manger;C:\Programmi\Ext2Fsd\Ext2Mgr.exe [2008-02-19 21:12]
R2 Tmesbs;Tmesbs32;C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe [2003-11-06 11:34]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 12:58]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 12:08]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-06 10:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 12:35:03 C:\WINDOWS\Tasks\Promemoria registrazione 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-01 10:24:53 C:\WINDOWS\Tasks\Promemoria registrazione 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-01 10:24:54 C:\WINDOWS\Tasks\Promemoria registrazione 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 23:53:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Symantec\SEP11\Smc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Symantec\SEP11\Rtvscan.exe
C:\Programmi\RealVNC\VNC4\winvnc4.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Symantec\SEP11\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Toshiba\ConfigFree\NDSTray.exe
C:\Programmi\Toshiba\TME3\TMEEJME.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Toshiba\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.bin
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programmi\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-07 0:00:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 22:00:38
17 Directory 31,889,473,536 byte disponibili
22 Directory 31,919,669,248 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Microsoft Windows XP Professional P0" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional P1" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
416 --- E O F --- 2008-05-15 20:02:18
-------------------------------------------------------------
Edit: FYI for all users. ;)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806)
some day ago, using "process explorer" from microsoft, I look a process that appear and disappear in a fast way : Indt2.sys . After a search on internet I learn that process was a threat connect to other 4 process : afinding.exe, routing.exe, wserving.exe, prefs.exe. I used ComboFix from www.bleepingcomputer.com (http://www.bleepingcomputer.com) to remove, below its report (Conbofix.txt). Can you help me ?
Thanks in advance.
Alkadia
---------------------- ComboFix.txt -----------------------------
ComboFix 08-06-06.4 - Administrator 2008-06-06 23.43.40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.714 [GMT 2:00]
Eseguito da: C:\tmp\ComboFix.exe
Command switches used :: C:\tmp\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Dati applicazioni\inst.exe
C:\Documents and Settings\Kirk\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\Indt2.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
((((((((((((((((((((((((( Files Creati Da 2008-05-06 al 2008-06-06 )))))))))))))))))))))))))))))))))))
.
2008-06-06 14:47 . 2008-06-06 14:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-06 14:43 . 2008-06-06 15:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-06-06 12:29 . 2008-06-06 12:29 <DIR> d-------- C:\Programmi\Trend Micro
2008-06-06 00:06 . 2008-06-06 00:06 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Talkback
2008-06-05 18:09 . 2008-06-05 18:09 <DIR> d-------- C:\media
2008-06-05 14:33 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-06-05 14:31 . 2007-03-22 13:38 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-06-05 14:16 . 2007-12-18 19:06 91,008 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys
2008-06-05 14:15 . 2008-06-05 14:15 136,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-05 14:15 . 2008-06-05 14:15 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-05 14:15 . 2008-06-05 14:15 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-05 14:15 . 2008-06-05 14:15 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-05 14:14 . 2008-06-05 14:14 <DIR> d-------- C:\Symantec
2008-06-04 20:16 . 2008-06-04 20:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-04 20:15 . 2008-06-04 20:15 <DIR> d-------- C:\Programmi\File comuni\Deterministic Networks
2008-06-04 20:15 . 2008-06-04 20:15 <DIR> d-------- C:\Programmi\Cisco Systems
2008-06-04 20:15 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-06-04 20:15 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-06-04 20:15 . 2008-06-04 20:16 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-06-04 20:13 . 2008-06-04 20:13 <DIR> d-------- C:\SunIT
2008-06-04 11:51 . 2008-06-04 11:51 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\Thunderbird
2008-06-02 18:03 . 2008-06-02 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Nokia Multimedia Player
2008-06-02 17:32 . 2008-06-02 17:32 <DIR> d-------- C:\Programmi\PSP Video Converter
2008-06-02 16:06 . 2008-06-04 12:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:56 . 2008-06-06 14:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:56 . 2008-06-04 11:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AVGTOOLBAR
2008-06-02 15:56 . 2008-06-02 15:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:56 . 2008-06-02 15:56 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-02 15:56 . 2008-06-02 15:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:55 . 2008-06-02 15:55 <DIR> d-------- C:\Programmi\AVG
2008-06-02 15:55 . 2008-06-02 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-05-31 13:50 . 2008-05-31 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Azureus.bkp
2008-05-31 13:46 . 2008-05-31 13:46 <DIR> d-------- C:\Programmi\Azureus
2008-05-31 13:46 . 2008-05-31 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-05-31 13:46 . 2008-06-06 23:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Azureus
2008-05-29 17:02 . 2008-05-15 02:33 18,399,371 --a------ C:\Documents and Settings\All Users\P._Nero_B.ROM_8.3.2.1.exe
2008-05-29 17:01 . 2008-05-29 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Thinstall
2008-05-29 12:43 . 2008-06-06 16:41 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\dvdcss
2008-05-26 19:34 . 2008-05-26 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2008-05-26 19:34 . 2008-05-26 19:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\FrostWire
2008-05-26 19:33 . 2008-05-26 19:34 <DIR> d-------- C:\Programmi\FrostWire
2008-05-26 08:48 . 2008-05-26 08:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-25 15:50 . 2008-05-25 15:50 <DIR> d-------- C:\Programmi\McDonaldsDragons
