ComboFix 10-02-25.02 - Administrator 26/02/2010 17.26.32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.1023.738 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-5045331736-8801109860-230933314-8124
c:\recycler\S-1-5-21-5493163615-6015586582-950040096-5573
c:\recycler\S-1-5-21-5573854980-7114772169-368918471-9884
c:\recycler\S-1-5-21-7754361953-9394796715-497768423-4303
c:\recycler\S-1-5-21-8811569654-8511519200-060536118-2265
c:\recycler\S-1-5-21-9125589906-4477717380-854772337-3091
c:\windows\srchasst\NLS302EN.LEX
.
((((((((((((((((((((((((( Files Creati Da 2010-01-26 al 2010-02-26 )))))))))))))))))))))))))))))))))))
.
2010-03-06 16:37 . 2010-03-06 16:37 -------- d-----w- c:\programmi\Live-Player
2010-02-26 11:20 . 2010-02-26 11:20 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 15:14 . 2009-05-25 07:54 -------- dc----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-03-07 15:09 . 2009-05-25 07:55 -------- dc----w- c:\documents and settings\Administrator\Dati applicazioni\skypePM
2010-02-26 11:27 . 2009-10-12 15:02 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-23 14:25 . 2003-11-05 22:24 76144 ----a-w- c:\windows\system32\PERFC010.DAT
2010-02-23 14:25 . 2003-11-05 22:24 451300 ----a-w- c:\windows\system32\PERFH010.DAT
2010-01-07 15:07 . 2009-10-12 15:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-12 15:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-02 203416]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2003-02-13 493024]
"WinVNC"="c:\programmi\UltraVNC\WinVNC.exe" [2003-09-21 630848]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TL-WN321G Wireless Utility.lnk - c:\programmi\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-7-22 622592]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Collegamento a Terminal.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a Terminal.lnk
backup=c:\windows\pss\Collegamento a Terminal.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^collegamento_a_terminal.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\collegamento_a_terminal.lnk
backup=c:\windows\pss\collegamento_a_terminal.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 12:28 684032 ----a-w- c:\programmi\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell MFP Color Laser Printer 3115cn Launcher]
2006-08-10 14:06 389120 ----a-w- c:\programmi\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2006-02-22 23:00 192512 ----a-w- c:\programmi\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 22:11 49152 ----a-w- c:\programmi\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2006-06-30 17:08 40960 ----a-w- c:\programmi\Dell Printers\paperport\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-05-02 15:19 4640768 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2006-06-30 17:08 36864 ----a-w- c:\programmi\Dell Printers\paperport\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R2 DLSDB;Dell Printer Status Database;c:\programmi\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [11/12/2006 12.52.53 135168]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [06/11/2009 11.01.53 54752]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [22/04/2009 11.15.41 717296]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
.
Contenuto della cartella 'Scheduled Tasks'
2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2003-11-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\programmi\Symantec\LiveUpdate\NDETECT.EXE [2003-11-05 10:27]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\5hpdh84c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.google.itFF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKU-Default-Run-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-HP AutoIndexer - c:\programmi\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
MSConfigStartUp-HP SchedIndexer - c:\programmi\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
MSConfigStartUp-OrderReminder - c:\programmi\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
MSConfigStartUp-StatusClient 2 - c:\programmi\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TomcatStartup 2 - c:\programmi\Hewlett-Packard\Toolbox\hpbpsttp.exe
MSConfigStartUp-websx - c:\programmi\websx\int139750.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-26 17:31
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(516)
c:\progra~1\NETSUP~1\pcihooks.dll
.
Ora fine scansione: 2010-02-26 17:37:27
ComboFix-quarantined-files.txt 2010-02-26 16:37
Pre-Run: 59.629.207.552 byte disponibili
Post-Run: 59.616.948.224 byte disponibili
- - End Of File - - 29279953DB99179CD0BDBA152620A328