ComboFix 09-04-21.A8 - Francesco 21/04/2009 21.41.25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1359 [GMT 2:00]
Eseguito da: c:\documents and settings\Francesco\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\update.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
----- BITS: Possibili siti infetti -----
hxxp://SERVER:55000.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Creati Da 2009-03-23 al 2009-04-23 )))))))))))))))))))))))))))))))))))
.
2009-04-20 18:38 . 2009-04-20 18:38 39424 ----a-w c:\windows\system32\cbXOHbYq.dll
2009-04-20 18:38 . 2009-04-20 18:38 39424 ----a-w c:\windows\system32\fccbAPgf.dll
2009-04-20 18:37 . 2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 16:41 . 2001-08-31 11:00 76636 ----a-w c:\windows\system32\perfc010.dat
2009-04-23 16:41 . 2001-08-31 11:00 453302 ----a-w c:\windows\system32\perfh010.dat
2009-04-20 20:38 . 2008-12-07 20:49 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\uTorrent
2009-04-01 16:28 . 2008-08-28 09:30 -------- d-----w c:\documents and settings\Francesco\Dati applicazioni\Thinstall
2009-03-30 11:23 . 2008-12-07 21:51 -------- d-----w c:\programmi\Java
2009-03-21 12:57 . 2008-05-31 10:15 -------- d-----w c:\programmi\Microsoft Silverlight
2009-03-12 13:23 . 2007-11-21 09:18 33824 -c--a-w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-03-12 13:16 . 2009-03-12 13:00 -------- d-----w c:\programmi\Brother
2009-03-12 13:15 . 2007-11-21 08:44 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-03-12 12:59 . 2009-03-12 12:59 -------- d-----w c:\programmi\Nuance
2009-03-12 12:58 . 2009-03-12 12:57 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-03-12 12:58 . 2009-03-12 12:58 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-03-12 12:57 . 2009-03-12 12:57 -------- d-----w c:\programmi\File comuni\ScanSoft Shared
2009-03-12 12:57 . 2007-11-21 08:42 -------- d-----w c:\programmi\File comuni\InstallShield
2009-03-12 12:56 . 2009-03-12 12:56 -------- d-----w c:\programmi\ScanSoft
2009-03-12 12:55 . 2009-03-12 12:55 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Brother
2009-03-09 03:19 . 2008-12-07 21:52 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-01-25 09:46 . 2008-10-26 09:39 183112 -c--a-w c:\windows\system32\PnkBstrB.exe
2008-10-26 09:39 . 2008-10-26 09:39 22328 -c--a-w c:\documents and settings\Francesco\Dati applicazioni\PnkBstrK.sys
2008-06-12 09:23 . 2008-06-12 09:23 138 -c--a-w c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-04-26 18:03 . 2008-04-26 18:03 3409 -csh--r c:\documents and settings\Francesco\Impostazioni locali\Dati applicazioni\GDIPFONT982CACHEV32.DAT
2008-03-26 10:38 . 2008-03-26 10:38 15464 -c--a-w c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-11-21 14:08 . 2007-11-21 14:08 32 -c--a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 03:18 35840 ----a-w c:\programmi\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 03:18 73728 ----a-w c:\programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D73E76A3-F902-45BD-8FC8-95AE8E014671}"= "c:\programmi\Windows Home Server\WHSDeskBands.dll" [2008-10-31 245608]
[HKEY_CLASSES_ROOT\clsid\{d73e76a3-f902-45bd-8fc8-95ae8e014671}]
[HKEY_CLASSES_ROOT\WHSDeskBands.ToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{F28211FB-BF6C-499A-B03B-5EB4C544B4C1}]
[HKEY_CLASSES_ROOT\WHSDeskBands.ToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2008-10-03 6066176]
[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="d:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\programmi\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"LogitechQuickCamRibbon"="d:\programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Nokia Tray Application"="c:\programmi\File comuni\Nokia\Tools\NclTray.exe" [2003-12-19 425984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WebcamMaxMoniter"="d:\programmi\WebcamMax\wcmmon.exe" [2008-02-12 456024]
"avgnt"="d:\programmi\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-18 266497]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-21 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2008-7-25 552296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\tuvTmMcd.dll" [2009-04-20 39424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-08-26 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-19 15:26 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvTmMcd]
2009-04-20 18:37 39424 ----a-w c:\windows\system32\tuvTmMcd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\
