ComboFix 09-10-25.02 - Erika 26/10/2009 18.53.11.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.246 [GMT 1:00]
Eseguito da: c:\documents and settings\Erika\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-09-26 al 2009-10-26 )))))))))))))))))))))))))))))))))))
.
2009-10-26 16:55 . 2009-10-26 16:52 77312 ----a-w- C:\mbr.exe
2009-10-25 17:13 . 2009-10-25 17:13 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Mozilla
2009-09-28 19:05 . 2009-09-28 19:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Webroot
2009-09-28 18:47 . 2009-07-28 14:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-28 18:47 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-28 18:47 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-28 18:47 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-28 18:47 . 2009-09-28 18:47 -------- d-----w- c:\programmi\Avira
2009-09-28 18:47 . 2009-09-28 18:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-09-28 16:47 . 2009-09-28 16:47 -------- d-----w- c:\programmi\VS Revo Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 17:51 . 1979-12-31 22:00 85504 ----a-w- c:\windows\system32\perfc010.dat
2009-10-26 17:51 . 1979-12-31 22:00 490774 ----a-w- c:\windows\system32\perfh010.dat
2009-10-22 23:57 . 2009-04-22 15:06 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-10-02 09:38 . 2008-01-26 19:31 -------- d-----w- c:\programmi\Windows Live
2009-09-28 19:05 . 2007-06-17 18:08 -------- d-----w- c:\programmi\File comuni\Webroot Shared
2009-09-28 18:39 . 2007-09-08 21:46 -------- d-----w- c:\programmi\Google
2009-09-28 17:33 . 2007-09-08 21:46 -------- d-----w- c:\documents and settings\Erika\Dati applicazioni\Skype
2009-09-28 17:31 . 2008-04-30 19:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-28 17:21 . 2003-01-02 00:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-28 00:39 . 2007-06-17 16:35 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-09-13 23:28 . 2009-07-19 21:16 -------- d-----w- c:\documents and settings\Erika\Dati applicazioni\vlc
2009-09-13 23:10 . 2009-06-04 16:18 -------- d-----w- c:\documents and settings\Erika\Dati applicazioni\dvdcss
2009-09-11 21:59 . 2009-01-10 01:09 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-11 14:17 . 1979-12-31 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 1979-12-31 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 1979-12-31 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 1979-12-31 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 1979-12-31 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 1979-12-31 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 21:30 . 2009-08-19 21:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-17 22:16 . 2009-08-17 22:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-15 16:51 . 2007-08-15 13:29 34272 ----a-w- c:\documents and settings\Erika\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-06 17:24 . 2004-09-14 09:58 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2004-09-14 09:58 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2004-09-14 09:58 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2004-09-14 09:58 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 1979-12-31 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2004-09-14 09:58 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-01-26 19:32 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2008-01-26 19:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2004-09-14 09:58 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 20:48 . 2009-01-10 01:08 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 08:59 . 1979-12-31 22:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:56 . 1979-12-31 22:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2004-08-19 13:34 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
1999-03-10 15:53 . 1999-03-10 15:53 99840 -c--a-w- c:\programmi\File comuni\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\programmi\File comuni\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\programmi\File comuni\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\programmi\File comuni\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\programmi\File comuni\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\programmi\File comuni\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyU2M"="c:\programmi\SkyU2M\SkyU2M.exe" [2007-09-08 905216]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-07-15 49152]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-08-13 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"LtMoh"="c:\programmi\ltmoh\Ltmoh.exe" [2002-11-25 172032]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2004-08-27 81920]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-19 149280]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-09-01 53248]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-13 880640]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-07-25 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Porta Symantec Fax Starter Edition.lnk - c:\programmi\Microsoft Office\Office\1040\OLFSNT40.EXE [1999-3-10 45568]
U.S. Robotics 802.11g Wireless Network Utility.lnk - c:\programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2008-1-7 290816]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/01/2009 2.08.42 54752]
R2 wwEngineSvc;Window Washer Engine;c:\programmi\Webroot\Washer\WasherSvc.exe [28/09/2009 20.05.24 598856]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [02/01/2003 1.44.25 2343]
S1 mailKmd;mailKmd; [x]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [17/09/2004 3.15.56 140288]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [12/05/2009 16.55.59 618112]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uInternet Connection Wizard,ShellNext =
hxxp://global.acer.com/IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxTCP: {B227427A-87F1-45C8-963D-DB2043E2200B} = 213.92.5.54
TCP: {E3427CB2-9F8E-4A1A-8E61-47E34B6EAAA1} = 208.67.222.222,208.62.220.220
FF - ProfilePath - c:\documents and settings\Erika\Dati applicazioni\Mozilla\Firefox\Profiles\l54bad7t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
hxxp://go.microsoft.com/fwlink/?LinkId=69157FF - prefs.js: keyword.URL -
hxxp://it.yhs.search.yahoo.com/avg/sear ... -web_it&p=FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-VoipCheapCom - c:\programmi\voipcheapcom\voipcheapcom.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-26 19:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\programmi\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-10-26 19.06.20
ComboFix-quarantined-files.txt 2009-10-26 18:05
Pre-Run: 2.512.551.936 byte disponibili
Post-Run: 2.683.949.056 byte disponibili
- - End Of File - - 43585A5F7DBC6E593C7DF8D6E489A73D