non sono distratto ma l'avevo ripetuta, ora combofix
ComboFix 09-04-22.02 - Dardani Mauro 21/04/2009 23.06.56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.616 [GMT 2:00]
Eseguito da: c:\documents and settings\Dardani Mauro\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Worm Protection *disabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-03-21 al 2009-04-21 )))))))))))))))))))))))))))))))))))
.
2009-04-21 17:55 . 2009-04-21 20:53 -------- d-----w C:\FindyKill
2009-04-17 13:33 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 13:33 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 13:33 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 13:33 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 13:33 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 13:33 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-17 13:33 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 13:33 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 13:33 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 13:33 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 13:32 . 2009-03-27 06:48 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 13:32 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 21:12 . 2009-02-16 16:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-04-21 21:10 . 2009-02-16 16:27 532512 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-21 21:10 . 2009-02-16 16:27 2900 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-21 21:10 . 2009-02-16 16:27 2508832 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-21 21:10 . 2009-02-16 16:27 21728 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-21 20:54 . 2009-04-21 20:50 3152 ----a-w C:\FindyKill.txt
2009-04-21 19:09 . 2005-09-21 09:01 84750 ----a-w c:\windows\system32\perfc010.dat
2009-04-21 19:09 . 2005-09-21 09:01 490208 ----a-w c:\windows\system32\perfh010.dat
2009-04-21 16:27 . 2008-03-30 19:59 -------- d-----w c:\programmi\Spybot - Search & Destroy
2009-04-21 16:26 . 2008-03-30 19:59 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-04-21 16:24 . 2008-09-07 10:04 -------- d-----w c:\programmi\eMule
2009-04-21 16:14 . 2009-03-17 13:17 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-20 11:05 . 2008-10-01 14:22 0 ----a-w C:\ctapi_out_gr.txt
2009-04-13 11:37 . 2008-11-12 21:22 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 13:32 . 2008-11-12 21:22 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-12 21:22 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 18:43 . 2008-12-04 12:23 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2009-04-05 18:43 . 2008-12-04 12:23 -------- d-----w c:\programmi\NOS
2009-03-31 16:45 . 2009-02-15 09:46 -------- d-----w c:\programmi\Java
2009-03-17 18:34 . 2005-09-21 15:04 -------- d-----w c:\programmi\File comuni\Adobe
2009-03-17 13:18 . 2008-01-10 20:03 -------- d-----w c:\programmi\Google
2009-03-09 03:19 . 2009-02-15 09:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:48 . 2008-11-07 21:11 -------- d-----w c:\programmi\CCleaner
2009-03-06 14:19 . 2005-09-21 09:01 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2005-09-21 09:01 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 19:29 . 2009-02-26 18:09 -------- d-----w c:\programmi\SopCast
2009-02-22 13:36 . 2009-02-22 13:36 -------- d-----w c:\documents and settings\Dardani Mauro\Dati applicazioni\vlc
2009-02-20 17:08 . 2005-09-21 09:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:02 . 2004-08-19 15:34 2069760 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:04 . 2005-09-21 09:01 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2005-09-21 09:00 2192768 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2005-09-21 09:01 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2005-09-21 09:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2005-09-21 09:01 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2005-09-21 09:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2005-09-21 09:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2005-09-21 09:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2005-09-21 09:01 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-13 19:54 . 2006-06-03 09:51 25776 ----a-w c:\documents and settings\Dardani Mauro\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-01-04 13:53 . 2008-11-13 22:00 133472 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2008-11-16 09:49 . 2006-04-19 19:52 25776 ----a-w c:\documents and settings\Dardani Mauro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-05-10 15:55 . 2006-04-19 19:34 142 ----a-w c:\documents and settings\Dardani Mauro\Impostazioni locali\Dati applicazioni\fusioncache.dat
2008-09-01 15:35 . 2008-09-01 15:36 32768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090120080902\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OM_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2008-11-12 57344]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2004-03-24 196608]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 671744]
"TPNF"="c:\programmi\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 53248]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"SmoothView"="c:\programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"PadTouch"="c:\programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 1077329]
"Tvs"="c:\programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-03 975941]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2005-10-03 118784]
"MULTIMEDIA KEYBOARD"="c:\programmi\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-27 176128]
"EPSON Stylus Photo R240 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE" [2005-04-25 98304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-04-23 77824]
"OM_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-16 201992]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-22 88358]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-08-22 28672]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-12 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Dardani Mauro\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
R2 gupdate1c9a702bf95dc54;Servizio di Google Update (gupdate1c9a702bf95dc54);c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-16 33808]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 nhksrv;Netropa NHK Server;c:\programmi\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-17 17:09]
2009-04-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-17 13:17]
2009-03-18 c:\windows\Tasks\NeroLiveEpgUpdate-YOUR-6BFCBDC390_Dardani-Mauro.job
- c:\programmi\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 12:51]
2009-04-21 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &MSN Search - c:\programmi\MSN Toolbar Suite\TB\
02.05.0000.1082\it-it\msntb.dll/search.htm
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-21 23:12
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Symantec\Norton Ghost\SecurityInfo]
@DACL=(02 0000)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(612)
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\programmi\Windows Desktop Search\wds_slps.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\programmi\Toshiba\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Toshiba\ConfigFree\NDSTray.exe
c:\programmi\Apoint2K\ApntEx.exe
c:\windows\system32\TPSBattM.exe
c:\programmi\Netropa\Multimedia Keyboard\Traymon.exe
c:\programmi\Netropa\Onscreen Display\osd.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-21 23.15.42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-21 21:15
Pre-Run: 55.568.736.256 byte disponibili
Post-Run: 55.521.488.896 byte disponibili
216 --- E O F --- 2009-04-17 17:19