0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Francesco^Menu Avvio^Programmi^Esecuzione automatica^Need for Speed™ Undercover Registration.lnk]
path=c:\documents and settings\Francesco\Menu Avvio\Programmi\Esecuzione automatica\Need for Speed™ Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IMApp.exe"=
"d:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"d:\\Programmi\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Programmi\\Windows Home Server\\Discovery.exe"=
"c:\\Programmi\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"d:\\Programmi\\BZFlag2.0.10\\bzflag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"d:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programmi\\Aspyr\\Guitar Hero III\\GH3.exe"=
"d:\\Programmi\\iTunes\\iTunes.exe"=
"d:\\Programmi\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Programmi\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"d:\\Programmi\\LimeWire\\LimeWire.exe"=
"d:\\Documenti\\My Lockbox\\P2P\\utorrent.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgam.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"d:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37676:TCP"= 37676:TCP:*:Disabled:Porta TCP ooVoo 37676
"37676:UDP"= 37676:UDP:*:Disabled:Porta UDP ooVoo 37676
"37677:UDP"= 37677:UDP:*:Disabled:Porta UDP ooVoo 37677
R0 MFX;MFX; [x]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2008-07-12 46368]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2008-04-03 104960]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2008-04-03 110080]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2008-04-03 104960]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2008-04-03 104960]
R3 PD91Engine;PD91Engine;d:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
R3 USRSp50;USRSp50 NDIS Protocol Driver; [x]
R4 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2009-01-19 903960]
R4 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-19 298264]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-01-19 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-19 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-19 107272]
S2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;d:\programmi\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-11-25 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;d:\programmi\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-18 258305]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-01-14 81920]
S2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;d:\programmi\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-18 41217]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2008-06-07 137344]
S2 PD91Agent;PD91Agent;d:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2008-06-07 12032]
S2 WHSConnector;Windows Home Server Connector Service;c:\programmi\Windows Home Server\WHSConnector.exe [2008-10-31 325480]
.
Contenuto della cartella 'Scheduled Tasks'
2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
2009-03-15 c:\windows\Tasks\Pulitura disco.job
- c:\windows\system32\cleanmgr.exe [2001-08-31 14:39]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-SecurDisc - d:\programmi\Nero 8\InCD\NBHGui.exe
HKLM-Run-System Files Updater - c:\windows\FlyakiteOSX\System Files Updater.exe
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - (no file)
Notify-WgaLogon - (no file)
Notify-wvUljijJ - wvUljijJ.dll
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = *.local
IE: &Add animation to IncrediMail Style Box - d:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: &Clean Traces - d:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - d:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - d:\programmi\DAP\dapextie2.htm
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\Messenger\msmsgs.exe
LSP: avsda.dll
TCP: {664AA16B-B344-4405-8C1B-AA86DB40A243} = 192.168.0.11,212.216.172.62
Handler: http\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: https\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: ipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\programmi\AVG\AVG8\avgpp.dll
Handler: msdaipp\
0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FILECO~1\System\OLEDB~1\msdaipp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\FILECO~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - d:\progra~1\DAP\dapie.dll
