questo è quello ke è venuto fuori dalla scansione
ComboFix 09-12-11.05 - x 13/12/2009 13.01.10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.383.177 [GMT -12:00]
Eseguito da: c:\documents and settings\x\Desktop\pippo.exe
AV: avast! antivirus 4.8.1368 [VPS 091212-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\x\secupdat.dat
c:\recycler\S-1-5-21-746137067-1644491937-839522115-1004
c:\windows\system32\secupdat.dat
c:\windows\Temp\20k.exe
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICF
((((((((((((((((((((((((( Files Creati Da 2009-11-14 al 2009-12-14 )))))))))))))))))))))))))))))))))))
.
2009-12-13 23:30 . 2009-12-13 23:30 -------- d-----w- c:\programmi\CCleaner
2009-12-13 03:57 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-13 03:57 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-13 03:57 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-13 03:57 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-13 03:57 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-13 03:57 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-13 03:57 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-13 03:57 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-13 03:56 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-13 02:08 . 2009-12-13 02:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-12-12 23:05 . 2009-12-12 23:05 -------- d-----w- c:\programmi\Trend Micro
2009-12-12 22:48 . 2009-12-12 07:28 613656 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-12-12 08:20 . 2009-12-12 08:20 1658136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-12-12 08:20 . 2009-12-12 08:20 1007896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-12-12 08:20 . 2009-12-12 08:20 800536 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avginet.dll
2009-12-12 07:29 . 2009-12-12 07:29 -------- d-----w- C:\$AVG
2009-12-12 07:28 . 2009-12-12 23:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-12-12 07:28 . 2009-12-12 07:28 -------- d-----w- c:\programmi\AVG
2009-12-12 03:47 . 2009-12-12 03:52 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-12 03:47 . 2009-12-12 04:17 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-11 10:46 . 2009-12-11 10:46 -------- d-----w- c:\programmi\Pirelli
2009-12-11 10:46 . 2009-12-11 10:46 -------- d-----w- c:\windows\Motive
2009-12-11 10:46 . 2009-12-11 10:46 -------- d-----w- c:\programmi\File comuni\Motive
2009-12-11 10:46 . 2009-12-11 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
2009-12-11 10:46 . 2009-12-11 10:46 -------- d-----w- c:\programmi\Common Files
2009-12-11 10:45 . 2009-12-11 10:46 -------- d-----w- c:\programmi\Motive
2009-12-11 10:45 . 2009-12-11 10:46 -------- d-----w- c:\programmi\Alice ti aiuta
2009-12-11 10:45 . 2009-12-11 10:45 -------- d-----w- c:\programmi\Telecom Italia
2009-12-11 09:03 . 2009-12-11 09:09 1956072 ----a-w- c:\documents and settings\x\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 23:36 . 2001-08-31 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-12-13 23:36 . 2001-08-31 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-12-13 03:56 . 2001-11-25 19:25 -------- d-----w- c:\programmi\Alwil Software
2009-12-13 02:06 . 2001-11-25 19:26 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-12 05:24 . 2004-08-19 13:39 14336 ----a-w- c:\windows\system32\svchost.exe
2009-12-11 10:46 . 2001-11-25 18:28 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-10 21:56 . 2009-05-21 22:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
------- Sigcheck -------
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 7399D854596BFEFEED6B60879F28CE07 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-22 438359]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2001-11-25 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\x\Menu Avvio\Programmi\Esecuzione automatica\
Reboot.exe [2002-3-20 382464]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-12-10 217088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Ulead Photo Express SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Ulead Photo Express SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express SE Calendar Checker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-16 04:14 147456 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:39 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 23:58 278528 ----a-w- c:\programmi\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-20 00:54 5674352 ----a-w- c:\programmi\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-13 03:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2001-11-25 18:28 155648 ----a-w- c:\programmi\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 16:00 132496 ----a-w- c:\programmi\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"ose"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6310:TCP"= 6310:TCP:gleyk
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/12/2009 15.57.21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/12/2009 15.57.21 20560]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [25/11/2001 8.26.41 177280]
S2 ivueizz;System Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 1.39.46 14336]
S3 USB-100;ROPER SuperLan USB 10/100 Ethernet Adapter;c:\windows\system32\drivers\USBKR100.SYS [19/01/2008 10.24.51 23938]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ivueizz
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
SafeBoot-ncpvptmy.sys
MSConfigStartUp-SUPERAntiSpyware - c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-13 13:09
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivueizz]
"ServiceDll"="c:\windows\system32\mvbghzrt.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(3536)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-13 13:12:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-14 01:12
Pre-Run: 100.469.030.912 byte disponibili
Post-Run: 100.618.801.152 byte disponibili
- - End Of File - - 9EE784BC47BC5851360FDB5FED4C7C9A