2008-05-25 15:49 . 2008-05-25 15:49 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-24 08:20 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-05-24 08:20 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-05-18 11:08 . 2008-06-06 20:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 11:08 . 2008-05-18 11:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 12:34 . 2008-04-13 21:20 361,344 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.old
2008-05-12 10:37 . 2008-05-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-05-10 14:47 . 2008-05-10 14:47 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\system32\it
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-10 09:44 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-10 09:41 . 2008-05-10 09:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-10 09:25 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-05-10 09:25 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-10 09:25 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-05-10 09:25 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-05-10 09:25 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-05-10 09:25 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-05-10 09:25 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-10 09:25 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-05-10 09:25 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-10 09:25 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-05-10 09:05 . 2008-06-02 16:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\BitTyrant
2008-05-10 09:03 . 2008-05-10 09:05 <DIR> d-------- C:\Programmi\BitTyrant
2008-05-10 08:10 . 2008-05-10 08:10 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-05-10 08:10 . 2008-05-10 08:10 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-05-10 08:08 . 2008-05-10 08:08 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-05-10 08:08 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-09 23:13 . 2008-05-09 23:16 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\ID3-TagIT 3
2008-05-09 23:09 . 2008-05-09 23:09 <DIR> d-------- C:\Programmi\ID3-TagIT 3
2008-05-09 23:09 . 2008-05-09 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ID3-TagIT 3
2008-05-09 21:18 . 2008-05-18 11:58 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Apple Computer
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\iTunes
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\iPod
2008-05-09 21:17 . 2008-05-09 21:17 <DIR> d-------- C:\Programmi\Bonjour
2008-05-09 21:16 . 2008-05-09 21:16 <DIR> d-------- C:\Programmi\QuickTime
2008-05-09 21:16 . 2008-05-09 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-05-09 21:15 . 2008-05-09 21:15 <DIR> d-------- C:\Programmi\File comuni\Apple
2008-05-09 21:15 . 2008-05-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-05-09 21:15 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-08 20:07 . 2008-05-08 20:11 <DIR> d-------- C:\Lella MP3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 21:46 --------- d-----w C:\Programmi\PeerGuardian2
2008-06-06 18:49 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Skype
2008-06-06 18:46 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\StarOffice8
2008-06-06 18:44 --------- d-----w C:\Programmi\freecap
2008-06-06 15:41 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\FileZilla
2008-06-05 22:06 --------- d-----w C:\Programmi\Mozilla Thunderbird
2008-06-05 13:02 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-06-05 12:34 --------- d-----w C:\Programmi\Norton Ghost
2008-06-05 12:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-06-05 12:15 --------- d-----w C:\Programmi\Symantec
2008-06-05 12:06 --------- d-----w C:\Programmi\Symantec AntiVirus
2008-05-31 17:38 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\Vso
2008-05-26 08:45 --------- d-----w C:\Programmi\VirtualDub-MPEG2
2008-05-23 12:44 --------- d-----w C:\Programmi\FileZilla FTP Client
2008-05-17 19:34 --------- d-----w C:\Programmi\Sun
2008-05-10 06:07 --------- d-----w C:\Programmi\Nokia
2008-05-10 05:53 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-04-30 20:12 55,424 ----a-w C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-04-30 20:12 42,048 ----a-w C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-04-18 07:14 --------- d-----w C:\Programmi\Ext2Fsd
2008-04-14 02:14 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:14 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 02:14 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:14 286,720 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:14 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 02:14 151,552 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:14 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 02:14 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 02:14 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 02:14 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 01:56 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 01:56 68,736 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 01:56 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 01:55 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 01:55 46,720 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 01:53 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 01:53 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 01:53 154,240 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 01:52 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 01:52 40,704 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 01:52 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 01:52 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 01:51 65,792 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 01:50 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 01:50 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 01:49 58,368 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 01:49 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 01:49 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 01:48 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 01:48 41,728 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 01:48 41,344 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 01:48 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 01:47 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 01:47 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 01:47 188,416 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
.
