Moderatori: m.paolo, kadosh, Luke57
ComboFix 10-02-12.01 - vittorio 2010-02-15 12:29:04.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1014.623 [GMT 1:00]
Eseguito da: c:\documents and settings\vittorio\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\QUAD Utilities
.
((((((((((((((((((((((((( Files Creati Da 2010-01-15 al 2010-02-15 )))))))))))))))))))))))))))))))))))
.
2010-02-15 11:18 . 2010-02-15 11:18 398336 ----a-w- c:\windows\system32\CF22106.exe
2010-02-15 10:27 . 2010-02-15 10:27 398336 ----a-w- c:\windows\system32\CF12078.exe
2010-02-15 10:26 . 2010-02-15 10:25 398336 ----a-w- c:\windows\system32\CF11800.exe
2010-02-11 12:48 . 2010-02-11 12:48 50354 ----a-w- c:\documents and settings\vittorio\Application Data\Facebook\uninstall.exe
2010-02-11 12:48 . 2010-02-11 12:48 -------- d-----w- c:\documents and settings\vittorio\Application Data\Facebook
2010-02-04 11:49 . 2010-02-04 13:00 -------- d-----w- C:\IODOPPIOLANZIA
2010-02-02 13:34 . 2010-02-04 10:03 -------- d-----w- c:\documents and settings\vittorio\Application Data\dvdcss
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\vittorio\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\vittorio\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-25 09:53 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-25 09:53 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-25 09:53 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-25 09:53 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-01-25 09:53 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 09:07 . 2008-07-26 06:57 4944 ----a-w- c:\documents and settings\vittorio\Winio.sys
2010-02-14 20:54 . 2008-01-25 17:31 -------- d-----w- c:\documents and settings\vittorio\Application Data\Skype
2010-02-14 19:13 . 2007-03-06 11:21 -------- d-----w- c:\programmi\eMule
2010-02-14 15:58 . 2008-01-25 17:32 -------- d-----w- c:\documents and settings\vittorio\Application Data\skypePM
2010-02-04 20:47 . 2007-03-06 16:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-02-04 11:49 . 2007-03-06 17:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-02-04 10:12 . 2009-10-14 08:41 -------- d-----w- c:\documents and settings\vittorio\Application Data\vlc
2010-02-02 14:10 . 2007-03-06 13:43 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-01-29 09:17 . 2009-08-31 12:00 -------- d-----w- c:\documents and settings\vittorio\Application Data\HpUpdate
2010-01-25 09:41 . 2007-03-06 13:28 -------- d-----w- c:\programmi\Sports Interactive
2010-01-20 18:36 . 2009-07-18 14:08 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-17 19:00 . 2007-03-07 12:41 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-14 10:12 . 2009-10-03 08:27 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 17:02 . 2006-03-27 06:03 84468 ----a-w- c:\windows\system32\perfc010.dat
2010-01-06 17:02 . 2006-03-27 06:03 490006 ----a-w- c:\windows\system32\perfh010.dat
2009-12-31 16:50 . 2005-05-10 08:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-19 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2004-08-19 21:00 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-19 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2004-08-19 21:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-19 21:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-01-19 12:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2005-08-30 11:55 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 21:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-19 21:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-19 21:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-19 21:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-19 21:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-19 21:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:54 . 2004-08-19 21:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-04-02 16:27 . 2009-04-02 16:27 203264 ----a-w- c:\programmi\KB51277.exe
2006-11-21 20:11 . 2007-03-06 19:59 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\programmi\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\vittorio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-02-06 135664]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DetectDatacard"="c:\programmi\InstallShield Installation Information\{2427F243-56D8-4AFE-B03B-1943036306D8}\DetectDatacard.exe" [2006-06-16 24576]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2009-01-02 921600]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Programmi\\SightSpeed\\SightSpeed.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\BitTorrent\\bittorrent.exe"=
"c:\\Programmi\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:Porta UDP ooVoo 37675
"37676:TCP"= 37676:TCP:Porta TCP ooVoo 37676
"37676:UDP"= 37676:UDP:Porta UDP ooVoo 37676
"37677:UDP"= 37677:UDP:Porta UDP ooVoo 37677
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-09-16 54752]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-03-06 91841]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-03-06 646392]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [2008-04-17 8192]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
.
Contenuto della cartella 'Scheduled Tasks'
2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2762079296-2027388723-1870027490-1006Core.job
- c:\documents and settings\vittorio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-02-06 13:16]
2010-02-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{4A05C187-A625-4586-8BD8-2EFC17026E28}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.ianara.it/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
LSP: c:\windows\system32\imon.dll
TCP: {9AF9D020-4DDD-4D7A-BD43-31DE34EF8B33} = 212.216.112.112,212.216.112.222
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\vittorio\Application Data\Mozilla\Firefox\Profiles\ba709876.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ianara.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\vittorio\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\vittorio\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti:
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2010-02-15 12:34:57
ComboFix-quarantined-files.txt 2010-02-15 11:34
ComboFix2.txt 2009-01-02 19:36
ComboFix3.txt 2009-01-02 16:44
Pre-Run: 8,159,113,216 byte disponibili
Post-Run: 8,146,423,808 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - C77E5CEBB8365FAB5CAA2DD3262561B1
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:0000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"allocatecdroms"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000
Problemi di ricezione Mail su outlook Autore: danibi60 |
Forum: Applicazioni Office Windows Risposte: 2 |
Problemi di stampa file .PDF da macro. Autore: zanatta77 |
Forum: Applicazioni Office Windows Risposte: 1 |
Visitano il forum: Nessuno e 62 ospiti