ComboFix 09-07-09.08 - Client 11/07/2009 14.52.55.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1022.576 [GMT 2:00]
Eseguito da: c:\documents and settings\Client\Desktop\uyeeeeee.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Client\Dati applicazioni\wiaserva.log
c:\documents and settings\Client\Menu Avvio\Programmi\Esecuzione automatica\legupd32.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\proquota.exe was missing
ipristinata copia da - c:\system volume information\_restore{6A940C11-E3CB-4164-A799-B21F117001E4}\RP234\A0077505.exe
.
((((((((((((((((((((((((( Files Creati Da 2009-06-11 al 2009-07-11 )))))))))))))))))))))))))))))))))))
.
2009-07-11 12:57 . 2006-03-02 12:00 50688 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-11 12:57 . 2006-03-02 12:00 50688 ----a-w- c:\windows\system32\proquota.exe
2009-07-10 16:42 . 2009-07-10 16:43 -------- d-s---w- C:\Comboblablaaa
2009-07-10 16:23 . 2009-07-11 12:49 117760 ----a-w- c:\documents and settings\Client\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-10 16:20 . 2009-07-10 16:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-07-10 16:20 . 2009-07-10 16:20 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-07-10 16:20 . 2009-07-10 16:20 -------- d-----w- c:\documents and settings\Client\Dati applicazioni\SUPERAntiSpyware.com
2009-07-10 16:19 . 2009-07-10 16:19 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-07-09 17:56 . 2009-07-09 17:56 -------- d-----w- c:\documents and settings\Client\Dati applicazioni\Malwarebytes
2009-07-09 17:56 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 17:56 . 2009-07-09 17:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-09 17:56 . 2009-07-09 17:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-09 17:56 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 17:27 . 2008-01-23 11:26 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-06-17 17:55 . 2008-01-22 16:50 226360 ----a-w- c:\documents and settings\Client\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-16 10:39 . 2006-03-02 12:00 77946 ----a-w- c:\windows\system32\perfc010.dat
2009-05-16 10:39 . 2006-03-02 12:00 457224 ----a-w- c:\windows\system32\perfh010.dat
2009-05-07 15:41 . 2006-03-02 12:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:08 . 2006-03-02 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:16 . 2006-03-02 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-24 196608]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-01-22 949376]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"WinampAgent"="c:\programmi\Winamp\winampa.exe" [2006-11-21 35328]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"CTCheck"="c:\programmi\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-08-22 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-22 88358]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\Client\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-1-23 217088]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Bluetooth Manager.lnk - c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-3-22 487424]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-1-22 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\TVAnts\\Tvants.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [22/01/2008 20.26.09 15424]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11.01.40 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11.01.40 72944]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11.01.42 7408]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/uInternet Settings,ProxyOverride = 127.0.0.1
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-11 14:58
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1000)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2009-07-11 14.59.48
ComboFix-quarantined-files.txt 2009-07-11 12:59
Pre-Run: 12.811.563.008 byte disponibili
Post-Run: 14.347.190.272 byte disponibili
137 --- E O F --- 2009-07-10 20:33