ComboFix 09-11-21.03 - Tiziana 22/11/09 17.25.39.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.990.806 [GMT 1:00]
Eseguito da: G:\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\NTSVc.ocx
.
((((((((((((((((((((((((( Files Creati Da 2009-10-22 al 2009-11-22 )))))))))))))))))))))))))))))))))))
.
2009-11-22 10:00 . 2009-11-22 10:00 -------- d-----w- c:\documents and settings\Tiziana\Dati applicazioni\Malwarebytes
2009-11-22 10:00 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 10:00 . 2009-11-22 10:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-11-22 10:00 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 10:00 . 2009-11-22 10:00 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-22 09:49 . 2009-11-22 09:49 -------- d-----w- c:\documents and settings\Tiziana\Impostazioni locali\Dati applicazioni\Mozilla
2009-11-21 23:10 . 2009-11-21 23:18 -------- d-----w- c:\windows\BDOSCAN8
2009-11-21 13:07 . 2009-08-29 07:26 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-21 13:07 . 2009-08-29 07:26 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-21 13:07 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-21 13:07 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-21 13:07 . 2009-08-29 07:26 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-21 13:07 . 2009-08-29 07:26 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-21 13:07 . 2009-08-29 07:26 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-21 13:07 . 2009-08-29 07:26 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-21 13:03 . 2009-11-21 13:03 0 ----a-w- c:\windows\nsreg.dat
2009-11-21 13:03 . 2009-11-21 13:03 -------- d-----w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\Mozilla
2009-11-04 21:04 . 2009-11-04 21:05 -------- d-----w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 11:41 . 2004-08-19 12:00 426042 ----a-w- c:\windows\system32\perfh010.dat
2009-11-22 11:41 . 2004-08-19 12:00 63600 ----a-w- c:\windows\system32\perfc010.dat
2009-11-21 22:35 . 2008-02-04 14:08 -------- d-----w- c:\programmi\Hijackthis_199
2009-11-21 13:14 . 2008-07-08 12:55 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\U3
2009-11-17 13:04 . 2008-01-04 16:16 -------- d-----w- c:\programmi\Faxalo
2009-10-31 15:51 . 2008-05-06 20:18 -------- d-----w- c:\documents and settings\Tiziana\Dati applicazioni\U3
2009-10-03 18:54 . 2009-10-03 18:54 -------- d-----w- c:\documents and settings\Tiziana\Dati applicazioni\PC Suite
2009-10-03 18:25 . 2009-10-03 17:59 -------- d-----w- c:\programmi\Nokia
2009-10-03 18:02 . 2009-10-03 18:02 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\Nokia
2009-10-03 18:02 . 2009-10-03 18:02 -------- d-----w- c:\documents and settings\Maurizio\Dati applicazioni\PC Suite
2009-10-03 18:02 . 2009-10-03 18:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2009-10-03 18:01 . 2009-10-03 18:01 -------- d-----w- c:\programmi\DIFX
2009-10-03 18:00 . 2009-10-03 18:00 -------- d-----w- c:\programmi\PC Connectivity Solution
2009-10-03 17:59 . 2009-10-03 17:59 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-03 17:59 . 2009-10-03 17:59 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-03 17:59 . 2009-10-03 17:59 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-03 17:59 . 2009-10-03 17:59 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-03 17:58 . 2009-10-03 17:59 33853800 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ita_web[1].exe
2009-10-03 17:58 . 2009-10-03 17:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-11 14:17 . 2004-08-19 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2004-08-19 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-19 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]
"eabconfg.cpl"="c:\programmi\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HPHUPD05"="c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2007-12-14 950664]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Internet TV\\Internet TV.exe"=
"c:\\Programmi\\BearShare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14/12/07 3.59.43 15424]
S2 gupdate1c9f1be3b84c22a;Google Update Service (gupdate1c9f1be3b84c22a);c:\programmi\Google\Update\GoogleUpdate.exe [20/06/09 4.45.53 133104]
.
Contenuto della cartella 'Scheduled Tasks'
2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 15:45]
2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-20 15:45]
2009-11-22 c:\windows\Tasks\HP Usg Daily.job
- c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://google.it/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
hxxp://www.google.com/ieIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {D0DBD209-F58C-40F4-99F7-816258C15200} = 193.70.152.15,193.70.152.25
FF - ProfilePath - c:\documents and settings\Tiziana\Dati applicazioni\Mozilla\Firefox\Profiles\gsodjakz.default\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-Redirection Port Monitor - c:\windows\system32\unredmon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-22 17:44
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????2?2?6?7??????? ???B?????????????H<C????????
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-11-22 17:49
ComboFix-quarantined-files.txt 2009-11-22 16:48
Pre-Run: 10.825.654.272 byte disponibili
Post-Run: 11.998.953.472 byte disponibili
- - End Of File - - 33294A34C9ABCCE416D0040360ADDE04