ComboFix 09-05-19.04 - Ax 19/05/2009 22.57.13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.293 [GMT 2:00]
Eseguito da: c:\documents and settings\Ax\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
.
((((((((((((((((((((((((( Files Creati Da 2009-04-19 al 2009-05-19 )))))))))))))))))))))))))))))))))))
.
2009-05-19 15:47 . 2009-05-19 15:47 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2009-05-19 15:47 . 2009-05-19 15:47 -------- d-----w c:\programmi\Avira
2009-05-19 15:38 . 2006-08-01 13:02 49152 ----a-w c:\windows\system32\ChCfg.exe
2009-05-19 15:37 . 2009-05-19 15:37 -------- d-----w c:\programmi\Realtek AC97
2009-05-18 20:09 . 2009-05-18 20:37 -------- d-----w c:\programmi\Veoh Networks
2009-05-12 08:34 . 2009-05-12 08:42 -------- d-----w c:\programmi\CryptLoad
2009-05-11 20:25 . 2009-05-11 20:25 -------- d--h--w c:\windows\PIF
2009-05-11 19:07 . 2009-05-11 19:07 -------- d-----w c:\programmi\Recuva
2009-05-09 11:43 . 2009-05-09 11:43 -------- d-----w C:\Downloads
2009-05-06 16:05 . 2009-05-06 16:05 -------- d-----w c:\documents and settings\Ax\Impostazioni locali\Dati applicazioni\JockerSoft
2009-05-06 16:05 . 2009-05-06 16:05 -------- d-----w c:\programmi\JockerSoft
2009-05-06 16:04 . 2009-05-06 16:04 -------- d-----w c:\documents and settings\Ax\Impostazioni locali\Dati applicazioni\PCHealth
2009-05-06 15:43 . 2009-05-06 15:43 -------- d-----w c:\windows\system32\XPSViewer
2009-05-06 15:43 . 2009-05-06 15:43 -------- d-----w c:\programmi\MSBuild
2009-05-06 15:43 . 2009-05-06 15:43 -------- d-----w c:\programmi\Reference Assemblies
2009-05-06 15:42 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-06 15:42 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-06 15:42 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-06 15:42 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-06 15:42 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-06 15:42 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-06 15:42 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-06 14:24 . 2009-05-06 14:25 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-05-06 14:18 . 2009-05-06 14:49 34055 ----a-w c:\windows\DIIUnin.dat
2009-05-06 14:18 . 2009-05-06 14:18 2829 ----a-w c:\windows\DIIUnin.pif
2009-05-06 14:18 . 2009-05-06 14:18 102400 ----a-w c:\windows\DIIUnin.exe
2009-05-06 14:17 . 2009-05-08 21:19 -------- d-----w c:\programmi\Diablo II
2009-05-06 11:56 . 2009-05-06 11:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nokia
2009-05-05 15:32 . 2009-05-08 18:46 -------- d-----w C:\Program Files
2009-05-05 15:27 . 2009-05-05 15:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-05-05 15:27 . 2009-05-05 15:27 -------- d-----w c:\programmi\DAEMON Tools Lite
2009-05-05 15:26 . 2009-05-05 15:28 -------- d-----w c:\documents and settings\Ax\Dati applicazioni\DAEMON Tools Lite
2009-05-05 15:23 . 2009-05-05 15:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Pro
2009-05-05 14:54 . 2009-05-05 14:54 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-05 14:54 . 2009-05-05 14:54 -------- d-----w c:\documents and settings\Ax\Dati applicazioni\DAEMON Tools Pro
2009-05-04 18:18 . 2009-05-19 18:16 -------- d-----w c:\documents and settings\Ax\Tracing
2009-05-03 22:51 . 2008-04-13 17:45 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-03 22:51 . 2008-04-13 17:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-03 22:39 . 2001-05-16 15:54 309616 ----a-w c:\windows\system32\wmv8dmod.dll
2009-05-03 22:39 . 2001-05-11 11:18 420240 ----a-w c:\windows\system32\mpg4c32.dll
2009-05-03 22:29 . 2009-05-03 22:29 -------- d-----w c:\programmi\Codemasters
2009-04-30 11:53 . 2009-04-30 11:53 -------- d-----w c:\documents and settings\Ax\Dati applicazioni\TomTom
2009-04-30 11:53 . 2009-04-30 11:53 -------- d-----w c:\documents and settings\Ax\Impostazioni locali\Dati applicazioni\TomTom
2009-04-30 11:53 . 2009-04-30 11:53 -------- d-----w c:\programmi\TomTom International B.V
2009-04-30 11:52 . 2009-04-30 11:52 -------- d-----w c:\programmi\TomTom HOME 2
2009-04-30 11:39 . 2009-04-30 11:39 -------- d-----w c:\programmi\Dnote Software
2009-04-23 16:44 . 2009-04-23 16:44 -------- d-----w c:\programmi\File comuni\PCSuite
2009-04-23 16:44 . 2009-05-06 11:56 -------- d-----w c:\programmi\File comuni\Nokia
2009-04-23 16:42 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-23 16:41 . 2009-04-23 16:42 -------- d-----w c:\programmi\PC Connectivity Solution
2009-04-23 16:40 . 2009-03-19 11:48 8320 ----a-w c:\windows\system32\drivers\nmwcdnsuc.sys
2009-04-23 16:40 . 2009-03-19 11:48 136704 ----a-w c:\windows\system32\drivers\nmwcdnsu.sys
2009-04-23 16:40 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-04-23 16:40 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-04-23 16:40 . 2009-02-09 05:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-04-23 16:40 . 2009-02-09 05:37 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-04-23 16:40 . 2009-02-09 05:37 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-04-23 16:40 . 2009-02-09 05:32 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-04-23 11:25 . 2009-04-23 12:04 -------- d-----w c:\documents and settings\Ax\Dati applicazioni\LimeWire
