Fatto!
log di MAlware
Malwarebytes' Anti-Malware 1.38
Versione del database: 2375
Windows 5.1.2600 Service Pack 3
05/07/2009 16.00.22
mbam-log-2009-07-05 (16-00-22).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 145160
Tempo trascorso: 36 minute(s), 47 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
log combofix
ComboFix 09-07-04.05 - - 05/07/2009 16.13.27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.479.171 [GMT 2:00]
Eseguito da: c:\documents and settings\-\Documenti\programmi installati\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\5e192d.msp
c:\windows\Installer\5e192e.msp
c:\windows\Installer\5e192f.msp
c:\windows\Installer\5e1930.msp
c:\windows\Installer\5e1931.msp
c:\windows\Installer\5e1932.msp
c:\windows\Installer\5e1933.msp
c:\windows\Installer\5e1934.msp
c:\windows\Installer\5e1935.msp
c:\windows\Installer\5e1936.msp
c:\windows\Installer\92d962.msi
.
((((((((((((((((((((((((( Files Creati Da 2009-06-05 al 2009-07-05 )))))))))))))))))))))))))))))))))))
.
2009-07-05 13:16 . 2009-07-05 13:16 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Malwarebytes
2009-07-05 13:16 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 13:16 . 2009-07-05 13:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-05 13:16 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 13:16 . 2009-07-05 13:16 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-05 12:30 . 2009-07-05 12:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-05 01:52 . 2009-07-05 01:54 -------- d-----w- c:\programmi\ReadPlease 2003
2009-07-05 01:48 . 2009-07-05 01:52 -------- d-----w- c:\windows\speech
2009-07-05 00:15 . 2009-07-05 14:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-05 00:15 . 2009-07-05 13:15 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-03 09:43 . 2009-07-03 09:44 -------- d-----w- c:\programmi\GP Vs Superbike
2009-06-30 12:16 . 2009-06-30 12:16 -------- d-----w- c:\programmi\Freeware PDF Unlocker
2009-06-28 10:25 . 2009-06-28 10:25 -------- d-----w- c:\documents and settings\-\Impostazioni locali\Dati applicazioni\Google
2009-06-28 10:24 . 2009-06-28 10:24 -------- d-----w- c:\programmi\Google
2009-06-28 10:23 . 2009-06-28 11:10 -------- d-----w- c:\windows\system32\Adobe
2009-06-19 16:51 . 2009-06-19 17:16 -------- d-----w- c:\programmi\Total Video Converter
2009-06-19 14:50 . 2009-06-19 14:50 -------- d-----w- c:\documents and settings\-\Impostazioni locali\Dati applicazioni\WMTools Downloaded Files
2009-06-19 14:11 . 2009-06-19 14:11 -------- d-----w- c:\documents and settings\-\Dati applicazioni\dvdcss
2009-06-18 16:38 . 2009-06-18 16:38 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Quark
2009-06-18 16:36 . 2009-06-18 16:36 -------- d-----w- c:\windows\system32\QuickTime
2009-06-18 16:35 . 2009-06-18 16:35 -------- d-----w- c:\programmi\Quark
2009-06-18 16:35 . 2009-06-18 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Quark
2009-06-18 07:33 . 2009-06-18 07:33 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
2009-06-15 17:09 . 1999-09-04 19:23 91136 ----a-r- c:\windows\system32\msls2.dll
2009-06-14 19:37 . 2009-06-14 19:37 -------- d-----w- c:\programmi\Microsoft LifeCam
2009-06-12 13:34 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-12 13:34 . 2009-06-12 13:34 -------- d-----w- c:\programmi\File comuni\DVDVideoSoft
2009-06-12 13:34 . 2009-06-12 13:34 -------- d-----w- c:\programmi\DVDVideoSoft
2009-06-11 17:29 . 2009-04-30 21:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 17:29 . 2009-04-30 21:13 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 14:34 . 2009-06-11 14:48 -------- d-----w- c:\programmi\Easy Video Downloader
2009-06-08 09:10 . 2009-06-08 09:10 -------- d-----w- c:\programmi\ESET
2009-06-08 09:10 . 2009-06-08 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-06-06 23:45 . 2009-06-06 23:46 -------- d-----w- c:\programmi\QuickTime
2009-06-06 23:45 . 2009-06-06 23:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-06-06 00:37 . 2009-06-06 00:37 -------- d-----w- c:\programmi\File comuni\Skype
2009-06-06 00:37 . 2009-06-06 00:37 -------- d-----r- c:\programmi\Skype
2009-06-06 00:17 . 2009-06-06 00:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-06 00:17 . 2009-06-06 10:00 -------- d-----w- c:\documents and settings\-\Dati applicazioni\skypePM
2009-06-06 00:08 . 2009-06-06 10:08 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Skype
2009-06-06 00:07 . 2009-06-06 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 00:53 . 2009-04-10 09:59 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-30 23:01 . 2009-04-10 13:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-06-21 18:29 . 2009-04-10 17:33 70104 ----a-w- c:\documents and settings\-\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-19 16:56 . 2009-04-10 13:35 -------- d-----w- c:\documents and settings\-\Dati applicazioni\DivX