------- Sigcheck -------
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-19 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 22a389083780c053b52519af28201a96 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 15:56 2050816 --a------ C:\Programmi\AVG\AVG8\avgtoolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programmi\AVG\AVG8\avgtoolbar.dll" [2008-06-02 15:56 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programmi\AVG\AVG8\avgtoolbar.dll [2008-06-02 15:56 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:23 65536]
"PeerGuardian"="C:\Programmi\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 10:27 153136]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"FreeSOCKS Cap"="C:\Programmi\freecap\freecap.exe" [2006-02-23 20:02 873984]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-11 11:40 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-10 19:12 5419008]
"nwiz"="nwiz.exe" [2004-12-10 19:12 1490944 C:\WINDOWS\system32\nwiz.exe]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2004-12-10 19:12 49152]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]
"DpUtil"="C:\Programmi\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-22 15:46 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 15:37 88363 C:\WINDOWS\agrsmmsg.exe]
"TosHKCW.exe"="C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]
"TFNF5"="TFNF5.exe" [2003-12-02 15:15 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 12:44 118784]
"TPSMain"="TPSMain.exe" [2004-12-29 14:19 266240 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-29 14:19 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TMESRV.EXE"="C:\Programmi\TOSHIBA\TME3\TMESRV31.exe" [2004-11-22 16:03 126976]
"TMERzCtl.EXE"="C:\Programmi\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-28 16:46 86016]
"TMESBS.EXE"="C:\Programmi\TOSHIBA\TME3\TMESBS32.exe" [2003-11-06 11:34 77824]
"TFncKy"="TFncKy.exe" []
"NDSTray.exe"="NDSTray.exe" []
"TAudEffect"="C:\Programmi\TOSHIBA\TAudEffect\TAudEff.exe" [2004-10-06 19:48 331840]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-30 02:05 127035]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VirtualCloneDrive"="C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"CFSServ.exe"="CFSServ.exe" []
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:55 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Process Explorer.lnk - C:\Programmi\ProcessExplorer\procexp.exe [2008-03-04 00:15:35 3654696]
StarOffice 8.lnk - C:\Programmi\Sun\StarOffice 8\program\quickstart.exe [2007-02-02 17:55:10 122880]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-11-10 11:58:56 475136]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-06-04 20:16:22 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Norton Ghost 10.0"="C:\Programmi\Norton Ghost\Agent\GhostTray.exe"
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Programmi\\Beyond Compare 2\\BC2.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\BitTyrant\\Azureus.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"C:\\Symantec\\SEP11\\Smc.exe"=
"C:\\Symantec\\SEP11\\SNAC.EXE"=
"C:\\Programmi\\File comuni\\Symantec Shared\\ccApp.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:56]
R1 Ext2Fsd;Linux ext2 file system driver;C:\WINDOWS\system32\drivers\Ext2Fsd.sys [2008-02-17 13:27]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 22:12]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 22:12]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 15:55]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:55]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 15:56]
R2 Ext2Mgr;Ext2 Volume Manger;C:\Programmi\Ext2Fsd\Ext2Mgr.exe [2008-02-19 21:12]
R2 Tmesbs;Tmesbs32;C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe [2003-11-06 11:34]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 12:58]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-09-27 12:08]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-06 10:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 12:35:03 C:\WINDOWS\Tasks\Promemoria registrazione 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-01 10:24:53 C:\WINDOWS\Tasks\Promemoria registrazione 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-01 10:24:54 C:\WINDOWS\Tasks\Promemoria registrazione 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 23:53:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Symantec\SEP11\Smc.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Symantec\SEP11\Rtvscan.exe
C:\Programmi\RealVNC\VNC4\winvnc4.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Symantec\SEP11\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Toshiba\ConfigFree\NDSTray.exe
C:\Programmi\Toshiba\TME3\TMEEJME.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Toshiba\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sun\StarOffice 8\program\soffice.bin
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Programmi\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-07 0:00:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 22:00:38
17 Directory 31,889,473,536 byte disponibili
22 Directory 31,919,669,248 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Microsoft Windows XP Professional P0" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional P1" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
416 --- E O F --- 2008-05-15 20:02:18
-------------------------------------------------------------
Edit: FYI for all users. ;)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806)