ComboFix 09-10-15.01 - paolo dondoli 16/10/2009 0.30.09.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1023.145 [GMT 2:00]
Eseguito da: c:\documents and settings\paolo dondoli\Documenti\Download\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-3C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-0C24-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {7C8021E7-FFFF-FFFF-0600-CC00ACEF1200}
.
((((((((((((((((((((((((( Files Creati Da 2009-09-15 al 2009-10-15 )))))))))))))))))))))))))))))))))))
.
2009-10-13 23:55 . 2009-10-13 23:55 -------- d-----w- c:\programmi\Enigma Software Group
2009-10-13 23:35 . 2009-10-13 23:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-13 22:49 . 2009-10-13 22:49 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Malwarebytes
2009-10-13 22:49 . 2009-10-13 22:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-13 05:05 . 2009-10-13 05:05 -------- d-----w- c:\windows\ServicePackFiles
2009-10-13 05:04 . 2009-10-13 05:04 -------- d-----w- c:\programmi\MSXML 4.0
2009-10-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-12 22:53 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-12 22:43 . 2009-06-21 22:05 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-12 22:25 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-12 22:25 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-12 22:25 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-12 22:25 . 2008-05-01 14:31 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-12 22:25 . 2009-07-10 13:41 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-12 22:24 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-12 22:24 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-12 22:23 . 2008-10-03 10:15 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-12 22:23 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-12 22:23 . 2008-09-04 16:44 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-12 22:19 . 2008-04-21 21:26 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 19:13 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-12 19:13 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-12 19:13 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-12 19:13 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-12 19:13 . 2009-10-12 19:13 -------- d-----w- c:\programmi\Avira
2009-10-12 19:13 . 2009-10-12 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-11 20:30 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-11 20:08 . 2009-10-11 20:08 -------- d-----w- c:\programmi\VS Revo Group
2009-10-11 19:39 . 2009-10-11 19:39 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Norman
2009-10-09 10:10 . 2009-10-09 10:10 -------- d-----w- c:\programmi\CCleaner
2009-10-09 09:58 . 2009-10-09 09:58 -------- d-----w- c:\windows\Sun
2009-10-08 20:25 . 2009-10-08 20:25 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\OpenOffice.org
2009-10-08 20:06 . 2009-10-08 20:06 -------- d-----w- c:\programmi\JRE
2009-10-08 20:06 . 2009-10-08 20:06 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-10-08 19:28 . 2009-10-08 19:28 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-10-07 22:27 . 2009-10-08 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 21:00 . 2009-10-05 21:00 -------- d-----w- c:\programmi\Audacity
2009-10-05 20:59 . 2009-10-05 20:59 -------- d-----w- c:\programmi\winLAME
2009-10-05 20:59 . 2009-10-05 20:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\winLAME
2009-10-05 20:56 . 2009-10-11 20:02 -------- d-----w- c:\programmi\Alice ti aiuta
2009-10-05 20:55 . 2009-10-05 20:55 -------- d-----w- c:\programmi\Telecom Italia
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Talkback
2009-10-05 19:50 . 2009-10-05 19:50 -------- d-----w- c:\programmi\notepad2
2009-10-05 19:50 . 2007-03-12 21:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-10-05 19:50 . 2007-03-12 21:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-10-05 19:50 . 2007-03-12 21:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-10-05 19:50 . 2009-10-05 19:50 -------- d-----w- c:\programmi\TUGZip
2009-10-05 19:45 . 2009-10-05 19:45 -------- d-----w- c:\programmi\FreeCommander
2009-10-04 07:04 . 2009-10-04 07:04 -------- d-----w- c:\programmi\hp deskjet 3320 series
2009-10-04 07:03 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-04 07:03 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-04 07:02 . 2009-10-04 07:05 -------- d-----w- c:\programmi\Hewlett-Packard
2009-10-04 07:02 . 2009-10-05 06:14 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9\temp
2009-10-04 07:02 . 2009-10-04 07:02 -------- d-----w- c:\documents and settings\BB443B11-7D12-450c-9F85-2D32804655F9
2009-10-03 16:53 . 2009-10-03 16:53 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Ulead Systems
2009-10-02 07:28 . 2009-10-02 07:28 -------- d-----w- c:\programmi\Lame for Audacity
2009-09-29 15:14 . 2009-09-29 15:14 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Motive
