ComboFix 09-02-27.02 - Mario 2009-02-28 10.25.32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.3071.2426 [GMT 1:00]
Eseguito da: c:\documents and settings\Mario\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*
* Creato nuovo punto di ripristino
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-01-28 al 2009-02-28 )))))))))))))))))))))))))))))))))))
.
2009-02-27 19:24 . 2009-02-27 19:24 <DIR> d-------- c:\windows\Logs
2009-02-27 19:24 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-02-27 19:24 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-02-27 19:24 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-02-27 18:55 . 2009-02-27 18:56 <DIR> d-------- c:\temp\ds
2009-02-26 23:52 . 2009-02-27 00:01 350 --a------ c:\windows\IfoEdit.INI
2009-02-26 23:50 . 2009-02-27 00:02 107 --a------ c:\windows\VobEdit.INI
2009-02-25 23:16 . 2009-02-25 23:17 1,374 --a------ c:\windows\imsins.BAK
2009-02-25 08:23 . 2009-01-09 20:19 1,090,181 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-14 19:13 . 2009-02-14 19:13 <DIR> d-------- c:\temp\Mario
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-06 20:02 . 2009-02-06 20:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Acronis
2009-02-06 19:54 . 2009-02-09 22:23 <DIR> d-------- c:\programmi\File comuni\Acronis
2009-02-06 19:54 . 2009-02-06 19:54 <DIR> d-------- c:\programmi\Acronis
2009-02-06 19:54 . 2009-02-06 19:54 392,320 --a------ c:\windows\system32\drivers\timntr.sys
2009-02-06 19:54 . 2009-02-06 19:54 114,048 --a------ c:\windows\system32\drivers\snapman.sys
2009-02-06 19:54 . 2009-02-06 19:54 32,768 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-04 18:22 . 2009-02-04 18:22 <DIR> dr------- c:\programmi\Skype
2009-02-04 18:22 . 2009-02-04 18:22 <DIR> d-------- c:\programmi\File comuni\Skype
2009-01-31 19:07 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-01-31 19:07 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-01-31 19:07 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe
2009-01-31 19:07 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe
2009-01-31 19:07 . 2009-01-05 16:16 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-01-31 00:38 . 2009-01-31 00:38 <DIR> d-------- c:\documents and settings\Mario\Dati applicazioni\dvdcss
2009-01-29 23:53 . 2009-01-30 13:44 <DIR> d-------- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 08:37 --------- d-----w c:\programmi\Mozilla Thunderbird
2009-02-27 23:42 --------- d-----w c:\programmi\SUPERAntiSpyware
2009-02-27 13:40 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\Skype
2009-02-27 07:21 110,992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-02-27 07:15 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\skypePM
2009-02-27 07:13 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-24 21:37 --------- d-----w c:\programmi\eMule
2009-02-21 12:53 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\uTorrent
2009-02-20 19:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\comodo
2009-02-20 19:10 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-02-20 19:10 --------- d-----w c:\programmi\AGEIA Technologies
2009-02-20 12:34 24,336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-02-14 07:42 --------- d-----w c:\programmi\Google
2009-02-14 07:28 --------- d-----w c:\programmi\7-Zip
2009-02-09 12:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-06 14:33 --------- d-----w c:\programmi\OpenOffice.org 3
2009-02-06 14:33 --------- d-----w c:\programmi\JRE
2009-02-04 17:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-02-02 17:08 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\FileZilla
2009-02-02 17:04 --------- d-----w c:\programmi\FileZilla FTP Client
2009-02-01 17:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-26 17:39 --------- d-----w c:\programmi\QuickTime
2009-01-26 17:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-01-22 21:55 --------- d-----w c:\programmi\FileASSASSIN
2009-01-14 21:47 --------- d-----w c:\programmi\CCleaner
2009-01-08 18:03 --------- d-----w c:\programmi\Reference Assemblies
2009-01-08 18:03 --------- d-----w c:\programmi\MSBuild
2009-01-08 17:35 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\Nero
2009-01-08 17:34 --------- d-----w c:\programmi\Nero
2009-01-08 17:34 --------- d-----w c:\programmi\File comuni\Nero
2009-01-08 17:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-06 18:00 4,968,448 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-01-06 13:27 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\PoivY
2009-01-06 13:21 --------- d-----w c:\programmi\PoivY.com
2009-01-04 16:08 --------- d-----w c:\documents and settings\Mario\Dati applicazioni\Bioshock
2009-01-03 09:03 --------- d-----w c:\programmi\nLite
2009-01-03 08:40 --------- d-----w c:\programmi\Microsoft AutoRoute
2009-01-02 23:46 --------- d-----w c:\programmi\Dnote Software
2009-01-02 23:13 --------- d--h--r c:\documents and settings\Mario\Dati applicazioni\SecuROM
2009-01-02 20:27 --------- d-----w c:\programmi\FreeCommander
2008-12-30 13:58 18,082,304 ----a-w c:\windows\RTHDCPL.EXE
2008-12-17 21:04 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-02-27 1851128]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe" [2008-04-14 172032]
"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Mario\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-06 23:05 356352 c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2009-02-27 08:20 1851128 c:\programmi\COMODO\Firewall\cfp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-17 05:31 133104 c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-18 23:29 136600 c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\ICQ6.5\\ICQ.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Giochi\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-16 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-16 24336]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [2007-05-14 508288]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S4 gupdate1c9857b2a20eb29;Google Update Service (gupdate1c9857b2a20eb29);c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-02 22:13]
2009-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1844823847-725345543-1002.job
- c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-12-17 05:31]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
MSConfigStartUp-Svchost - c:\windows\svchost.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.ansa.it/TCP: {611955A4-2C7E-4269-ACC5-1EA2E84A0500} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mario\Dati applicazioni\Mozilla\Firefox\Profiles\8yvdyv5m.default\
FF - prefs.js: browser.search.selectedEngine - Oxford Paravia
FF - prefs.js: browser.startup.homepage -
hxxp://www.ansa.it/FF - plugin: c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-28 10:28:57
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1844823847-725345543-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,4d,12,98,04,48,b1,df,ac,0a,7a,37,e6,3c,42,d9,14,3d,57,c4,33,0c,67,
8d,44,31,80,4c,4f,12,16,54,15,87,db,ef,7e,a4,da,b4,b3,dc,b3,48,72,81,45,f3,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1275210071-1844823847-725345543-1002\Software\SecuROM\License information*]
"datasecu"=hex:4a,5d,5b,db,b3,60,72,a3,65,c2,b3,dd,43,d4,87,0b,bf,e0,44,ef,86,
b8,4a,d5,9d,63,e6,67,e4,e5,39,9d,1a,5b,f3,96,30,28,fc,63,be,f8,cb,1a,43,8c,\
"rkeysecu"=hex:af,f6,5c,ac,a4,ba,6d,a3,80,1b,a6,1f,d9,ea,e8,8d
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\COMODO\Firewall\cmdagent.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\programmi\Logitech\MouseWare\system\EM_EXEC.EXE
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Ora fine scansione: 2009-02-28 10:30:54 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-02-28 09:30:52
Pre-Run: 57.942.523.904 byte disponibili
Post-Run: 60,155,084,800 byte disponibili
207 --- E O F --- 2009-02-26 22:17:31