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\afa365eq.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/igFF - prefs.js: keyword.URL -
hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=FF - component: c:\documents and settings\Francesco\Dati applicazioni\Mozilla\Firefox\Profiles\afa365eq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: d:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\programmi\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: d:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\programmi\real player\Netscape6\nppl3260.dll
FF - plugin: d:\programmi\real player\Netscape6\nprjplug.dll
FF - plugin: d:\programmi\real player\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-23 18:40
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,73,80,db,c5,2f,c9,24,d0,88,72,b9,2b,1d,a5,46,de,eb,3e,09,75,43,1f,
9b,e6,50,6a,cf,ec,a5,59,20,f1,24,24,5b,72,50,77,fa,ab,03,cf,c8,65,a9,5d,fd,\
"??"=hex:ce,d9,d2,49,ac,5f,25,e3,64,e3,d6,58,ad,4e,fc,f5
[HKEY_USERS\S-1-5-21-1409082233-1767777339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3d,12,45,9d,d4,5a,04,cf,1a,1d,61,30,22,45,93,50,01,8e,0d,4b,18,
73,0d,95,9e,bb,d6,c1,97,a8,38,e9,31,8d,01,2c,74,24,f9,7a,fe,33,e1,40,d4,5d,\
"rkeysecu"=hex:90,b6,27,99,a1,5f,d5,d3,6a,e3,f1,cc,da,c1,09,a9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7b,81,02,ea,b1,
9b,9b,eb,e2,63,26,f1,3f,c8,ff,68,ba,2c,16,88,85,16,49,f8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8a,ca,c0,4e,77,
0e,df,48,6a,9c,d6,61,af,45,84,18,ec,08,20,4e,96,da,9e,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ab,43,74,89,95,
7b,db,bd,ff,7c,85,e0,43,d4,0e,fe,14,f8,bf,92,07,68,4c,f6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,d9,17,c1,c5,
1c,1d,09,86,8c,21,01,be,91,eb,e7,14,b1,fe,cd,e9,35,cc,c4,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f4,39,19,dc,ed,
49,a8,32,f5,1d,4d,73,a8,13,5c,05,0d,3a,d6,b3,46,ef,8d,dd,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4f,e3,3b,b9,71,
4f,f8,f8,df,20,58,62,78,6b,cf,c8,b8,1b,87,68,a3,cb,67,34,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ec,7d,f6,b3,00,
02,ef,3f,fb,a7,78,e6,12,2f,9a,ea,9a,e1,c8,e2,47,39,c6,02,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,60,e8,c5,30,fc,
6e,6f,8b,01,3a,48,fc,e8,04,4a,f1,6e,d0,31,b4,3c,73,f8,c0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d3,9f,21,e4,62,
1b,9e,50,f6,0f,4e,58,98,5b,89,c9,0a,50,2a,39,e1,68,7f,77,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,46,69,88,d2,0c,
a2,b5,52,3d,ce,ea,26,2d,45,aa,78,dd,2c,03,04,ae,f8,ec,8e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a8,2d,d9,a4,6d,
09,01,39,2a,b7,cc,b5,b9,7f,41,e7,e4,41,49,cd,e1,e2,9c,63,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e1,2c,f4,db,a9,
0d,19,9c,6c,43,2d,1e,aa,22,2f,9c,63,41,ab,5e,b6,0c,20,1a,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\tuvTmMcd.dll
- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\avsda.dll
- - - - - - - > 'explorer.exe'(6184)
c:\programmi\File comuni\Logishrd\LVMVFM\LVPrcInj.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
d:\programmi\Nokia\PC Suite for N-Gage QD\eccopyhook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\tuvTmMcd.dll
c:\windows\system32\avsda.dll
c:\windows\system32\browselc.dll
d:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\Windows Home Server\WHSDeskBands.dll
c:\programmi\Bonjour\mdnsNSP.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\programmi\AVG\AVG8\avgrsx.exe
d:\programmi\Avira\Antivir PersonalEdition Premium\avguard.exe
d:\programmi\Avira\Antivir PersonalEdition Premium\sched.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
d:\programmi\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oocinst.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\windows\system32\rundll32.exe
c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
c:\programmi\Brother\ControlCenter3\BrccMCtl.exe
c:\programmi\File comuni\Nero\Lib\NMIndexingService.exe
c:\programmi\Brother\Brmfcmon\BrMfcMon.exe
c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
c:\programmi\Windows Home Server\WHSTrayApp.exe
c:\programmi\File comuni\LogiShrd\LQCVFX\COCIManager.exe
d:\programmi\Mozilla Firefox\firefox.exe
d:\programmi\uTorrent\uTorrent.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-23 18.47.18 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-23 16:47
Pre-Run: 3.550.478.336 byte disponibili
Post-Run: 3.608.084.480 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
413 --- E O F --- 2008-04-10 10:06