Moderatori: m.paolo, kadosh, Luke57
ComboFix 10-02-18.02 - Utente 18/02/2010 19.55.29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1279.807 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Utente\IMPOST~1\Temp\IadHide5.dll
c:\documents and settings\Utente\Impostazioni locali\Temp\IadHide5.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-01-18 al 2010-02-18 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 20:04 . 2008-01-10 18:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-02-13 21:39 . 2009-06-19 15:27 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\U3
2010-02-09 13:08 . 2005-03-25 10:40 76392 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-07 16:22 . 2009-02-18 22:26 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-02-03 21:22 . 2006-09-19 15:02 -------- d-----w- c:\programmi\eMule
2010-01-29 11:28 . 2005-03-25 10:46 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-28 13:21 . 2009-12-28 12:09 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\HpUpdate
2010-01-12 12:57 . 2007-01-18 14:41 -------- d-----w- c:\programmi\Google
2009-12-31 16:50 . 2004-08-19 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 12:10 . 2009-07-22 17:35 -------- d-----w- c:\programmi\HP
2009-12-21 19:06 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2005-03-25 16:34 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-19 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 17:08 . 2004-08-19 12:00 81326 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 17:08 . 2004-08-19 12:00 482002 ----a-w- c:\windows\system32\perfh010.dat
2009-12-04 18:22 . 2004-08-19 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2004-08-19 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-19 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-19 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-19 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-24 23:54 . 2009-02-18 20:16 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-02-18 20:17 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-02-18 20:17 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-02-18 20:17 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-02-18 20:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-02-18 20:17 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-02-18 20:17 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-02-18 20:17 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-02-18 20:17 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:54 . 2004-08-19 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-01-18 14:41 . 2007-01-18 14:41 60518 ----a-w- c:\programmi\mozilla firefox\components\jar50.dll
2007-01-18 14:41 . 2007-01-18 14:41 49248 ----a-w- c:\programmi\mozilla firefox\components\jsd3250.dll
2007-01-18 14:41 . 2007-01-18 14:41 165992 ----a-w- c:\programmi\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 68856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-04-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\programmi\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"AnyDVD"="c:\programmi\SlySoft\AnyDVD\AnyDVD.exe" [2001-12-31 460288]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2006-09-01 282624]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RealTray"="c:\programmi\Real\RealPlayer\RealPlay.exe" [2008-08-18 20480]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]
Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Reality Fusion GameCam SE.lnk - c:\progra~1\PHILIP~1\GameCam SE\Program\RFTray.exe [2009-4-9 32768]
TV Remote Control.lnk - c:\programmi\Mentor Multimedia\TV88X Utilities\C8XRCtl.exe [2006-1-12 57344]
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Traduttore in Internet.lnk]
backup=c:\windows\pss\Traduttore in Internet.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^Traduttore In-Linea.lnk]
backup=c:\windows\pss\Traduttore In-Linea.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2001-12-31 23:11 460288 ----a-w- c:\programmi\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
2004-05-10 14:00 730624 ----a-w- c:\programmi\Mentor Multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-03 21:05 32881 ----a-w- c:\programmi\Java\j2re1.4.2_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RealTray"=c:\programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18/02/2009 21.17.18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/02/2009 21.17.18 20560]
R2 CX88XBAR;Conexant TV88X Crossbar;c:\windows\system32\drivers\cx88xbar.sys [12/01/2006 19.19.24 9728]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [12/11/2009 19.41.09 135664]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [18/08/2008 20.40.56 171264]
.
Contenuto della cartella 'Scheduled Tasks'
2010-02-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-12 18:41]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-11-12 18:41]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-790525478-682003330-1004Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-21 17:23]
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-790525478-682003330-1004UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-21 17:23]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{D7C7B41B-104B-4D07-9D31-923E26F4A95E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DF7D8AE4-9B8A-4D4C-AA8D-FF297864A003} = 213.230.130.222 213.230.155.10
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\yqiyeaz0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\programmi\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
HKCU-Run-oguge - c:\documents and settings\utente\impostazioni locali\dati applicazioni\oguge.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 20:06
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(348)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'Explorer.EXE'(612)
c:\windows\system32\WININET.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\docume~1\Utente\IMPOST~1\Temp\IadHide5.dll
.
Ora fine scansione: 2010-02-18 20:14:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-18 19:14
Pre-Run: 16.344.457.216 byte disponibili
Post-Run: 18.165.342.208 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - FC858841897517465C6913A4E31715A4
Problema con apertura MsgBox con duplice condizione Autore: systemcrack |
Forum: Applicazioni Office Windows Risposte: 24 |
Concatenamento apertura files che non funziona Autore: systemcrack |
Forum: Applicazioni Office Windows Risposte: 3 |
Visitano il forum: Nessuno e 44 ospiti