ComboFix 08-12-12.05 - Angelo Mavuli 2008-12-15 0.20.36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.2047.1440 [GMT 1:00]
Eseguito da: H:\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\Angelo Mavuli\Desktop\CFScript.txt..txt
* Creato nuovo punto di ripristino
FILE ::
c:\windows\system32\ahtn.htm
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ahtn.htm
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
.
((((((((((((((((((((((((( Files Creati Da 2008-11-14 al 2008-12-14 )))))))))))))))))))))))))))))))))))
.
2008-12-14 12:01 . 2008-12-14 12:02 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-14 11:36 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-14 11:36 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-14 11:36 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-13 21:44 . 2008-12-13 21:44 <DIR> d-------- c:\programmi\Common Files
2008-12-13 15:57 . 2008-12-13 16:32 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-13 13:17 . 2008-12-13 13:17 <DIR> d-------- C:\VundoFix Backups
2008-12-13 11:29 . 2007-11-27 22:56 91,328 --a------ c:\windows\system32\drivers\msfwdrv.sys
2008-12-13 11:28 . 2007-11-27 22:56 116,416 --a------ c:\windows\system32\drivers\msfwhlpr.sys
2008-12-13 11:27 . 2008-05-15 16:15 53,168 --a------ c:\windows\system32\drivers\MpFilter.sys
2008-12-13 11:24 . 2008-12-15 00:09 <DIR> d-------- c:\programmi\Microsoft Windows OneCare Live
2008-12-13 03:36 . 2008-12-13 03:36 <DIR> d-------- C:\SWSetup
2008-12-13 02:19 . 2008-12-13 02:19 7,680 --ahs---- c:\windows\Thumbs.db
2008-12-09 21:25 . 2008-12-10 00:18 <DIR> d--h----- c:\windows\$hf_mig$
2008-12-06 19:43 . 2008-12-06 19:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2008-11-24 12:19 . 2008-11-24 12:24 <DIR> d-------- c:\documents and settings\Angelo Mavuli\Dati applicazioni\Ashampoo
2008-11-24 12:19 . 2008-11-24 12:19 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ashampoo
2008-11-22 17:26 . 2008-11-22 17:26 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-22 17:25 . 2008-11-22 17:25 <DIR> d-------- c:\programmi\File comuni\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 20:44 --------- d-----w c:\programmi\Sony
2008-12-13 12:47 --------- d-----w c:\programmi\PC Tools Firewall Plus
2008-12-13 11:05 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-12-13 10:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-12-13 01:02 --------- d-----w c:\programmi\eMule
2008-12-12 19:44 --------- d-----w c:\documents and settings\Angelo Mavuli\Dati applicazioni\Skype
2008-12-12 15:44 --------- d-----w c:\documents and settings\Angelo Mavuli\Dati applicazioni\skypePM
2008-11-09 20:00 --------- d-----w c:\programmi\Pinnacle
2008-11-08 19:26 --------- d-----w c:\programmi\SureThing Express Labeler
2008-11-08 19:02 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2008-11-08 18:50 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2008-11-08 18:35 --------- d-----w c:\programmi\proDAD
2008-11-08 18:35 --------- d-----w c:\documents and settings\Angelo Mavuli\Dati applicazioni\proDAD
2008-11-08 18:01 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-08 17:50 --------- d-----w c:\programmi\File comuni\Real
2008-11-07 13:23 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-11-05 14:12 --------- d-----w c:\programmi\LooksBuilderSE
2008-11-05 14:12 --------- d-----w c:\programmi\Boris FX, Inc
2008-11-05 14:08 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-11-05 14:05 --------- d-----w c:\programmi\File comuni\Pinnacle
2008-11-05 14:00 --------- d-----w c:\programmi\File comuni\Yahoo!