2009-09-28 00:56 . 2009-09-28 00:56 -------- d-----w- c:\programmi\File comuni\Adobe
2009-09-28 00:51 . 2009-09-28 00:51 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\AdobeUM
2009-09-26 14:38 . 2009-09-29 10:19 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Adobe
2009-09-25 19:47 . 2009-09-25 20:09 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\AIMP
2009-09-25 19:47 . 2009-09-25 19:47 -------- d-----w- c:\programmi\AIMP2
2009-09-23 21:05 . 2009-09-23 21:05 -------- d-----w- c:\documents and settings\paolo dondoli\Dati applicazioni\Thunderbird
2009-09-23 21:05 . 2009-09-23 21:05 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Thunderbird
2009-09-23 21:04 . 2009-10-15 17:27 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-09-23 20:50 . 2009-09-23 20:50 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 20:50 . 2009-09-23 20:50 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Mozilla
2009-09-23 19:35 . 2009-09-23 19:35 -------- d-s---w- c:\documents and settings\paolo dondoli\UserData
2009-09-23 19:31 . 2009-09-23 19:31 -------- d-----w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\Help
2009-09-23 19:23 . 2009-10-05 20:56 -------- d-----w- c:\windows\Motive
2009-09-22 23:05 . 2004-08-03 21:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:12 . 2004-09-03 09:37 74630 ----a-w- c:\windows\system32\perfc010.dat
2009-10-14 16:12 . 2004-09-03 09:37 448112 ----a-w- c:\windows\system32\perfh010.dat
2009-10-11 20:25 . 2009-09-21 19:02 57536 ----a-w- c:\documents and settings\paolo dondoli\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-11 20:02 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-11 19:30 . 2004-09-03 09:36 14336 ------w- c:\windows\system32\svchost.exe
2009-10-08 20:06 . 2009-09-22 03:35 -------- d-----w- c:\programmi\Java
2009-10-05 20:56 . 2009-09-23 19:22 -------- d-----w- c:\programmi\Motive
2009-10-05 20:56 . 2009-09-22 03:35 -------- d-----w- c:\programmi\InstallShield Installation Information
2009-09-23 19:22 . 2009-09-23 19:22 -------- d-----w- c:\programmi\Common Files
2009-09-22 03:38 . 2009-09-22 03:35 -------- d-----w- c:\programmi\ShowTime
2009-09-22 03:38 . 2009-09-22 03:35 -------- d-----w- c:\programmi\Servizi in linea
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\SureThing Shared
2009-09-22 03:37 . 2009-09-22 03:35 -------- d-----w- c:\programmi\File comuni\Sonic Shared
2009-08-05 09:05 . 2004-09-03 09:36 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:51 . 2004-09-03 09:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:51 . 2004-09-03 09:36 82432 ----a-w- c:\windows\system32\fontsub.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"SMSERIAL"="c:\programmi\Motorola\SMSERIAL\sm56hlpr.exe" [2006-06-01 573440]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 774233]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"Ulead AutoDetector v2"="c:\programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"DetectorApp"="c:\programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-08 149280]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Collegamento alla pagina delle proprietà di High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3483:TCP"= 3483:TCP:reqsqv
S2 swcwagcm;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [03/09/2004 11.36.50 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
swcwagcm
.
Contenuto della cartella 'Scheduled Tasks'
2009-10-15 c:\windows\Tasks\Garanzia estesa.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]
2009-10-13 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2006-10-16 08:14]
2009-10-15 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 13:26]
2009-09-21 c:\windows\Tasks\Promemoria registrazione 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 12:00]
2009-09-28 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-03 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: {8A145BC3-B1D7-4F36-BB21-3596C876CD71} = 212.216.112.112,212.216.172.62,208.67.222.222,208.67.220.220
TCP: {DBC8035D-B19B-42C9-A569-9A516EB5C506} = 151.99.125.1,151.99.0.100
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\paolo dondoli\Dati applicazioni\Mozilla\Firefox\Profiles\7pky5e5c.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-16 00:32
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00\00
[%\00«Ô’|\00\00\00\00À\01\15\00\00\00\00\00Ø\"5\03\00\00.\03\01\00\00\00pè\13\00À\01"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\msi.dll
.
Ora fine scansione: 2009-10-15 0.33.44
ComboFix-quarantined-files.txt 2009-10-15 22:33
ComboFix2.txt 2009-10-14 16:18
ComboFix3.txt 2009-10-12 21:53
Pre-Run: 113.116.004.352 byte disponibili
Post-Run: 113.085.988.864 byte disponibili
188 --- E O F --- 2009-10-13 16:47
Inviato: gio ott 15, 2009 8:38 pm![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")
![[:)]](http://www.megalab.it/forum/images/smilies/smile.gif "Smile")