ComboFix 09-10-08.04 - SILVIA 10/10/2009 13.19.13.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1012.605 [GMT 2:00]
Eseguito da: c:\documents and settings\SILVIA\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091009-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1di1w.exe
C:\autorun.inf
c:\docume~1\SILVIA\IMPOST~1\Temp\cvasds0.dll
c:\docume~1\SILVIA\IMPOST~1\Temp\cvasds1.dll
c:\documents and settings\SILVIA\Impostazioni locali\Temp\cvasds0.dll
C:\vlvtdflx.exe
c:\windows\Installer\a1a9b.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-09-10 al 2009-10-10 )))))))))))))))))))))))))))))))))))
.
2009-10-09 21:14 . 2009-10-09 21:14 -------- d-----w- c:\documents and settings\SILVIA\Impostazioni locali\Dati applicazioni\GHISLER
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2009-10-09 21:05 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2009-10-09 21:05 . 2009-10-09 21:07 -------- d-----w- C:\totalcmd
2009-10-09 21:05 . 2009-10-09 21:05 -------- d-----w- c:\documents and settings\SILVIA\Dati applicazioni\GHISLER
2009-09-30 16:41 . 2009-09-30 16:41 -------- d-----w- c:\windows\Sun
2009-09-26 08:18 . 2009-09-26 08:18 -------- d-----w- c:\documents and settings\SILVIA\Dati applicazioni\OpenOffice.org
2009-09-26 08:14 . 2009-09-26 08:14 -------- d-----w- c:\programmi\JRE
2009-09-26 08:13 . 2009-09-26 08:14 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-09-26 08:13 . 2009-09-26 08:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-26 08:12 . 2009-09-26 08:12 -------- d-----w- c:\programmi\Java
2009-09-26 08:11 . 2009-09-26 08:11 -------- d-----w- c:\programmi\OpenOffice.org 3.1 (it) Installation Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 16:44 . 2009-03-03 14:52 -------- d-----w- c:\documents and settings\SILVIA\Dati applicazioni\X-Chat 2
2009-09-26 09:42 . 2008-11-13 02:33 65176 ----a-w- c:\documents and settings\SILVIA\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-26 08:32 . 2009-06-22 08:40 -------- d-----w- c:\programmi\EasyPHP1-7
2009-09-10 07:43 . 2008-08-21 09:17 85070 ----a-w- c:\windows\system32\perfc010.dat
2009-09-10 07:43 . 2008-08-21 09:17 490898 ----a-w- c:\windows\system32\perfh010.dat
2009-09-10 07:37 . 2009-09-10 07:37 -------- d-----w- c:\programmi\MSBuild
2009-09-10 07:37 . 2009-09-10 07:37 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-06 17:24 . 2008-04-13 21:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-04-13 21:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-04-13 21:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-04-13 21:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-13 21:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-04-13 21:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-11-15 11:57 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2008-11-15 11:57 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-04-13 21:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2008-04-13 21:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-04-13 21:00 58880 ----a-w- c:\windows\system32\atl.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programmi\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-13 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-26 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\SILVIA\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
InterVideo WinCinema Manager.lnk - c:\programmi\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\X-Chat 2\\xchat.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/05/2009 12.37.46 114768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/05/2009 12.37.46 20560]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [13/11/2008 4.29.12 24064]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/mStart Page =
hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 8&m=aoa150uInternet Connection Wizard,ShellNext = iexplore
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-10 13:27
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1644)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\igfxext.exe
c:\docume~1\SILVIA\IMPOST~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-10-10 13.30.14 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-10 11:30
Pre-Run: 139.977.789.440 byte disponibili
Post-Run: 139.986.935.808 byte disponibili
150 --- E O F --- 2009-09-22 15:55