Che sbadata..scusa, ho copiato male
ComboFix 09-06-18.02 - Leoncino 18/06/2009 23.26.34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.276 [GMT 2:00]
Eseguito da: c:\documents and settings\Leoncino\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-05-18 al 2009-06-18 )))))))))))))))))))))))))))))))))))
.
2009-06-18 19:17 . 2006-03-02 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-18 14:27 . 2009-06-18 18:48 -------- d-----w- c:\windows\l2schemas
2009-06-18 14:27 . 2009-06-18 14:27 -------- d-----w- c:\windows\system32\it
2009-06-18 14:27 . 2009-06-18 18:48 -------- d-----w- c:\windows\system32\bits
2009-06-18 14:20 . 2007-08-10 06:20 33656 ----a-w- c:\windows\system32\sprecovr.exe
2009-06-18 14:14 . 2004-08-19 14:39 193024 ----a-w- c:\windows\system32\fsquirt.exe
2009-06-18 14:13 . 2006-03-02 12:00 1852416 ----a-w- c:\windows\system32\dllcache\acgenral.dll
2009-06-18 14:12 . 2009-02-20 08:29 1056256 ----a-w- c:\windows\system32\dllcache\danim.dll
2009-06-18 14:11 . 2009-02-03 20:08 55808 ----a-w- c:\windows\system32\secur32.dll
2009-06-18 13:56 . 2009-06-18 14:00 -------- d-----w- C:\
0c5e5a490d12ee25a0b396c433
2009-06-18 12:26 . 2009-06-18 12:26 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\Malwarebytes
2009-06-18 12:26 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-18 12:26 . 2009-06-18 12:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-18 12:26 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 12:26 . 2009-06-18 12:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-06-17 22:21 . 2009-06-17 22:21 -------- d-----w- c:\programmi\Trend Micro
2009-06-17 21:27 . 2009-06-17 21:27 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\Yahoo!
2009-06-17 21:27 . 2009-06-17 21:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-06-17 21:27 . 2009-06-17 21:27 -------- d-----w- c:\programmi\Yahoo!
2009-06-17 21:27 . 2009-06-17 21:27 -------- d-----w- c:\programmi\CCleaner
2009-06-17 20:04 . 2009-06-18 20:02 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\IMVU
2009-06-17 20:04 . 2009-06-17 20:04 80967 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\Uninstall.exe
2009-06-17 20:03 . 2009-06-17 20:04 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient
2009-06-02 21:09 . 2009-06-02 21:09 95584 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\IMVUupdater.exe
2009-06-02 21:09 . 2009-06-02 21:09 49920 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\IMVUClient.exe
2009-06-02 21:09 . 2009-06-02 21:09 18176 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\imvuqualityagent.exe
2009-06-02 21:05 . 2009-06-02 21:05 14848 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\MemoryHook.dll
2009-06-02 21:04 . 2009-06-02 21:04 289792 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\cal3d.dll
2009-06-02 21:04 . 2009-06-02 21:04 25600 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\CallStack.dll
2009-06-02 21:04 . 2009-06-02 21:04 187392 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\boost_python.dll
2009-06-02 21:03 . 2009-06-02 21:03 256000 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\audiere.dll
2009-05-23 18:25 . 2009-05-23 18:27 132475 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 18:59 . 2009-03-11 13:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-06 14:53 . 2009-04-24 13:43 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-06 14:52 . 2009-03-11 13:42 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-05-16 17:48 . 2009-05-16 17:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2009-05-16 13:15 . 2009-03-11 14:00 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\HP
2009-05-16 13:14 . 2009-05-16 13:05 140329 ----a-w- c:\windows\HPHins13.dat
2009-05-16 13:13 . 2009-03-11 13:58 -------- d-----w- c:\programmi\File comuni\HP
2009-05-16 13:13 . 2009-03-11 13:56 -------- d-----w- c:\programmi\HP
2009-05-16 13:13 . 2009-05-16 13:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HPSSUPPLY
2009-05-16 13:12 . 2009-03-11 13:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2009-05-07 15:41 . 2009-06-18 14:11 346112 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:45 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 19:56 . 2009-04-24 19:56 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\Media Player Classic
2009-04-24 19:35 . 2009-03-16 20:28 -------- d-----w- c:\documents and settings\Leoncino\Dati applicazioni\Ahead
2009-04-19 20:08 . 2009-06-18 14:11 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:24 . 2006-03-02 12:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-04-18 14:24 . 2006-03-02 12:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-04-15 15:16 . 2009-06-18 14:12 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 15:06 . 2009-03-11 21:49 307256 ----a-w- c:\documents and settings\Leoncino\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\IMVUClient\pixomatic.dll
2009-03-29 18:40 . 2009-03-29 18:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-29 18:39 . 2009-03-29 18:28 152576 ----a-w- c:\documents and settings\Leoncino\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-6 113664]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-3-11 212992]
BTTray.lnk - c:\programmi\WIDCOMM\Software Bluetooth\BTTray.exe [2005-5-31 577597]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-3-11 450560]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-1-14 525664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/03/2009 16.09.40 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/03/2009 16.09.40 20560]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [11/03/2009 16.59.57 457856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-11 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
Notify-dimsntfy - (no file)
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Leoncino\Menu Avvio\Programmi\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-18 23:34
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1412)
c:\programmi\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\WIDCOMM\Software Bluetooth\BTStackServer.exe
c:\programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-06-18 23.38.10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-06-18 21:38
Pre-Run: 20.428.083.200 byte disponibili
Post-Run: 20.567.310.336 byte disponibili
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
168 --- E O F --- 2009-06-12 18:42
