Ecco ilfile log richiesto:
ComboFix 09-04-28.05 - bonfà 29/04/2009 15.14.52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.531 [GMT 2:00]
Eseguito da: c:\documents and settings\bonfà\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\afcffeccfc4_g.dll
.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-29 )))))))))))))))))))))))))))))))))))
.
2009-04-29 10:28 . 2009-04-29 10:28 -------- d-----w c:\programmi\Windows Installer Clean Up
2009-04-28 23:18 . 2009-04-28 23:18 -------- d-----w c:\programmi\p-nand-q.com
2009-04-28 22:15 . 2009-04-28 22:15 -------- d-----w c:\programmi\Trend Micro
2009-04-27 11:51 . 2009-04-27 11:51 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-27 00:32 . 2009-04-27 00:32 -------- d-----w c:\programmi\VS Revo Group
2009-04-24 18:55 . 2009-04-24 18:55 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-04-24 18:55 . 2009-04-24 18:55 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-04-24 18:55 . 2009-04-26 08:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-04-20 08:58 . 2009-04-20 08:58 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Macrium
2009-04-20 08:36 . 2009-04-20 08:36 -------- d-----w c:\programmi\Macrium
2009-04-15 14:58 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 14:58 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 14:58 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 14:58 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 14:58 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 14:58 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 14:58 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 14:58 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 14:58 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-13 10:03 . 2009-04-18 15:42 18440 ----a-w c:\windows\system32\drivers\pxprot.sys
2009-04-13 10:03 . 2009-04-13 10:03 16904 ----a-w c:\windows\system32\drivers\pxrts.sys
2009-04-10 21:54 . 2009-04-28 19:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-10 21:54 . 2009-04-10 21:54 -------- d-----w c:\programmi\Google
2009-04-05 10:03 . 2009-04-29 12:08 -------- d-----w c:\programmi\Football Generation
2009-04-05 07:56 . 2007-05-16 07:41 29704 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-05 07:56 . 2009-04-05 07:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-05 07:56 . 2009-04-28 18:14 -------- d-----w c:\programmi\TuneUp Utilities 2007
2009-04-03 21:05 . 2009-04-03 21:05 -------- d-----w c:\programmi\Glary Utilities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 10:29 . 2008-10-10 10:20 -------- d-----w c:\programmi\MSECache
2009-04-28 23:51 . 2009-01-16 18:05 499744 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-28 23:51 . 2009-01-16 18:05 4884 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-28 23:51 . 2009-01-16 18:05 43956 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-28 23:51 . 2009-01-16 18:05 5085728 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 11:12 . 2009-02-09 14:22 -------- d-----w c:\programmi\File comuni\Acronis
2009-04-16 13:06 . 2006-03-02 12:00 71908 ----a-w c:\windows\system32\perfc010.dat
2009-04-16 13:06 . 2006-03-02 12:00 443528 ----a-w c:\windows\system32\perfh010.dat
2009-04-15 15:56 . 2008-12-15 14:09 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 20:28 . 2008-10-10 10:14 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-06 13:32 . 2008-12-15 14:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-12-15 14:09 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 10:03 . 2008-10-10 08:51 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-05 07:54 . 2008-12-15 17:26 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-03-30 15:19 . 2009-02-04 18:30 -------- d-----w c:\programmi\ECDL- Patente europea del computer
2009-03-30 15:19 . 2009-02-04 18:30 737280 ----a-w c:\windows\iun6002.exe
2009-03-25 17:28 . 2009-03-25 16:42 -------- d-----w c:\programmi\CGEMS
2009-03-25 17:27 . 2009-03-25 16:30 253952 ------w c:\windows\Setup1.exe
2009-03-25 17:27 . 2009-03-25 16:30 74752 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 20:53 . 2008-12-28 15:00 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-15 11:58 . 2008-10-27 17:10 -------- d-----w c:\programmi\Metin2_Italiano
2009-03-06 14:19 . 2006-03-02 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 14:15 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-09 14:22 . 2009-02-09 14:22 392320 ----a-w c:\windows\system32\drivers\timntr.sys
2009-02-09 14:22 . 2009-02-09 14:22 32768 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-02-09 14:22 . 2009-02-09 14:22 114048 ----a-w c:\windows\system32\drivers\snapman.sys
2009-02-09 14:04 . 2006-03-02 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2006-03-02 12:00 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-03-02 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-03-02 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-03-02 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2006-03-02 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 18:38 . 2009-01-16 18:05 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:38 . 2009-01-16 18:05 101287 ----a-w c:\windows\system32\drivers\klin.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 13:56 352256 ----a-w c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"=c:\programmi\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
R2 0167801232134318mcinstcleanup;0167801232134318mcinstcleanup; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2009-04-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-04-29 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-04-03 07:49]
2009-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:54]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\bonfà\Dati applicazioni\Mozilla\Firefox\Profiles\v7on5wlp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-29 15:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-04-29 15.17.54
ComboFix-quarantined-files.txt 2009-04-29 13:17
Pre-Run: 87.588.585.472 byte disponibili
Post-Run: 87.604.269.056 byte disponibili
187 --- E O F --- 2009-04-29 09:01