Combofix report:
ComboFix 07-09-21.2 - "Kite" 2007-09-29 20:56:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.208 [GMT 2:00]
* Created a new restore point
FILE::
C:\WINDOWS\1388146.exe
C:\WINDOWS\166769.exe
C:\WINDOWS\17402964.exe
C:\WINDOWS\18607596.exe
C:\WINDOWS\19812538.exe
C:\WINDOWS\21013916.exe
C:\WINDOWS\22225288.exe
C:\WINDOWS\23430621.exe
C:\WINDOWS\25854937.exe
C:\WINDOWS\2595472.exe
C:\WINDOWS\27059779.exe
C:\WINDOWS\28262509.exe
C:\WINDOWS\29464798.exe
C:\WINDOWS\30666796.exe
C:\WINDOWS\31867673.exe
C:\WINDOWS\33070312.exe
C:\WINDOWS\34272441.exe
C:\WINDOWS\35473898.exe
C:\WINDOWS\36679231.exe
C:\WINDOWS\37882271.exe
C:\WINDOWS\3797069.exe
C:\WINDOWS\39084160.exe
C:\WINDOWS\40287730.exe
C:\WINDOWS\41490390.exe
C:\WINDOWS\42693099.exe
C:\WINDOWS\43894446.exe
C:\WINDOWS\45096855.exe
C:\WINDOWS\46300907.exe
C:\WINDOWS\47503205.exe
C:\WINDOWS\48704132.exe
C:\WINDOWS\49907833.exe
C:\WINDOWS\5000940.exe
C:\WINDOWS\51111314.exe
C:\WINDOWS\52312000.exe
C:\WINDOWS\53513418.exe
C:\WINDOWS\54718280.exe
C:\WINDOWS\55927219.exe
C:\WINDOWS\57127845.exe
C:\WINDOWS\system32\AClient.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AClient.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.
2007-09-25 23:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 22:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-19 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab
2007-09-05 20:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 20:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\WholeSecurity
2007-09-29 12:45 --------- d-------- C:\Programmi\File comuni\Symantec Shared
2007-09-05 00:21 --------- d-------- C:\Programmi\Windows Defender
2007-09-05 00:14 --------- d-------- C:\Programmi\QuickTime
2007-09-05 00:13 --------- d-------- C:\Programmi\Norton SystemWorks
2007-09-05 00:13 --------- d-------- C:\Programmi\MSN Messenger
2007-09-05 00:07 --------- d-------- C:\Programmi\Google
2007-09-05 00:03 --------- d-------- C:\Programmi\Apoint
2007-08-28 16:46 --------- d-------- C:\DOCUME~1\Kite\DATIAP~1\AdobeUM
2007-08-24 09:58 --------- d-------- C:\DOCUME~1\Kite\DATIAP~1\Canon
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
---- Directory of C:\WINDOWS\Temp\TMP000000169188488A7578FFC5 ----
C:\WINDOWS\Temp\TMP000000169188488A7578FFC5\
((((((((((((((((((((((((((((( snapshot_2007-09-25_234348.79 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 272,384 2004-08-19 13:39:28 C:\WINDOWS\system32\dllcache\sptip.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-07-01 14:02]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-07-01 13:58]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2003-11-07 19:21]
"SonyPowerCfg"="C:\Programmi\sony\vaio power management\SPMgr.exe" [2004-06-29 21:45]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-01-19 22:25]
"eBayToolbar"="C:\Programmi\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-08 18:53]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2002-08-19 23:22]
"ccRegVfy"="C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" [2002-08-19 23:23]
"GhostStartTrayApp"="C:\Programmi\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 16:21]
"OpwareSE2"="C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-07-30 03:52:00]
SMART Board Tools.lnk - C:\Programmi\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-05-03 11:30:38]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Programmi\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
C:\Programmi\Sony\HotKey Utility\HKserv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
C:\Programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Programmi\sony\vaio update 2\VAIOUpdt.exe" /Stationary
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VCI"=2 (0x2)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-HTTP"=2 (0x2)
"VAIOMediaPlatform-IntegratedServer-AppServer"=2 (0x2)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment Task Scheduler"=3 (0x3)
"VAIO Entertainment File Import Service"=2 (0x2)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
R1 GhPciScan;GhostPciScanner;\??\C:\Programmi\Norton SystemWorks\Norton Ghost\ghpciscan.sys
R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys
R2 SMART Web Server;SMART Web Server;"C:\Programmi\SMART Technologies Inc\SMART Board Software\WebServer.exe"
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
S2 siregsrv;siregsrv;C:\PROGRA~1\NORTON~2\SPEEDD~1\SIREGSRV.EXE
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys
S3 SE2Bobex;Sony Ericsson Device 043 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Bobex.sys
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 19:06:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
"2007-09-21 22:06:27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-08-31 16:27:55 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-09-29 19:05:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:04:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-29 21:10:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 21:09
C:\ComboFix2.txt ... 2007-09-26 22:42
.
--- E O F ---
filesfound scan report:
Il volume nell'unit… C ŠVAIO
Numero di serie del volume: 20F9-456C
Il volume nell'unit… C ŠVAIO
Numero di serie del volume: 20F9-456C