Ciao R16 e grazie.
Ti ho allegato il log di Combofix. Ho visto che si è attivato ripristino configurazione di sistema. E' meglio che rimetta il segno di spunta?
ComboFix 09-09-23.02 - mionome 24/09/2009 15.05.28.12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.502.149 [GMT 2:00]
Eseguito da: c:\documents and settings\mionome\Desktop\ComboFix.0.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\mionome\Dati applicazioni\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\mionome\Dati applicazioni\Microsoft\Clip Organizer\Offic10.MGC
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\system32\drivers\gasfkyqqalisvn.sys
c:\windows\system32\gasfkydgpuqauu.dll
c:\windows\system32\gasfkyhigwkilm.dat
c:\windows\system32\gasfkykyhctaht.dll
c:\windows\system32\gasfkyspvtgxpy.dat
c:\windows\system32\gasfkyxldjejdj.dll
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gasfkyjkhejmoe
-------\Service_gasfkyjkhejmoe
((((((((((((((((((((((((( Files Creati Da 2009-08-24 al 2009-09-24 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 13:12 . 2007-01-04 10:08 3216 ----a-w- c:\windows\system32\encobject.dat
2009-09-23 10:51 . 2009-06-05 12:10 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-20 11:10 . 2006-11-16 16:51 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-09-10 12:54 . 2009-06-05 12:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-06-05 12:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 20:12 . 2009-06-10 20:12 318369 ----a-w- c:\programmi\HiJackThis.zip
2009-06-05 18:02 . 2009-06-05 18:01 724952 ----a-w- c:\programmi\avenger.zip
2009-06-05 12:01 . 2009-06-05 12:01 3371384 ----a-w- c:\programmi\mbam-setup.exe
2008-12-18 22:19 . 2008-12-18 22:19 22058104 -c----w- c:\programmi\antivir_workstation_winu_en_h.exe
2008-09-08 23:35 . 2008-09-08 23:35 2811211 ------w- c:\programmi\Eraser57Setup.zip
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\programmi\File comuni\Lenovo\Scheduler\scheduler_proxy.exe" [2007-07-10 540672]
"TPKMAPHELPER"="c:\programmi\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"PDService.exe"="c:\programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"cssauth"="c:\programmi\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"AwaySch"="c:\programmi\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 487424]
"ACWLIcon"="c:\programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-25 110592]
"ACTray"="c:\programmi\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-25 409600]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2005-07-12 94208]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-16 24576]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\programmi\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 -c----w- c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [25/02/2009 20.25.59 28544]
R0 phooks;phooks;c:\windows\system32\drivers\phooks.sys [05/06/2009 17.51.08 23552]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [16/11/2006 18.30.53 4442]
R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [28/03/2007 17.32.19 18240]
R2 PrivateDisk;PrivateDisk;c:\programmi\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13/03/2006 17.05.54 58368]
R2 smi2;smi2;c:\programmi\SMI2\smi2.sys [14/07/2006 16.55.12 3968]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [17/11/2006 2.23.07 13840]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [02/08/2004 17.16.34 48128]
.
Contenuto della cartella 'Scheduled Tasks'
2009-09-22 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-11-16 16:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://forum.aiutamici.com/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1 - c:\programmi\Index.dat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-24 15:12
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-4259151014-186399029-1429193781-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\tvt_gina.dll
c:\programmi\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\programmi\Lenovo\Client Security Solution\css_wait_bar.dll
c:\programmi\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\programmi\Lenovo\Client Security Solution\csswait.dll
c:\programmi\File comuni\Lenovo\tvt_banner.dll
c:\programmi\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\programmi\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\programmi\Lenovo\Client Security Solution\tvttsp.dll
c:\programmi\Lenovo\Client Security Solution\tcsrpc.dll
c:\programmi\File comuni\Lenovo\tvt_res.dll
c:\programmi\Lenovo\AwayTask\AwayNotify.dll
- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\PROCHLP.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\programmi\Lenovo\System Update\SUService.exe
c:\programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
c:\programmi\Lenovo\Rescue and Recovery\rrservice.exe
c:\programmi\File comuni\Lenovo\Scheduler\tvtsched.exe
c:\programmi\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\programmi\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Ora fine scansione: 2009-09-24 15.16.21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-09-24 13:16
Pre-Run: 35.888.353.280 byte disponibili
Post-Run: 35.915.517.952 byte disponibili
186 --- E O F --- 2009-03-18 13:29