2008-11-05 14:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Studio 12
2008-11-05 14:00 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Plus
2008-11-04 22:57 --------- d-----w c:\programmi\Nokia
2008-11-04 22:57 --------- d-----w c:\programmi\File comuni\PCSuite
2008-11-04 22:57 --------- d-----w c:\programmi\File comuni\Nokia
2008-11-04 22:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2008-10-29 07:54 --------- d-----w c:\documents and settings\Angelo Mavuli\Dati applicazioni\Screaming Bee
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-06-07 11:51 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-07-17 17:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008071720080718\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-13_20.42.06.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-07 19:36:00 2,058,343 ----a-r c:\windows\Installer\$PatchCache$\Managed\
0140210900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-08 17:48:00 115,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\
0140210900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
- 2008-06-07 10:56:46 12,288 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-14 12:02:23 12,288 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-07 10:56:46 135,168 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-14 12:02:23 135,168 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-07 10:56:46 11,264 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-14 12:02:24 11,264 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-07 10:56:46 27,136 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-14 12:02:24 27,136 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-07 10:56:46 4,096 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-14 12:02:24 4,096 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-07 10:56:46 794,624 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-14 12:02:24 794,624 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-07 10:56:46 249,856 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-14 12:02:23 249,856 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-07 10:56:46 23,040 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-14 12:02:25 23,040 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-07 10:56:46 286,720 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-14 12:02:23 286,720 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-07 10:56:46 409,600 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-14 12:02:23 409,600 ----a-r c:\windows\Installer\{90120410-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-14 02:14:22 26,624 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-13 00:07:27 111,616 ----a-w c:\windows\system32\userinit.exe
+ 2008-04-14 02:14:22 26,624 ----a-w c:\windows\system32\userinit.exe
+ 2008-12-14 23:09:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_234.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"OLIVETTIEVM"="c:\programmi\Olivetti\Aio\Shared\Bin\AplEvm12.exe" [2003-02-13 36864]
"RealTray"="c:\programmi\Real\RealPlayer\RealPlay.exe" [2008-11-08 26112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"OneCareUI"="c:\programmi\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Angelo Mavuli\Menu Avvio\Programmi\Esecuzione automatica\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programmi\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-09-15 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM2"= RALCodec.dll
"vidc.mjpg"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 02:06 40048 c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-06-20 11:49 451872 c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 12:34 406016 c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 18:42 32768 c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2007-04-04 10:22 1822720 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1253:UDP"= 1253:UDP:Windows Media Format SDK (firefox.exe)
"1254:UDP"= 1254:UDP:Windows Media Format SDK (firefox.exe)
"1255:UDP"= 1255:UDP:Windows Media Format SDK (firefox.exe)
"1252:UDP"= 1252:UDP:Windows Media Format SDK (firefox.exe)
R1 LStone;Pinnacle Systems Studio AV/devo Overlay;c:\windows\system32\DRIVERS\lstone2k.sys [2008-06-04 247936]
R1 MemAlloc;MemAlloc;c:\windows\system32\DRIVERS\memalloc.sys [2008-06-04 5543]
R2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\programmi\Microsoft Windows OneCare Live\OcHealthMon.exe" [2008-11-05 25968]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-05-29 38656]
R3 OEMius12;USB to IEEE-1284.4 Translation Driver OEMius12;c:\windows\system32\DRIVERS\OEMius12.sys [2003-01-31 21456]
R3 Pml Driver OEM12;Pml Driver OEM12;c:\windows\system32\OEMipm12.exe [2003-01-10 65795]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys []
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2008-07-10 15576]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc846543-2da7-11dd-9279-806d6172696f}]
\Shell\AutoRun\command - D:\Setupx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
.
------- Supplementare di scansione -------
.
uStart Page =
hxxp://www.google.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Angelo Mavuli\Dati applicazioni\Mozilla\Firefox\Profiles\21voq46c.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/.
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
Ora fine scansione: 2008-12-15 0.21.59
ComboFix-quarantined-files.txt 2008-12-14 23:21:58
ComboFix2.txt 2008-12-13 19:42:27
Pre-Run: 129.841.008.640 byte disponibili
Post-Run: 129,860,227,072 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
226 --- E O F --- 2008-12-14 12:02:35