2009-06-19 14:16 . 2009-04-10 13:34 -------- d-----w- c:\programmi\DivX
2009-06-06 18:12 . 2009-05-09 14:12 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Image Zone Express
2009-06-04 16:34 . 2009-04-15 22:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2009-05-22 00:59 . 2009-05-22 00:59 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-05-16 17:52 . 2009-05-16 17:52 112640 ----a-w- c:\windows\lsb_un20.exe
2009-05-13 05:02 . 2004-08-19 14:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 10:05 . 2009-05-10 10:05 -------- d-----w- c:\programmi\Ferrero
2009-05-10 10:05 . 2009-05-10 10:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ferrero
2009-05-08 14:18 . 2009-05-08 14:18 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Windows Live Writer
2009-05-07 15:32 . 2004-08-19 14:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 11:52 . 2009-04-28 11:54 36 ----a-w- C:\mediamp3.dat
2009-04-19 19:47 . 2004-08-19 14:31 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:05 . 2001-12-04 11:00 80268 ----a-w- c:\windows\system32\perfc010.dat
2009-04-15 15:05 . 2001-12-04 11:00 481664 ----a-w- c:\windows\system32\perfh010.dat
2009-04-15 14:52 . 2004-08-19 14:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 21:15 . 2009-04-10 21:04 123143 ----a-w- c:\windows\hpoins11.dat
2009-04-10 18:51 . 2009-04-10 18:51 10134 ----a-r- c:\documents and settings\-\Dati applicazioni\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-04-10 10:17 . 2009-04-10 10:17 0 ----a-w- c:\windows\nsreg.dat
2009-04-10 09:50 . 2009-04-09 17:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-10 08:45 . 2009-04-10 08:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-10 08:45 . 2009-04-10 08:45 152576 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-10 08:36 . 2009-04-10 08:36 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-04-10 08:36 . 2009-04-10 08:36 577536 ----a-w- c:\windows\soundman.exe
2009-04-10 08:36 . 2009-04-10 08:36 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-04-10 08:36 . 2009-04-10 08:36 4027456 ----a-w- c:\windows\system32\drivers\alcxwdm.sys
2009-04-10 08:36 . 2009-04-10 08:36 217088 ----a-w- c:\windows\Alcrmv.exe
2009-04-10 08:36 . 2009-04-10 08:37 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-04-10 08:36 . 2009-04-10 08:36 315392 ----a-w- c:\windows\alcupd.exe
2009-04-10 08:31 . 2006-08-30 15:44 180224 ----a-w- c:\windows\system32\VTTrayp.exe
2009-04-10 08:31 . 2006-08-03 12:53 53248 ----a-w- c:\windows\system32\VTTimer.exe
2009-04-10 08:31 . 2006-05-22 12:49 593920 ----a-w- c:\windows\system32\VTovrlay.dll
2009-04-10 08:30 . 2006-08-31 11:06 264704 ----a-w- c:\windows\system32\drivers\vtmini.sys
2009-04-10 08:30 . 2006-06-20 09:21 327680 ----a-w- c:\windows\system32\VTInfo2.dll
2009-04-10 08:30 . 2006-08-31 11:17 1884160 ----a-w- c:\windows\system32\vticd.dll
2009-04-10 08:30 . 2006-06-22 15:05 462848 ----a-w- c:\windows\system32\VTGamma2.dll
2009-04-10 08:30 . 2006-08-31 11:06 3516032 ----a-w- c:\windows\system32\vtdisp.dll
2009-04-10 08:30 . 2006-08-25 11:47 651264 ----a-w- c:\windows\system32\VTDisply.dll
2009-04-10 08:30 . 2005-11-01 08:35 28672 ----a-w- c:\windows\system32\VModes.exe
2009-04-09 17:34 . 2009-04-09 17:34 21840 ----a-w- c:\windows\system32\emptyregdb.dat
1763-08-07 18:22 . 1763-08-07 18:22 4263 --sh--w- c:\windows\windllreg1c.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Eraser"="c:\programmi\Eraser\Eraser.exe" [2007-12-22 916240]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-10 148888]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-04-10 198160]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2009-04-10 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2009-04-10 180224]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2009-04-10 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\-\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-1-14 525664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 8.47.58 468224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{46DC0AEB-8AF3-4969-9470-884D04560A4A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\-\Dati applicazioni\Mozilla\Firefox\Profiles\hx13bw88.default\
FF - prefs.js: browser.startup.homepage -
www.google.itFF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-05 16:18
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-07-05 16.21.32
ComboFix-quarantined-files.txt 2009-07-05 14:21
Pre-Run: 62.380.138.496 byte disponibili
Post-Run: 62.401.982.464 byte disponibili
210 --- E O F --- 2009-06-14 02:19