2009-04-22 22:34 . 2009-04-22 22:34 -------- d-----w c:\documents and settings\Ax\Dati applicazioni\Samsung
2009-04-22 22:19 . 2009-04-22 22:19 -------- d-----w c:\programmi\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 08:18 . 2004-08-19 12:00 79292 ----a-w c:\windows\system32\perfc010.dat
2009-05-12 08:18 . 2004-08-19 12:00 478808 ----a-w c:\windows\system32\perfh010.dat
2009-05-06 16:05 . 2009-03-26 13:36 24736 ----a-w c:\documents and settings\Ax\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-06 15:55 . 2009-03-26 22:24 -------- d-----w c:\programmi\Microsoft Works
2009-05-06 11:56 . 2009-03-27 12:26 -------- d-----w c:\programmi\Nokia
2009-05-05 19:27 . 2009-03-26 15:30 -------- d-----w c:\programmi\File comuni\InstallShield
2009-05-03 22:29 . 2009-03-26 15:30 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-22 22:33 . 2009-04-22 22:22 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-04-22 22:18 . 2009-03-26 16:09 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\programmi\MSXML 4.0
2009-04-03 18:37 . 2009-04-03 18:20 -------- d-----w c:\programmi\HP
2009-04-03 18:29 . 2009-04-03 18:18 123143 ----a-w c:\windows\hpoins11.dat
2009-04-03 18:27 . 2009-04-03 18:26 -------- d-----w c:\programmi\File comuni\HP
2009-04-03 18:25 . 2009-04-03 18:24 -------- d-----w c:\programmi\Hewlett-Packard
2009-04-03 18:23 . 2009-04-03 18:23 -------- d-----w c:\programmi\File comuni\Hewlett-Packard
2009-03-31 18:11 . 2009-03-26 22:12 -------- d-----w c:\programmi\Java
2009-03-30 13:43 . 2009-03-30 13:43 -------- d-----w c:\programmi\VideoLAN
2009-03-29 15:15 . 2009-03-26 23:36 -------- d-----w c:\programmi\Nvu
2009-03-27 12:31 . 2009-03-27 12:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-27 12:31 . 2009-03-27 12:31 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-27 12:26 . 2009-03-27 12:26 -------- d-----w c:\programmi\DIFX
2009-03-27 12:16 . 2009-03-27 12:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-27 12:16 . 2009-03-27 12:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-26 23:20 . 2009-03-26 22:10 -------- d-----w c:\programmi\eMule
2009-03-26 22:13 . 2009-03-26 22:11 -------- d-----w c:\programmi\LimeWire
2009-03-26 22:08 . 2009-03-26 22:08 -------- d-----w c:\programmi\uTorrent
2009-03-26 21:06 . 2009-03-26 21:06 -------- d-----w c:\programmi\Western Digital Technologies
2009-03-26 16:42 . 2009-03-26 16:42 -------- d-----w c:\programmi\Messenger Plus! Live
2009-03-26 16:30 . 2009-03-26 16:30 -------- d-----w c:\programmi\Microsoft
2009-03-26 16:30 . 2009-03-26 16:29 -------- d-----w c:\programmi\Windows Live
2009-03-26 16:30 . 2009-03-26 16:30 -------- d-----w c:\programmi\Windows Live SkyDrive
2009-03-26 16:25 . 2009-03-26 16:25 -------- d-----w c:\programmi\Windows Media Connect 2
2009-03-26 16:21 . 2009-03-26 16:21 0 ----a-w c:\windows\nsreg.dat
2009-03-26 16:20 . 2009-03-26 16:19 -------- d-----w c:\programmi\MessengerPlus! 3
2009-03-26 16:19 . 2009-03-26 17:22 58952 ----a-w c:\windows\system32\MsgPlusLoader.dll
2009-03-26 16:12 . 2009-03-26 16:08 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-26 16:04 . 2009-03-26 16:04 -------- d-----w c:\programmi\File comuni\Windows Live
2009-03-26 16:01 . 2009-03-26 15:08 -------- d-----w c:\programmi\CCleaner
2009-03-26 15:40 . 2009-03-26 15:39 -------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2009-03-26 13:27 . 2009-03-26 13:27 -------- d-----w c:\programmi\microsoft frontpage
2009-03-26 13:26 . 2009-03-26 13:26 -------- d-----w c:\programmi\Servizi in linea
2009-03-26 13:24 . 2009-03-26 13:24 21840 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-24 14:08 . 2009-03-26 13:42 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-09 03:19 . 2009-03-26 22:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2004-08-19 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-19 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-19 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-19 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-19 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-19 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-19 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-19 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-19 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MsgPlusLoader.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12.38.14 92008]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/04/2009 18.40.55 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/04/2009 18.40.59 8320]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B57DAF82-EA86-4858-BACF-1ED801AD2C71} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ax\Dati applicazioni\Mozilla\Firefox\Profiles\peyz9u9b.default\
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-19 22:58
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\MsgPlusLoader.dll
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\MsgPlusLoader.dll
- - - - - - - > 'explorer.exe'(184)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-05-19 22.59.56
ComboFix-quarantined-files.txt 2009-05-19 20:59
Pre-Run: 39.333.576.704 byte disponibili
Post-Run: 39.382.482.944 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
232 --- E O F --- 2009-05-13 12:01